Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware,Malware and/or spyware [Solved]


  • This topic is locked This topic is locked

#1
Doriskills666

Doriskills666

    Member

  • Member
  • PipPip
  • 14 posts

Hi, My computer has recently been infected with multiple 'versions' of something called "browsefox" and "multiplug.GEN.I" by multiple versions i mean i am being warned about things such as "browsefox-FAD, Browsefox.M Browsefox.I" by my McAfee security system,

 

Symptoms include Various adds on my browser (popping up in both lower corners of my screen and and all sides (up down left right) whenever i make a search whether it be on google on directly from my browser i am greeted with  an additional "related search by High stairs", My browser homepage (which is usually google) has been changed to "yahoo" automatically and will stay as google when changed back manually. My computer is running at a noticeable lower speed and if i click anywhere on my browser there is a 90% chance i'll be re-directed to a maliciouse website or a website filled with Adds relevant to any searches i may have made Also some software has been installed without my initial knowing such as "security systems" that are always prompting me to download protection and buy premium memberships

 

i believe the issue arose shortly after i had downloaded a game, i think whatever if going on was attached to a file i had downloaded as an add on for the game (there are multiple sites that aren't trustworthy that provide these downloads though its very difficult to find the genuine sites)

 

This has been going on for the past month now I've tried everything i know to try remove the problem, even McAffee has failed in removing that which it has found, any help would be greatly appreciated as McAfee tech team want a lot of money to fix this for me and i believe it can be done through here.

.

 

Thanks


Edited by Doriskills666, 02 November 2015 - 07:18 AM.

  • 0

Advertisements


#2
Doriskills666

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I meant to say my broweser WILL NOT stay as google when changed back


  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello Doriskills666 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on. I need some FRST diagnostic logs to see what's going on with your machine. :)

    Step1 - FRST logs


    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
  • Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

    Thanks

  • 0

#4
Doriskills666

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thank you for your reply i have attached the requested files to this reply.

 

Many thanks

 

Attached Files


  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Doriskills666

Sorry for the delay. I noticed you have Hola installed. There are security concerns surrounding this application which you can read about in the links below.

http://adios-hola.org/

http://adios-hola.org/advisory.txt

I would recommend removal but the choice is up to you. If you use the application and wish to keep it then please do not use it until the cleaning process has been completed.

In your next post please let me know if you wish to uninstall Hola.

Thanks
  • 0

#6
Doriskills666

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi Bruce1270

Don't worry about the delay i realise we are in different time zones and you are probably also helping many other people aswell as me!

I wanted to let you know that i have fully uninstalled Hola from my computer.

 

I'll be awaiting your next instruction :D

Thanks!
 


  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Doriskills666
 

I wanted to let you know that i have fully uninstalled Hola from my computer.


:thumbsup:

Also please for future post in the topic logs/reports I request rather than attach them. It's easier for me to read them. :) Thanks.

OK. Let's see if we can get this cleaned up. :)


Step1 - Remove Programs

Please uninstall the following unwanted programs:

Host App Service
Pokki Start Menu


Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. Host App Service
Click uninstall.
Repeat the above steps for all the other programs to remove.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   6.33KB   117 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Things for your next post:
  • Confirm programs in step 1 are uninstalled and any issues encountered.
  • fixlog.txt
  • How is your machine running now?

  • 0

#8
Doriskills666

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi,

 

Ok so i have fully uninstalled the programmes you have asked me too they came off just fine,

 

I followed your instructions and obtained the fixlog which will be posted below with this message,

My computer is acting the same way it has been for the past month nothing seems to have changed.

i would like too add though before contacting you i installed mallware bytes to try rid my computer of it, now whenever i open my browser it blocks my homepage (which i expected) and also a ton of other stuff for example:-

Domain: tfc.huntergui.com
IP: 37.58.102.34
Port: 49323
Type: Outbound
Process: C:/Programme files (x86)google/chrome/Application/Chrome.exe

I get about 10 pop ups about this as soon as i open my browser (each one has a different Domain/IP)

I have also noticed another browser on my task bar called "Chrominium" which i do not recognise.

 

Hopefully that info is helpful haha, Here is the Fixlog I'll await your reply thank you!

