Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware,Malware and/or spyware [Solved]

Started by Doriskills666 , Nov 02 2015 07:00 AM

  • This topic is locked This topic is locked

#16
Bruce1270
Posted 11 November 2015 - 02:21 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Doriskills666

Ok. Lets try this.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
C:\Program Files (x86)\bttb
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Reinstall Chrome

    1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
    2. Then I need you to go Google Sync and sign into your account
    3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
    4. Now we need to uninstall chrome.
    5. Close all Chrome windows and tabs.
    6. Go to the Start menu > Control Panel.
    7. Click Uninstall a Program or Programmes and Features
    8. Double-click Google Chrome.
    9. Click Uninstall from the confirmation dialogue. Select the "Also delete your browsing data" tick box.
    10. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
    11. Import your bookmarks back into Chrome
    12. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


    Things for your next post:
  • fixlog.txt
  • How is your computer running now?

  • 0

Advertisements

#17
Doriskills666
Posted 14 November 2015 - 10:41 AM

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi
 

Ok so ive done all of that, google chrome seems to be working ok now though I haven't had a thorough look I don't seem to be getting any pop ups at all at the moment.. though malware bytes is still blocking a few things as soon as I open up chrome and I still have the "chromium" icon on my task bar, my homepage has gone back too google for the time being it doesn't seem to be changing to an unwanted page so it's looking good I think

Here is the fix log
 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Daniel Hollowed (2015-11-14 16:47:09) Run:2
Running from C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
Loaded Profiles: Daniel Hollowed &  (Available Profiles: Daniel Hollowed)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
C:\Program Files (x86)\bttb
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}" => key removed successfully
"HKCR\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} => value removed successfully
HKCR\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} => key not found.
C:\Program Files (x86)\bttb => moved successfully

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 305.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:50:30 ====

 

 

Thanks

 


Edited by Doriskills666, 14 November 2015 - 11:09 AM.

  • 0

#18
Bruce1270
Posted 14 November 2015 - 03:03 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Doriskills666

Good news that chrome seems to be behaving now!

Try unpinning Chromium from the Taskbar.
 

malware bytes is still blocking a few things

Please post a screenshot in your next reply.

I would like you to run another couple of scans just to check how things are looking now.


Step1 - ESET online Scan


Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
 
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Step2 - Security Check
  • Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Things for your next post:
  • screenshot of Malwarebytes block
  • ESET log
  • Checkup.txt

  • 0

#19
Doriskills666
Posted 17 November 2015 - 07:35 PM

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi

 

Sorry for a delayed reply ive been busy working, just letting you know that im going to follow these next steps tomorrow evening when i finish work

 

Thanks


  • 0

#20
Bruce1270
Posted 18 November 2015 - 07:07 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
no problem. :)
  • 0

#21
Doriskills666
Posted 19 November 2015 - 05:50 PM

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi

 

Ok so, the malware bytes has stopped blocking things now, though I don't know if its because the trial has run out for the software unfortunately it ended before I could take a screen shot.

 

I ran the Eset scanner which did take a very long time, though I was unable to find "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt" anywhere on my computer so I did the next best thing and exported the results to text on notepad so here they are
 

C:\FRST\Quarantine\C\Program Files (x86)\bttb\bttb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\bttb\bttbX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\bttb\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WinZip Malware Protector\AppManager.exe a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WinZip Malware Protector\scandll.dll a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WMPUninstall.exe a variant of Win32/Systweak.Q potentially unwanted application
C:\Users\Daniel Hollowed\AppData\LocalLow\bttb\bttb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Daniel Hollowed\AppData\LocalLow\bttb\bttbX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Users\Daniel Hollowed\Downloads\installer (1).zip a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Users\Daniel Hollowed\Downloads\installer (2).zip a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Users\Daniel Hollowed\Downloads\installer.zip a variant of Win32/InstallCore.ACZ potentially unwanted application

 

Also the results of the 2nd scan you asked for...
 