---------------------------------------------------------------------------------------------------------------------------------------------------------------
 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Daniel Hollowed (2015-11-06 13:09:03) Run:1
Running from C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
Loaded Profiles: Daniel Hollowed &  (Available Profiles: Daniel Hollowed)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2031232 2015-10-25] (Hola Networks Ltd.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\RunOnce: [Application Restart #0] => C:\Users\Daniel Hollowed\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --d (the data entry has 569 more characters).
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\MountPoints2: {fa51f90c-a2f4-11e4-825d-806e6f6e6963} - "E:\Diablo III Setup.exe" 
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> DefaultScope {E4384E46-F90F-4484-B105-15B141528225} URL = 
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> OldSearch URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151008&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-10-25] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-10-25] (Hola)
FF Plugin HKU\S-1-5-21-1838069831-910762768-3284051805-1001: @hola.org/vlc -> C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-09-05] (Hola)
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVtbVQhDRQVGbQ1ZUwlcFVBGchRZWQBJDFYTJg4KVlsUR1cUJh9aFQQTQkcFME0FBloEURNNfXFRBlEiVVRKMko=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFdAdAgKBQkUDAFCcgkVVVwUExhCeAAATFpBRwIRd1tdB1tGRxNBNARaAktXUUEeJ1pNER8fHH1KJ1FrFVgYU0Y=
CHR Extension: (BT Toolbar) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-08-03] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [8104576 2015-10-25] (Hola Networks Ltd.)
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [8104576 2015-10-25] (Hola Networks Ltd.)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
2015-10-31 12:37 - 2015-10-31 12:37 - 00003336 _____ C:\Windows\System32\Tasks\SweetLabs App Platform
2015-10-06 16:40 - 2015-11-02 12:03 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2015-10-06 16:40 - 2015-10-06 16:40 - 00001213 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2015-10-06 16:40 - 2015-10-06 16:40 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Nico Mak Computing
2015-10-06 16:40 - 2015-10-06 16:40 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-10-06 16:40 - 2015-10-06 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2015-10-06 16:40 - 2015-10-06 16:40 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2015-11-02 11:41 - 2015-06-26 08:38 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform
2015-10-31 12:37 - 2015-06-26 08:41 - 00002424 _____ C:\Users\Daniel Hollowed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-10-25 13:23 - 2015-09-05 23:05 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Hola
Task: {31DD5B60-D67C-405F-808E-9D929DF6EC54} - \One System Care Monitor -> No File <==== ATTENTION
Task: {36ABABB9-D864-4322-AF6F-E3AAC2D1DE4F} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {65AF854E-CE09-4626-B36A-B7EF9DB61180} - System32\Tasks\SweetLabs App Platform => %LOCALAPPDATA%\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
Task: {6B0D84E1-4249-4803-A06B-2377885BCE35} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2015-05-20] (Nico Mak Computing)
Task: {B20F84A7-7E00-441F-A6A9-8B61C7335755} - \One System CarePeriod -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\hola.org -> hxxp://hola.org
C:\Program Files\Hola
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
 
 
*****************
 
Restore point was successfully created.
C:\Program Files\Hola\app\hola_svc.exe => No running process found
C:\Program Files\Hola\app\hola_updater.exe => No running process found
[7632] C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe => process closed successfully.
C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe => No running process found
C:\Program Files\Hola\app\hola.exe => No running process found
Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe => Error: No automatic fix found for this entry.
C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe => No running process found
C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hola => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => value removed successfully
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
"HKU\S-1-5-21-1838069831-910762768-3284051805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa51f90c-a2f4-11e4-825d-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{fa51f90c-a2f4-11e4-825d-806e6f6e6963} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1838069831-910762768-3284051805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found. 
"HKU\S-1-5-21-1838069831-910762768-3284051805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-1838069831-910762768-3284051805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
"HKU\S-1-5-21-1838069831-910762768-3284051805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => moved successfully
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => moved successfully
"HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox\app\vlc\npvlc.dll => moved successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultNewTabURL => removed successfully
C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg <==== ATTENTION => not found
hola_svc => service not found.
hola_updater => service not found.
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
"C:\Windows\System32\Tasks\SweetLabs App Platform" => not found.
C:\Windows\System32\Tasks\WinZip Malware Protector_startup => moved successfully
C:\Users\Public\Desktop\WinZip Malware Protector.lnk => moved successfully
C:\Users\Daniel Hollowed\AppData\Roaming\Nico Mak Computing => moved successfully
C:\ProgramData\Nico Mak Computing => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector => moved successfully
C:\Program Files (x86)\WinZip Malware Protector => moved successfully
"C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform" => not found.
"C:\Users\Daniel Hollowed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk" => not found.
C:\Users\Daniel Hollowed\AppData\Roaming\Hola => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31DD5B60-D67C-405F-808E-9D929DF6EC54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31DD5B60-D67C-405F-808E-9D929DF6EC54}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36ABABB9-D864-4322-AF6F-E3AAC2D1DE4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36ABABB9-D864-4322-AF6F-E3AAC2D1DE4F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65AF854E-CE09-4626-B36A-B7EF9DB61180} => key not found. 
C:\Windows\System32\Tasks\SweetLabs App Platform => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B0D84E1-4249-4803-A06B-2377885BCE35} => key not found. 
C:\Windows\System32\Tasks\WinZip Malware Protector_startup => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Malware Protector_startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B20F84A7-7E00-441F-A6A9-8B61C7335755}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B20F84A7-7E00-441F-A6A9-8B61C7335755}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found. 
"HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org" => key removed successfully
C:\Program Files\Hola => moved successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:14:16 ====

  • 0

#9
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Doriskills666

Thanks for the information and update.

Next steps...

Step1 - Junkware Removal Tool


Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


Step2 - AdwCleaner Scan


Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Upon completion, click Logfile. A log (AdwCleaner[S*].txt) will open.
  • Please copy and paste this in your next reply.

    Question

    Please confirm if you are still receiving the redirects and ads in Internet Explorer and Firefox or if it is only Chrome.

    Things for your next post:
  • JRT.txt
  • AdwCleaner[S*].txt
  • Answer to my question

  • 0

#10
Doriskills666

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi,

 

Ok so I have the scan results you asked for i'll copy them onto this thread,

After playing around with Internet explorer (I do not have firefox) it seems the redirects and popups are ONLY affecting google chrome, so I will be using IE from now on until the problem is resolved.

 

First up the JRT.txt
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 Connected x64
Ran by Daniel Hollowed on 07/11/2015 at 17:40:03.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully deleted: [Service] 0106241446506516mcinstcleanup [Reboot required]

 

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\UpdateTask
Successfully deleted: [Task] C:\Windows\Tasks\UpdateTask.job

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}

 

~~~ Files

Successfully deleted: [File] C:\Users\Daniel Hollowed\Appdata\Local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage
Successfully deleted: [File] C:\Users\Daniel Hollowed\Appdata\Local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Public\Desktop\ebay.lnk

 