 Results of screen317's Security Check version 1.009 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender                    
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpyHunter 4   
 Java 8 Update 60 
 Google Chrome (46.0.2490.86)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

I would like to add that over the passed 4-5 days I have had a blue screen come up, stating that something has gone wrong with my computer and it needs to re-start straight away (it then restarts automatically) this has happened 4 times so far.

 

Thanks.

 


  • 0

#22
Bruce1270
Posted 20 November 2015 - 04:04 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Doriskills666

ESET found a couple of things so we'll remove them.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

C:\Users\Daniel Hollowed\AppData\LocalLow\bttb
C:\Users\Daniel Hollowed\Downloads\installer (1).zip
C:\Users\Daniel Hollowed\Downloads\installer (2).zip
C:\Users\Daniel Hollowed\Downloads\installer.zip

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Then run fresh FRST logs

    Step2 - FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    over the passed 4-5 days I have had a blue screen come up


    OK. Run this app called who crashed to see what it reveals

    Step3 - Who Crashed
  • Download WhoCrashed to your desktop.
  • Right click on the file and select Run as administrator.
  • Accept the Licence agreement to install the software.
  • Click the Analyse button.
  • Once analysis complete scroll down to view the report.
  • Please copy and paste the report produced in your next reply.


    Things for your next post:
  • fixlog.txt
  • FRST.txt and Addition.txt
  • WhoCrashed report

  • 0

#23
Doriskills666
Posted 21 November 2015 - 08:42 AM

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi

 

Ok so i have all you asked for, its a fair amount! here we go...

 

Fixlog.txt
 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by Daniel Hollowed (2015-11-21 14:32:37) Run:3
Running from C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
Loaded Profiles: Daniel Hollowed (Available Profiles: Daniel Hollowed)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\Daniel Hollowed\AppData\LocalLow\bttb
C:\Users\Daniel Hollowed\Downloads\installer (1).zip
C:\Users\Daniel Hollowed\Downloads\installer (2).zip
C:\Users\Daniel Hollowed\Downloads\installer.zip
*****************
 
C:\Users\Daniel Hollowed\AppData\LocalLow\bttb => moved successfully
C:\Users\Daniel Hollowed\Downloads\installer (1).zip => moved successfully
C:\Users\Daniel Hollowed\Downloads\installer (2).zip => moved successfully
C:\Users\Daniel Hollowed\Downloads\installer.zip => moved successfully
 