~~~ Folders

 

~~~ Chrome

[C:\Users\Daniel Hollowed\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Daniel Hollowed\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Daniel Hollowed\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Daniel Hollowed\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/11/2015 at 17:47:44.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adwcleaner.
 

# AdwCleaner v5.018 - Logfile created 07/11/2015 at 17:50:02
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : Daniel Hollowed - DANIEL
# Running from : C:\Users\Daniel Hollowed\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\Daniel Hollowed\AppData\Local\Hola

***** [ Files ] *****

File Found : C:\Users\Daniel Hollowed\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
File Found : C:\Users\Daniel Hollowed\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
File Found : C:\Users\Daniel Hollowed\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Found : C:\Users\Daniel Hollowed\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Found : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Found : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
File Found : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
File Found : C:\Windows\SysNative\wsusnative64.exe

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\pokki
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector
Key Found : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Found : HKCU\Software\Hola
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
Key Found : [x64] HKLM\SOFTWARE\Hola
Key Found : HKU\.DEFAULT\Software\Hola
Key Found : HKU\S-1-5-18\Software\Hola

***** [ Web browsers ] *****

[C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : homepage-web.com
[C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search provided by yahoo.com
[C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : searchinterneat-a.akamaihd.net

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2815 bytes] ##########



I'm now going to reboot my computer and activate my security again and i'll send another post if anything has changed, if not i'll await your reply
 

 

Thanks.

 


  • 0

Advertisements


#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Doriskills666

Again thank you for all the information. :thumbsup:

Next steps.

Step1 - Run AdwCleaner again to remove what it found
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options - untick Reset proxy settings and Reset winsock settings.
  • Tick Reset Chrome policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step2 - Reset Chrome

    Reset Google Chrome - https://support.goog...296214?hl=en-GB

    Step3 - Malwarebytes Scan
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the green Scan Now button.
  • If threats are detected click on Apply actions, the program will ask to reboot the machine.
    MBAMReboot_zps9089ab30.jpg
  • Click Yes.
  • On completion of the scan (or after the reboot) select View Detailed Log
  • Click on Export Button, select Text File, give it the name MBAM Log and save the log to your Desktop.
  • Copy and Paste the contents of the log in your next reply.


    Things for your next post:
  • AdwCleaner[C*].txt
  • MBAMlog
  • How is the computer running now?

  • 0

#12
Doriskills666

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi,

 

I have the logs for you, after completing all of the instructions you provided I checked my google chrome browser unfortunately nothing has changed, Malware bytes is still blocking my home page and i'm still getting all the Ads and pop ups/high stairs search and it's still running slowly.

 

here are the logs.

 

# AdwCleaner v5.018 - Logfile created 08/11/2015 at 14:34:23
# Updated 05/11/2015 by Xplode
# Database : 2015-11-08.1 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : Daniel Hollowed - DANIEL
# Running from : C:\Users\Daniel Hollowed\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Daniel Hollowed\AppData\Local\Hola

***** [ Files ] *****

[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] File Deleted : C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
[-] File Deleted : C:\Windows\SysNative\wsusnative64.exe

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
[-] Key Deleted : HKU\.DEFAULT\Software\Hola
[!] Key Not Deleted : HKU\S-1-5-18\Software\Hola

***** [ Web browsers ] *****

[-] [C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : homepage-web.com
[-] [C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com
[-] [C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : searchinterneat-a.akamaihd.net

*************************

:: "Tracing" keys removed
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3652 bytes] ##########

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/11/2015
Scan Time: 14:45
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.08.04
Rootkit Database: v2015.11.04.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Daniel Hollowed

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326445
Time Elapsed: 26 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.HighStairs, C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_highstairs-a.akamaihd.net_0.localstorage, Quarantined, [b2e2ff7c77140b2bc414e48c40c3768a],
PUP.Optional.HighStairs, C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_highstairs-a.akamaihd.net_0.localstorage-journal, Quarantined, [d3c188f3ed9e9d99efe9f87804ffd62a],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Thanks.


  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Doriskills666

Ok. Run a fresh set of FRST logs please.
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.

    Thanks

  • 0

#14
Doriskills666

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi,

 

Ok here you go,
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Daniel Hollowed (administrator) on DANIEL (09-11-2015 12:22:07)
Running from C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
Loaded Profiles: Daniel Hollowed (Available Profiles: Daniel Hollowed)
Platform: Windows 8.1 Connected (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(acer) C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2015-01-23] (Spotify Ltd)
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
Startup: C:\Users\Daniel Hollowed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-08-19]
ShortcutTarget: Curse.lnk -> C:\Users\Daniel Hollowed\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{38F813CC-B23F-4B1F-80F0-D9137E759791}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=APJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> DefaultScope {E4384E46-F90F-4484-B105-15B141528225} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151101&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> {E4384E46-F90F-4484-B105-15B141528225} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151101&p={searchTerms}
BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-06] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-06] (Oracle Corporation)
Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-03] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-03] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-08-18] (McAfee, Inc.)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-08] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Google Docs) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Google Drive) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (BT Toolbar) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-08-03] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-06]
CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-15] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-10] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-08-07] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-08 15:25 - 2015-11-08 15:25 - 01712128 _____ C:\Users\Daniel Hollowed\Downloads\AdwCleaner.exe
2015-11-07 17:49 - 2015-11-08 15:29 - 00000000 ____D C:\AdwCleaner
2015-11-07 17:47 - 2015-11-07 17:47 - 00002328 _____ C:\Users\Daniel Hollowed\Desktop\JRT.txt
2015-11-07 17:37 - 2015-11-07 17:37 - 01801288 _____ (Malwarebytes) C:\Users\Daniel Hollowed\Downloads\JRT.exe
2015-11-06 13:07 - 2015-11-06 13:07 - 00001184 _____ C:\Users\Daniel Hollowed\Desktop\fixlist.txt - Shortcut.lnk
2015-11-06 13:06 - 2015-11-06 13:06 - 00006479 _____ C:\Users\Daniel Hollowed\Downloads\fixlist.txt
2015-11-06 13:05 - 2015-11-09 12:22 - 00000000 ____D C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
2015-11-06 13:04 - 2015-11-06 13:08 - 00001312 _____ C:\Users\Daniel Hollowed\Desktop\FRST64.exe - Shortcut.lnk
2015-11-02 23:21 - 2015-11-02 23:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-02 23:19 - 2015-11-02 23:19 - 00038253 _____ C:\Users\Daniel Hollowed\Documents\Addition.txt
2015-11-02 23:16 - 2015-11-02 23:16 - 00056236 _____ C:\Users\Daniel Hollowed\Documents\FRST.txt
2015-11-02 12:44 - 2015-11-02 23:16 - 00038253 _____ C:\Users\Daniel Hollowed\Downloads\Addition.txt
2015-11-02 12:41 - 2015-11-02 12:48 - 00056236 _____ C:\Users\Daniel Hollowed\Downloads\FRST.txt
2015-11-02 12:40 - 2015-11-09 12:22 - 00000000 ____D C:\FRST
2015-11-01 13:54 - 2015-11-09 12:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 13:54 - 2015-11-01 13:55 - 00001126 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-01 13:54 - 2015-11-01 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-01 13:54 - 2015-11-01 13:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-01 13:54 - 2015-11-01 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-01 13:54 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-01 13:54 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-01 13:54 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-01 13:53 - 2015-11-01 13:53 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Daniel Hollowed\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-11-01 13:53 - 2015-11-01 13:53 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Daniel Hollowed\Downloads\mbam-setup-sem-2.1.6.1022 (1).exe
2015-11-01 12:51 - 2015-11-01 12:51 - 00000017 _____ C:\Users\Daniel Hollowed\AppData\Local\resmon.resmoncfg
2015-11-01 12:44 - 2015-11-01 14:21 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\LogMeIn Rescue Applet
2015-11-01 12:43 - 2015-11-01 12:43 - 01588472 _____ (LogMeIn, Inc.) C:\Users\Daniel Hollowed\Downloads\Support-LogMeInRescue.exe
2015-10-31 17:53 - 2015-10-31 17:53 - 00000000 _____ C:\autoexec.bat
2015-10-31 17:50 - 2015-10-31 17:50 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Daniel Hollowed\Downloads\SpyHunter-Installer.exe
2015-10-31 17:25 - 2015-10-31 17:25 - 00000252 _____ C:\Windows\Internet .url
2015-10-31 17:25 - 2015-10-31 17:25 - 00000252 _____ C:\Users\Daniel Hollowed\Desktop\Internet .url
2015-10-31 17:25 - 2015-10-31 17:25 - 00000000 _____ C:\Windows\SysWOW64\Internet .url
2015-10-28 19:19 - 2015-10-28 19:19 - 00282088 _____ C:\Windows\Minidump\102815-19921-01.dmp
2015-10-26 10:29 - 2015-10-26 10:29 - 00002013 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-10-25 01:54 - 2015-10-25 01:54 - 00282144 _____ C:\Windows\Minidump\102515-34562-01.dmp
2015-10-22 14:24 - 2015-10-22 14:24 - 00015015 _____ C:\Users\Daniel Hollowed\Downloads\Electronic Payment Facility.zip
2015-10-21 14:26 - 2015-10-21 14:26 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-10-21 14:26 - 2015-10-21 14:26 - 00002038 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-10-21 14:19 - 2015-10-21 14:19 - 00001977 _____ C:\Users\Public\Desktop\abDocs.lnk
2015-10-15 11:55 - 2015-09-19 03:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 11:55 - 2015-09-18 13:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 11:55 - 2015-09-18 13:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-15 11:55 - 2015-09-18 13:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 11:55 - 2015-09-18 13:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 11:55 - 2015-09-18 13:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 11:55 - 2015-09-18 13:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 10:51 - 2015-09-29 12:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 10:51 - 2015-09-29 12:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 10:51 - 2015-09-29 12:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 10:51 - 2015-09-29 12:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 10:51 - 2015-09-29 12:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-14 10:51 - 2015-09-24 16:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-14 10:51 - 2015-09-24 16:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-14 10:51 - 2015-08-27 02:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 10:51 - 2015-08-27 02:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 10:51 - 2015-08-07 21:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 10:51 - 2015-08-07 21:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 10:51 - 2015-08-07 21:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 10:51 - 2015-08-07 21:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-14 10:51 - 2015-08-07 21:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-14 