==== End of Fixlog 14:32:39 ====
 
FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by Daniel Hollowed (administrator) on DANIEL (21-11-2015 14:34:15)
Running from C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
Loaded Profiles: Daniel Hollowed (Available Profiles: Daniel Hollowed)
Platform: Windows 8.1 Connected (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(acer) C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Curse, Inc) C:\Users\Daniel Hollowed\AppData\Roaming\Curse Client\Bin\Curse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2015-01-23] (Spotify Ltd)
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)
Startup: C:\Users\Daniel Hollowed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-08-19]
ShortcutTarget: Curse.lnk -> C:\Users\Daniel Hollowed\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{38F813CC-B23F-4B1F-80F0-D9137E759791}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=APJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> DefaultScope {E4384E46-F90F-4484-B105-15B141528225} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151101&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> {E4384E46-F90F-4484-B105-15B141528225} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151101&p={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-06] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-06] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-08-18] (McAfee, Inc.)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-08] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Google Docs) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Google Drive) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-19]
CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0224821447975164mcinstcleanup; C:\Windows\TEMP\022482~1.EXE [882000 2015-07-23] (McAfee, Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-15] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-10] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-08-07] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-21 14:31 - 2015-11-21 14:30 - 00000204 _____ C:\Users\Daniel Hollowed\Desktop\fixlist.txt
2015-11-21 14:18 - 2015-11-21 14:18 - 00445432 _____ C:\Users\Daniel Hollowed\Downloads\Water bill scan.zip
2015-11-19 23:45 - 2015-11-19 23:45 - 00852720 _____ C:\Users\Daniel Hollowed\Desktop\SecurityCheck.exe
2015-11-19 23:41 - 2015-11-19 23:41 - 00003264 _____ C:\Users\Daniel Hollowed\Desktop\Eset results.txt
2015-11-19 17:02 - 2015-11-19 17:02 - 00282144 _____ C:\Windows\Minidump\111915-43968-01.dmp
2015-11-19 16:44 - 2015-11-19 16:44 - 00015017 _____ C:\Users\Daniel Hollowed\Downloads\Electronic Payment Facility (1).zip
2015-11-19 16:24 - 2015-11-19 16:24 - 01004488 _____ C:\Users\Daniel Hollowed\Downloads\Scans.zip
2015-11-17 22:55 - 2015-11-17 22:56 - 00282144 _____ C:\Windows\Minidump\111715-24078-01.dmp
2015-11-15 16:26 - 2015-11-15 16:26 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-14 17:04 - 2015-11-14 17:04 - 00002287 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-14 17:04 - 2015-11-14 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-14 17:03 - 2015-11-21 14:16 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 17:03 - 2015-11-20 18:08 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 17:03 - 2015-11-14 17:03 - 00003666 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-11 20:14 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 20:14 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 20:14 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 20:14 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 20:14 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 20:14 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 20:14 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 20:14 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 20:14 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 20:14 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 20:14 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 20:14 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 20:14 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 20:14 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 20:14 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 20:14 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 20:14 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 20:14 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 20:14 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 20:14 - 2015-09-12 13:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 20:13 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 20:13 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 20:13 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 20:13 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 20:13 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 20:13 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 20:13 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 20:13 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 20:13 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-11 20:13 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 20:13 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 20:13 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 20:13 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 20:13 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 20:13 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 20:13 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-11 20:13 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 20:13 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 20:13 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 20:13 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 20:13 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 20:13 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 20:13 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 20:13 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 20:13 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 20:13 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 20:13 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 20:13 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-11 20:13 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 20:13 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 20:13 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 20:13 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 20:13 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 20:13 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 20:13 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 20:13 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 20:13 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 20:13 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-11 20:13 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 20:13 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-11 20:13 - 2015-09-29 12:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 20:13 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 20:13 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-11 20:13 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-11 20:13 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 20:13 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 20:13 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 20:13 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-11 20:13 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-11 20:13 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-11 20:12 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 20:12 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 20:12 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 20:12 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 20:12 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 20:12 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 20:12 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 20:12 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-08 15:25 - 2015-11-08 15:25 - 01712128 _____ C:\Users\Daniel Hollowed\Downloads\AdwCleaner.exe
2015-11-07 17:49 - 2015-11-08 15:29 - 00000000 ____D C:\AdwCleaner
2015-11-07 17:47 - 2015-11-07 17:47 - 00002328 _____ C:\Users\Daniel Hollowed\Desktop\JRT.txt
2015-11-07 17:37 - 2015-11-07 17:37 - 01801288 _____ (Malwarebytes) C:\Users\Daniel Hollowed\Downloads\JRT.exe
2015-11-06 13:06 - 2015-11-06 13:06 - 00006479 _____ C:\Users\Daniel Hollowed\Downloads\fixlist.txt
2015-11-06 13:05 - 2015-11-21 14:32 - 00000000 ____D C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
2015-11-06 13:04 - 2015-11-06 13:08 - 00001312 _____ C:\Users\Daniel Hollowed\Desktop\FRST64.exe - Shortcut.lnk
2015-11-02 23:21 - 2015-11-02 23:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-02 23:19 - 2015-11-02 23:19 - 00038253 _____ C:\Users\Daniel Hollowed\Documents\Addition.txt
2015-11-02 23:16 - 2015-11-02 23:16 - 00056236 _____ C:\Users\Daniel Hollowed\Documents\FRST.txt
2015-11-02 12:44 - 2015-11-02 23:16 - 00038253 _____ C:\Users\Daniel Hollowed\Downloads\Addition.txt
2015-11-02 12:41 - 2015-11-02 12:48 - 00056236 _____ C:\Users\Daniel Hollowed\Downloads\FRST.txt
2015-11-02 12:40 - 2015-11-21 14:34 - 00000000 ____D C:\FRST
2015-11-01 13:54 - 2015-11-21 14:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 13:54 - 2015-11-01 13:55 - 00001126 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-01 13:54 - 2015-11-01 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-01 13:54 - 2015-11-01 13:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-01 13:54 - 2015-11-01 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-01 13:54 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-01 13:54 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-01 13:54 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-01 13:53 - 2015-11-01 13:53 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Daniel Hollowed\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-11-01 13:53 - 2015-11-01 13:53 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Daniel Hollowed\Downloads\mbam-setup-sem-2.1.6.1022 (1).exe