10:51 - 2015-08-07 14:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 10:51 - 2015-08-06 17:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-10-14 10:51 - 2015-08-06 16:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-14 10:51 - 2015-08-06 16:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-10-14 10:51 - 2015-08-06 16:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-10-14 10:50 - 2015-09-29 12:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 10:50 - 2015-09-28 18:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 10:50 - 2015-09-28 18:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-10-14 10:50 - 2015-09-28 18:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 10:50 - 2015-09-28 18:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 10:50 - 2015-09-28 18:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 10:50 - 2015-09-28 18:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 10:50 - 2015-09-28 18:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 10:50 - 2015-09-28 18:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 10:50 - 2015-09-28 18:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 10:50 - 2015-09-28 18:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 10:50 - 2015-09-28 18:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 10:50 - 2015-09-10 18:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 10:50 - 2015-09-10 17:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 10:50 - 2015-09-10 17:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 10:50 - 2015-09-10 17:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 10:50 - 2015-09-10 17:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 10:50 - 2015-09-10 17:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 10:50 - 2015-09-10 17:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 10:50 - 2015-09-10 17:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 10:50 - 2015-09-10 16:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 10:50 - 2015-09-10 16:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 10:50 - 2015-09-10 16:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 10:50 - 2015-09-10 16:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 10:50 - 2015-09-10 16:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 10:50 - 2015-09-10 16:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 10:50 - 2015-09-10 16:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-14 10:50 - 2015-09-10 16:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 10:50 - 2015-09-10 16:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 10:50 - 2015-09-10 16:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 10:50 - 2015-09-10 16:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 10:50 - 2015-09-10 16:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 10:50 - 2015-09-10 16:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 10:50 - 2015-09-10 16:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 10:50 - 2015-09-10 16:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 10:50 - 2015-09-10 16:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 10:50 - 2015-09-10 16:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 10:50 - 2015-09-10 16:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 10:50 - 2015-09-10 16:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 10:50 - 2015-09-10 16:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-14 10:50 - 2015-09-10 16:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 10:50 - 2015-09-10 15:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 10:50 - 2015-09-10 15:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 10:50 - 2015-09-10 15:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 10:50 - 2015-09-10 15:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 10:50 - 2015-09-10 15:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 10:50 - 2015-09-10 15:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 10:50 - 2015-09-10 15:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 10:50 - 2015-09-10 15:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 10:50 - 2015-09-10 15:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 10:50 - 2015-09-10 15:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 10:50 - 2015-08-22 13:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 10:50 - 2015-07-16 18:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-10-14 07:43 - 2015-10-14 07:43 - 06967758 _____ C:\Users\Daniel Hollowed\Downloads\pokemonemerald_version.zip
2015-10-13 18:39 - 2015-10-13 18:39 - 00772016 _____ (Reimage®) C:\Users\Daniel Hollowed\Downloads\Unconfirmed 827800.crdownload
2015-10-11 11:40 - 2015-10-11 11:40 - 00000282 _____ C:\Users\Daniel Hollowed\Downloads\debug.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 12:20 - 2015-10-08 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-09 12:20 - 2015-08-19 19:59 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Curse Client
2015-11-09 12:20 - 2015-06-27 17:20 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1F966DA-AFC3-4A38-9571-EF317737CB79}
2015-11-09 12:19 - 2015-08-05 16:03 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Skype
2015-11-09 12:18 - 2015-08-03 14:08 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 12:18 - 2015-06-26 08:38 - 02018963 _____ C:\Windows\WindowsUpdate.log
2015-11-09 12:17 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-08 20:05 - 2015-06-26 08:44 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1838069831-910762768-3284051805-1001
2015-11-08 15:37 - 2014-03-18 09:47 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-08 15:31 - 2015-01-23 11:15 - 01170348 _____ C:\Windows\SysWOW64\rootpa.e2e
2015-11-08 15:30 - 2015-01-23 11:10 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-08 15:30 - 2013-08-22 14:46 - 00027530 _____ C:\Windows\setupact.log
2015-11-08 15:30 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-08 15:18 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-08 14:37 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-07 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\ProgramData\McAfee
2015-11-06 13:28 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-06 13:16 - 2014-03-18 09:39 - 00784344 _____ C:\Windows\PFRO.log
2015-11-03 00:21 - 2015-10-08 14:44 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-11-02 23:21 - 2015-08-03 13:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-02 12:01 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\IME
2015-11-01 17:46 - 2015-08-03 19:47 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\Battle.net