2015-11-01 12:51 - 2015-11-01 12:51 - 00000017 _____ C:\Users\Daniel Hollowed\AppData\Local\resmon.resmoncfg
2015-11-01 12:44 - 2015-11-01 14:21 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\LogMeIn Rescue Applet
2015-11-01 12:43 - 2015-11-01 12:43 - 01588472 _____ (LogMeIn, Inc.) C:\Users\Daniel Hollowed\Downloads\Support-LogMeInRescue.exe
2015-10-31 17:53 - 2015-10-31 17:53 - 00000000 _____ C:\autoexec.bat
2015-10-31 17:50 - 2015-10-31 17:50 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Daniel Hollowed\Downloads\SpyHunter-Installer.exe
2015-10-31 17:25 - 2015-10-31 17:25 - 00000252 _____ C:\Windows\Internet .url
2015-10-31 17:25 - 2015-10-31 17:25 - 00000000 _____ C:\Windows\SysWOW64\Internet .url
2015-10-28 19:19 - 2015-10-28 19:19 - 00282088 _____ C:\Windows\Minidump\102815-19921-01.dmp
2015-10-26 10:29 - 2015-10-26 10:29 - 00002013 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-10-25 01:54 - 2015-10-25 01:54 - 00282144 _____ C:\Windows\Minidump\102515-34562-01.dmp
2015-10-22 14:24 - 2015-10-22 14:24 - 00015015 _____ C:\Users\Daniel Hollowed\Downloads\Electronic Payment Facility.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-21 14:21 - 2015-06-26 08:44 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1838069831-910762768-3284051805-1001
2015-11-21 14:19 - 2015-06-27 17:20 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1F966DA-AFC3-4A38-9571-EF317737CB79}
2015-11-21 14:18 - 2015-10-08 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-21 14:15 - 2015-06-26 08:38 - 01408081 _____ C:\Windows\WindowsUpdate.log
2015-11-21 14:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-20 16:44 - 2015-06-27 17:27 - 00000000 ____D C:\ProgramData\McAfee
2015-11-20 03:45 - 2015-06-26 08:38 - 00000000 ____D C:\Users\Daniel Hollowed
2015-11-20 03:36 - 2015-08-03 19:47 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\Battle.net
2015-11-20 02:49 - 2015-08-05 16:03 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Skype
2015-11-20 02:03 - 2014-03-18 09:47 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 01:13 - 2015-08-03 19:50 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-11-20 01:12 - 2015-08-03 19:47 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-20 00:22 - 2015-10-08 14:44 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-11-19 23:43 - 2015-06-27 17:18 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\CrashDumps
2015-11-19 23:19 - 2015-08-03 13:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-19 17:02 - 2015-08-25 03:21 - 644659568 _____ C:\Windows\MEMORY.DMP
2015-11-19 17:02 - 2015-08-25 03:21 - 00000000 ____D C:\Windows\Minidump
2015-11-19 17:02 - 2014-03-18 09:39 - 00786890 _____ C:\Windows\PFRO.log
2015-11-19 17:02 - 2013-08-22 14:46 - 00028908 _____ C:\Windows\setupact.log
2015-11-19 17:02 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 16:17 - 2015-08-08 20:19 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\PokerStars.UK
2015-11-17 20:04 - 2015-08-19 19:59 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Curse Client
2015-11-17 19:07 - 2015-08-08 20:16 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
2015-11-15 18:31 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-15 18:15 - 2015-06-26 08:39 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\clear.fi
2015-11-14 17:04 - 2015-06-27 18:28 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-14 17:03 - 2015-08-03 14:08 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-14 17:03 - 2015-06-27 18:27 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\Deployment
2015-11-14 16:52 - 2015-01-23 11:15 - 01328827 _____ C:\Windows\SysWOW64\rootpa.e2e
2015-11-14 16:51 - 2015-01-23 11:10 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-14 16:40 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-13 16:44 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache
2015-11-13 16:00 - 2013-08-22 14:44 - 00346744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-13 07:16 - 2013-08-22 15:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-13 07:15 - 2015-08-04 16:56 - 00000000 ____D C:\Windows\system32\MRT
2015-11-13 07:05 - 2015-08-04 16:55 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-12 12:46 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-08 15:18 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-03 00:23 - 2015-08-07 14:07 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 00:23 - 2015-08-07 14:07 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 12:01 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\IME
2015-11-01 16:52 - 2015-06-26 17:23 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-30 16:10 - 2015-10-06 16:29 - 00000000 ____D C:\Users\Daniel Hollowed\Desktop\PokeMMO
2015-10-26 10:29 - 2014-11-18 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-10-26 10:26 - 2015-08-04 13:54 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2015-10-26 10:26 - 2014-11-18 07:09 - 00000000 ___HD C:\OEM
2015-10-24 13:43 - 2015-07-05 17:02 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Spotify
 
==================== Files in the root of some directories =======
 
2015-08-03 14:01 - 2015-08-03 14:01 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-10-06 17:42 - 2015-10-06 17:42 - 0000045 _____ () C:\Users\Daniel Hollowed\AppData\Roaming\WB.CFG
2015-11-01 12:51 - 2015-11-01 12:51 - 0000017 _____ () C:\Users\Daniel Hollowed\AppData\Local\resmon.resmoncfg
2015-01-23 11:13 - 2015-01-23 11:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-15 20:09
 
==================== End of FRST.txt ============================
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by Daniel Hollowed (2015-11-21 14:36:26)
Running from C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
Windows 8.1 Connected (X64) (2015-06-26 08:38:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1838069831-910762768-3284051805-500 - Administrator - Disabled)
Daniel Hollowed (S-1-5-21-1838069831-910762768-3284051805-1001 - Administrator - Enabled) => C:\Users\Daniel Hollowed
Guest (S-1-5-21-1838069831-910762768-3284051805-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3009 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.05.2001.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.08.2006 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2011.1 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{B54BF03D-0C7F-63B4-A36C-EE0A756579F1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.11.2000.2 - Acer Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )
BT Toolbar (HKLM-x32\...\bttb) (Version: 1.0.0.43 - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4609.01 - CyberLink Corp.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Game Channels (HKLM-x32\...\WildTangentGameProvider-packardbell-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-packardbell-main) (Version: 11.0.0.7 - WildTangent, Inc.)
GameRanger (HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\GameRanger) (Version:  - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Packard Bell)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Packard Bell)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Packard Bell)
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.7.0.366 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.203 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{E142AB79-FD0D-34F7-8D4D-56E78C536467}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Packard Bell Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8109 - Packard Bell)
Packard Bell User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3006 - Packard Bell)
Packard Bell User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3006 - Packard Bell)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{56E3456B-784B-408D-B9FC-F53CD7642149}) (Version: 2.31.0 - The Pokémon Company International)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.26.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.5 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version:  - FireFly Studios)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version:  - FireFly Studios)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zodiac Casino EU (HKLM-x32\...\zodiaceu) (Version: 16.10.3.2234 - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
07-11-2015 17:40:08 JRT Pre-Junkware Removal
12-11-2015 12:32:21 Windows Update
14-11-2015 16:47:12 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2015-11-14 16:48 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00AC43C4-0455-41D9-9C15-393FB2FA05BF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-09-01] (McAfee, Inc.)
Task: {0288C657-513A-4BA0-88B1-E8981102FDF4} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated)
Task: {05CFDC36-C602-4649-8DE6-A1F597751449} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-14] (Google Inc.)
Task: {1B38ABA0-6C43-4AEF-9EF9-3A0EE6519EF2} - System32\Tasks\{860D574F-3B5D-41E8-9AEB-462BE35BB719} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.5.0.102&amp;LastError=404
Task: {211E924E-81E9-4199-9899-11D3A2A3DC0F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {34F00C33-C8BD-452C-BE16-BEA7FE6D55F0} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2013-07-08] ()
Task: {3B9B1F34-308B-4CC8-A1E5-B43B275DD929} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\Notification\Notification.exe [2014-08-26] (Acer Incorporated)
Task: {55AB73DF-56D7-4C97-88B9-2BCC8F9D0AA5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-13] (Microsoft Corporation)
Task: {7E5D82B1-4D3D-4C05-B913-55B14C94BA3D} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {86E01782-7137-415D-A6BD-AE52B25BFE08} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-10-15] (Acer)
Task: {9D0C2ECC-4CF7-4B3F-9D02-FB7E35FF4232} - \WinZip Malware Protector_startup -> No File <==== ATTENTION
Task: {BE2B6640-90AB-401E-A2B2-72B519261ECA} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-09-10] (Acer Incorporated)
Task: {D37BF50E-3DAD-4580-9329-1E258F989F42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-14] (Google Inc.)
Task: {E105DC90-767C-478F-85B5-77103DB0B258} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {EBC928A1-C4EC-4F9A-B4E5-654EC5849A93} - System32\Tasks\UbtFrameworkService => C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {FB7700DB-E825-46BA-A120-77190A27413F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-15 15:08 - 2014-04-15 15:08 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-01-23 11:28 - 2012-04-24 10:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-12-24 02:22 - 2013-12-24 02:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 02:20 - 2013-12-24 02:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-24 02:26 - 2013-12-24 02:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-04-15 15:08 - 2014-04-15 15:08 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2015-09-16 13:58 - 2015-09-16 13:58 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-11-18 08:26 - 2014-08-23 02:21 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-11-07 17:58 - 2013-11-07 17:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 17:58 - 2013-11-07 17:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 17:57 - 2013-11-07 17:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2015-08-11 15:21 - 2015-11-13 17:13 - 00393608 _____ () C:\Users\Daniel Hollowed\AppData\Roaming\Curse Client\Bin\opus.dll
2015-11-13 17:13 - 2015-11-17 19:03 - 00854408 _____ () C:\Users\Daniel Hollowed\AppData\Roaming\Curse Client\Bin\Curse.Presto.Interface.dll
2015-09-14 17:46 - 2015-09-14 17:46 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-09-14 17:46 - 2015-09-14 17:46 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-09-14 17:46 - 2015-09-14 17:46 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-09-14 17:46 - 2015-09-14 17:46 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-10-26 10:26 - 2015-10-26 10:26 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-09-10 14:51 - 2015-09-10 14:51 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-09-10 14:43 - 2015-09-10 14:43 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-10-15 10:56 - 2015-10-15 10:56 - 00201568 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-10-15 10:56 - 2015-10-15 10:56 - 00118112 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2014-11-18 08:26 - 2014-08-23 02:21 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-11-14 17:04 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-14 17:04 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1838069831-910762768-3284051805-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\PackardBell01.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2A69926D-52D2-47E0-90BA-850A49136E2B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/20/2015 02:04:18 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
 
Error: (11/20/2015 02:04:18 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (11/20/2015 02:04:17 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (11/20/2015 02:04:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
 
Error: (11/20/2015 02:04:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (11/20/2015 02:04:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
 
Error: (11/20/2015 02:04:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (11/19/2015 11:43:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: ONLINE~1.OCX, version: 1.0.0.7777, time stamp: 0x55546935
Exception code: 0xc0000005
Fault offset: 0x0002d516
Faulting process ID: 0x16dc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (11/19/2015 11:40:34 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (11/19/2015 07:08:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
 