2015-11-01 17:36 - 2015-08-03 19:47 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-01 16:52 - 2015-06-26 17:23 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-01 13:56 - 2015-06-27 17:18 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\CrashDumps
2015-10-31 17:52 - 2015-06-26 08:38 - 00000000 ____D C:\Users\Daniel Hollowed
2015-10-30 16:10 - 2015-10-06 16:29 - 00000000 ____D C:\Users\Daniel Hollowed\Desktop\PokeMMO
2015-10-28 19:19 - 2015-08-25 03:21 - 568764728 _____ C:\Windows\MEMORY.DMP
2015-10-28 19:19 - 2015-08-25 03:21 - 00000000 ____D C:\Windows\Minidump
2015-10-26 20:54 - 2015-08-03 19:50 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-10-26 10:29 - 2014-11-18 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-10-26 10:26 - 2015-08-04 13:54 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2015-10-26 10:26 - 2015-06-26 08:39 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\clear.fi
2015-10-26 10:26 - 2014-11-18 07:09 - 00000000 ___HD C:\OEM
2015-10-25 13:28 - 2015-08-03 14:09 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-25 02:12 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache
2015-10-24 13:43 - 2015-07-05 17:02 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Spotify
2015-10-21 14:26 - 2014-11-18 08:24 - 00000000 ____D C:\Program Files (x86)\Acer
2015-10-21 14:26 - 2014-11-18 08:19 - 00000000 ____D C:\ProgramData\OEM
2015-10-20 18:50 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-20 10:54 - 2015-08-06 20:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-20 10:54 - 2015-08-06 20:25 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-19 18:02 - 2015-09-17 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zodiac Casino EU
2015-10-18 12:03 - 2015-08-04 16:56 - 00000000 ____D C:\Windows\system32\MRT
2015-10-18 11:46 - 2015-08-04 16:55 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-16 11:14 - 2015-08-05 16:02 - 00000000 ____D C:\ProgramData\Skype
2015-10-16 04:51 - 2015-08-07 14:07 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 04:51 - 2015-08-07 14:07 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 11:38 - 2015-08-05 16:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-14 18:26 - 2013-08-22 15:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-14 18:26 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-10-10 16:56 - 2015-10-08 15:13 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-10-10 16:55 - 2015-06-27 17:27 - 00000000 ____D C:\Program Files\Common Files\McAfee

==================== Files in the root of some directories =======

2015-08-03 14:01 - 2015-08-03 14:01 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-10-06 17:42 - 2015-10-06 17:42 - 0000045 _____ () C:\Users\Daniel Hollowed\AppData\Roaming\WB.CFG
2015-11-01 12:51 - 2015-11-01 12:51 - 0000017 _____ () C:\Users\Daniel Hollowed\AppData\Local\resmon.resmoncfg
2015-01-23 11:13 - 2015-01-23 11:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Daniel Hollowed\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-06 14:34

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Daniel Hollowed (2015-11-09 12:24:14)
Running from C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
Windows 8.1 Connected (X64) (2015-06-26 08:38:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1838069831-910762768-3284051805-500 - Administrator - Disabled)
Daniel Hollowed (S-1-5-21-1838069831-910762768-3284051805-1001 - Administrator - Enabled) => C:\Users\Daniel Hollowed
Guest (S-1-5-21-1838069831-910762768-3284051805-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3009 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.05.2001.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.08.2006 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2011.1 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{B54BF03D-0C7F-63B4-A36C-EE0A756579F1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.11.2000.2 - Acer Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )
BT Toolbar (HKLM-x32\...\bttb) (Version: 1.0.0.43 - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4609.01 - CyberLink Corp.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Game Channels (HKLM-x32\...\WildTangentGameProvider-packardbell-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-packardbell-main) (Version: 11.0.0.7 - WildTangent, Inc.)
GameRanger (HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\GameRanger) (Version:  - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Packard Bell)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Packard Bell)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Packard Bell)
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.7.0.366 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.199 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{E142AB79-FD0D-34F7-8D4D-56E78C536467}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Packard Bell Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8109 - Packard Bell)
Packard Bell User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3006 - Packard Bell)
Packard Bell User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3006 - Packard Bell)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{56E3456B-784B-408D-B9FC-F53CD7642149}) (Version: 2.31.0 - The Pokémon Company International)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.26.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.5 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version:  - FireFly Studios)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version:  - FireFly Studios)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zodiac Casino EU (HKLM-x32\...\zodiaceu) (Version: 16.10.3.2234 - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

28-10-2015 13:36:56 Scheduled Checkpoint
06-11-2015 13:09:07 Restore Point Created by FRST
07-11-2015 17:40:08 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2015-11-06 13:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AC43C4-0455-41D9-9C15-393FB2FA05BF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-09-01] (McAfee, Inc.)
Task: {0288C657-513A-4BA0-88B1-E8981102FDF4} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated)
Task: {14E7233D-78BA-40EA-AAFC-C6F620241348} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-18] (Microsoft Corporation)
Task: {1B38ABA0-6C43-4AEF-9EF9-3A0EE6519EF2} - System32\Tasks\{860D574F-3B5D-41E8-9AEB-462BE35BB719} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.5.0.102&amp;LastError=404