 
System errors:
=============
Error: (11/20/2015 02:54:13 AM) (Source: DCOM) (EventID: 10010) (User: Daniel)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (11/20/2015 02:53:43 AM) (Source: DCOM) (EventID: 10010) (User: Daniel)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (11/19/2015 05:24:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (11/19/2015 05:24:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DANIEL~1\AppData\Local\Temp\ehdrv.sys
 
Error: (11/19/2015 05:24:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (11/19/2015 05:24:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DANIEL~1\AppData\Local\Temp\ehdrv.sys
 
Error: (11/19/2015 05:24:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (11/19/2015 05:24:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DANIEL~1\AppData\Local\Temp\ehdrv.sys
 
Error: (11/19/2015 05:02:30 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP111915-43968-01
 
Error: (11/19/2015 05:02:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:25:23 on ‎19/‎11/‎2015 was unexpected.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics 
Percentage of memory in use: 36%
Total physical RAM: 7096.2 MB
Available physical RAM: 4540.38 MB
Total Virtual: 14264.2 MB
Available Virtual: 11290.54 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:457.85 GB) (Free:366.07 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.85 GB) (Free:401.66 GB) NTFS
Drive e: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AF0DEA0A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Crash who
 
Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 19/11/2015 17:01:00 GMT your computer crashed
crash dump file: C:\Windows\Minidump\111915-43968-01.dmp
This was probably caused by the following module: atikmdag.sys (atikmdag+0x283AE)
Bugcheck code: 0xA0000001 (0x5, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\drivers\atikmdag.sys
product: ATI Radeon Family
company: Advanced Micro Devices, Inc.
description: ATI Radeon Kernel Mode Driver
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, Advanced Micro Devices, Inc.).
Google query: Advanced Micro Devices, Inc. CUSTOM_ERROR



On Thu 19/11/2015 17:01:00 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: atikmdag.sys (atikmdag+0x283AE)
Bugcheck code: 0xA0000001 (0x5, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\drivers\atikmdag.sys
product: ATI Radeon Family
company: Advanced Micro Devices, Inc.
description: ATI Radeon Kernel Mode Driver
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, Advanced Micro Devices, Inc.).
Google query: Advanced Micro Devices, Inc. CUSTOM_ERROR



On Tue 17/11/2015 22:54:57 GMT your computer crashed
crash dump file: C:\Windows\Minidump\111715-24078-01.dmp
This was probably caused by the following module: atikmdag.sys (atikmdag+0xC512B)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF8019CAF712B, 0xFFFFD001A116B1B8, 0xFFFFD001A116A9C0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\drivers\atikmdag.sys
product: ATI Radeon Family
company: Advanced Micro Devices, Inc.
description: ATI Radeon Kernel Mode Driver
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, Advanced Micro Devices, Inc.).
Google query: Advanced Micro Devices, Inc. SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M



On Wed 28/10/2015 19:18:43 GMT your computer crashed
crash dump file: C:\Windows\Minidump\102815-19921-01.dmp
This was probably caused by the following module: atikmdag.sys (atikmdag+0xC512B)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF8011EAD612B, 0xFFFFD000636781B8, 0xFFFFD000636779C0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\drivers\atikmdag.sys
product: ATI Radeon Family
company: Advanced Micro Devices, Inc.
description: ATI Radeon Kernel Mode Driver
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, Advanced Micro Devices, Inc.).
Google query: Advanced Micro Devices, Inc. SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M



On Sun 25/10/2015 01:52:26 GMT your computer crashed
crash dump file: C:\Windows\Minidump\102515-34562-01.dmp
This was probably caused by the following module: atikmdag.sys (atikmdag+0x283AE)
Bugcheck code: 0xA0000001 (0x5, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\drivers\atikmdag.sys
product: ATI Radeon Family
company: Advanced Micro Devices, Inc.
description: ATI Radeon Kernel Mode Driver
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, Advanced Micro Devices, Inc.).
Google query: Advanced Micro Devices, Inc. CUSTOM_ERROR



On Tue 25/08/2015 03:20:26 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082515-17781-01.dmp
This was probably caused by the following module: atikmdag.sys (atikmdag+0x283AE)
Bugcheck code: 0xA0000001 (0x5, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\drivers\atikmdag.sys
product: ATI Radeon Family
company: Advanced Micro Devices, Inc.
description: ATI Radeon Kernel Mode Driver
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, Advanced Micro Devices, Inc.).
Google query: Advanced Micro Devices, Inc. CUSTOM_ERROR
 
Thanks!
 
 

  • 0

#24
Bruce1270
Posted 21 November 2015 - 04:05 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Doriskills666

There are a couple of leftovers in FRST log to remove. Also WhoCrashed seems to be pointing at your ATI Radeon Kernel Mode Driver so I would recommend updating to the latest version to see if this fixes the BSOD.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx <not found>
Task: {9D0C2ECC-4CF7-4B3F-9D02-FB7E35FF4232} - \WinZip Malware Protector_startup -> No File <==== ATTENTION
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Then

    Step2 - Update ATI Radeon Driver

    You can automatically detect and install the latest driver by using the AMD Driver autodetect tool.
    For instructions on how to use the tool please see this guide.

    Things for your next post:
  • fixlog.txt
  • What issues if any remain?

  • 0

#25
Doriskills666
Posted 23 November 2015 - 02:28 PM

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

HI

 

Here is the fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Daniel Hollowed (2015-11-23 19:43:29) Run:4
Running from C:\Users\Daniel Hollowed\Desktop\Computer fix FRST
Loaded Profiles: Daniel Hollowed (Available Profiles: Daniel Hollowed)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx <not found>
Task: {9D0C2ECC-4CF7-4B3F-9D02-FB7E35FF4232} - \WinZip Malware Protector_startup -> No File <==== ATTENTION
EmptyTemp:
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D0C2ECC-4CF7-4B3F-9D02-FB7E35FF4232}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D0C2ECC-4CF7-4B3F-9D02-FB7E35FF4232}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Malware Protector_startup => key not found. 
EmptyTemp: => 701.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:45:12 ====
 
i installed the software you sent me the link too, so hopefully ill stop getting these automatic shut downs.
 
As for all the other problems, they seem to have completely gone away!
I'd like to say a big thank you as you have saved me from paying McAfee £400 to fix it you have done a brilliant job guiding me to do it my self!
 
I'll keep an eye out for another reply encase there is anything else you need to see
 
Once again thank you very much, you are brilliant!
 
Daniel.

  • 0

Advertisements

#26
Bruce1270
Posted 24 November 2015 - 02:12 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Doriskills666
 

I'd like to say a big thank you as you have saved me from paying McAfee £400 to fix it you have done a brilliant job guiding me to do it my self!


Your most welcome and delighted we could help. :)

Now subject to no further problems...

Good News! - Your system now appears to be clean. :)
Now for some clean up and "housekeeping" procedures.

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
  • Download Delfix from here
  • Locate the file and right click on it. Click on Run as Administrator.
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
  • Reset system settings

    delfix.jpg
  • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


    Staying Protected

    Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
  • Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.
  • Tap or click Choose how updates get installed.
  • Under Important updates, choose the option "Install updates automatically (recommended)."
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates check box.


    Malwarebytes - Update and run weekly to keep your system clean.


    Additional software

    Crypto Warning!!!! - Complete Data Loss can occur!

    There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here
  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
    That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
    UpdatesV7.4.11.JPG


    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
  • Download Unchecky to your desktop
  • Right click on the Unchecky_setup and choose to Run as Administrator
  • Once open click the Install button.
  • Then click on Finish
  • Unchecky is now installed and will help you keep unwanted check boxes unchecked


    Some useful Tips and Reading
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem.
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.


    To learn more about how to protect yourself while on the internet read this little guide Best security practices.

    Go here for some good advice about how to prevent infection.

    Happy safe surfing!! :)

    Its been a pleasure working with you. Thanks for sticking with it. :)

    Don't forget to post your Delfix log!

    Regards
    Bruce

  • 0

#27
Doriskills666
Posted 27 November 2015 - 04:08 PM

Doriskills666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi Bruce

 