Task: {211E924E-81E9-4199-9899-11D3A2A3DC0F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {34F00C33-C8BD-452C-BE16-BEA7FE6D55F0} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2013-07-08] ()
Task: {3B9B1F34-308B-4CC8-A1E5-B43B275DD929} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\Notification\Notification.exe [2014-08-26] (Acer Incorporated)
Task: {709A9A0D-F6A9-441F-B4E6-C3F62A3D8AE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-03] (Google Inc.)
Task: {7E5D82B1-4D3D-4C05-B913-55B14C94BA3D} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {86E01782-7137-415D-A6BD-AE52B25BFE08} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-10-15] (Acer)
Task: {9D0C2ECC-4CF7-4B3F-9D02-FB7E35FF4232} - \WinZip Malware Protector_startup -> No File <==== ATTENTION
Task: {BE2B6640-90AB-401E-A2B2-72B519261ECA} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-09-10] (Acer Incorporated)
Task: {D37BF50E-3DAD-4580-9329-1E258F989F42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-03] (Google Inc.)
Task: {E105DC90-767C-478F-85B5-77103DB0B258} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {EBC928A1-C4EC-4F9A-B4E5-654EC5849A93} - System32\Tasks\UbtFrameworkService => C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {FB7700DB-E825-46BA-A120-77190A27413F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-04-15 15:08 - 2014-04-15 15:08 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-01-23 11:28 - 2012-04-24 10:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-12-24 02:22 - 2013-12-24 02:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 02:20 - 2013-12-24 02:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-24 02:26 - 2013-12-24 02:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-04-15 15:08 - 2014-04-15 15:08 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2015-09-16 13:58 - 2015-09-16 13:58 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2013-11-07 17:58 - 2013-11-07 17:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 17:58 - 2013-11-07 17:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 17:57 - 2013-11-07 17:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2015-10-15 10:56 - 2015-10-15 10:56 - 00201568 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-10-15 10:56 - 2015-10-15 10:56 - 00118112 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-09-14 17:46 - 2015-09-14 17:46 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-09-14 17:46 - 2015-09-14 17:46 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-09-14 17:46 - 2015-09-14 17:46 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-09-14 17:46 - 2015-09-14 17:46 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-10-26 10:26 - 2015-10-26 10:26 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-09-10 14:51 - 2015-09-10 14:51 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-09-10 14:43 - 2015-09-10 14:43 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\PackardBell01.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2015 01:09:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {dadff82b-2e58-45f5-afc6-a0ad5f47b6d4}

Error: (11/05/2015 12:51:57 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (11/01/2015 02:24:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 4.20.9.4533 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1320

Start Time: 01d114b091f6c113

Termination Time: 12

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Report Id: 481a62bf-80a4-11e5-8278-3010b3f90702

Faulting package full name:

Faulting package-relative application ID:

Error: (11/01/2015 02:17:29 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (11/01/2015 01:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Exception code: 0xc0000005
Fault offset: 0x001e7650
Faulting process ID: 0x198c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (11/01/2015 01:11:24 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\Windows\system32\mscoree.dll8

Error: (10/28/2015 11:59:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Curse.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0020001, exception address 74D85B68
Stack:

Error: (10/27/2015 03:07:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Pokemon Trading Card Game Online.exe version 4.6.6.59026 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ca8

Start Time: 01d110c8fadce92f

Termination Time: 61

Application Path: C:\Users\Daniel Hollowed\AppData\Roaming\Pokémon Trading Card Game Online\PokemonTradingCardGameOnline\Pokemon Trading Card Game Online.exe

Report Id: 538d22c7-7cbc-11e5-8276-3010b3f90702

Faulting package full name:

Faulting package-relative application ID:

Error: (10/25/2015 12:32:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (10/25/2015 12:32:51 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

System errors:
=============
Error: (11/08/2015 09:24:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (11/08/2015 09:24:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (11/08/2015 09:24:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (11/08/2015 03:30:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (11/08/2015 03:29:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Experience Improvement Program service terminated unexpectedly. It has done this 1 time(s).

Error: (11/08/2015 03:29:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

Error: (11/08/2015 03:29:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/08/2015 03:29:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

Error: (11/08/2015 03:29:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The pcCMService64 service terminated unexpectedly. It has done this 1 time(s).

Error: (11/08/2015 03:29:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The pcCMService service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics
Percentage of memory in use: 29%
Total physical RAM: 7096.2 MB
Available physical RAM: 4982.4 MB
Total Virtual: 14264.2 MB
Available Virtual: 11844.06 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:457.85 GB) (Free:369.97 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.85 GB) (Free:407.11 GB) NTFS
Drive e: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AF0DEA0A)

Partition: GPT.

==================== End of Addition.txt ============================



 


  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Doriskills666.

Just a quick update.

I haven't forgotten about you. I have a fix awaiting approval with my instructor but they are unavailable at present - we are all volunteers. :)

As soon as it's ready I'll get back to you.

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP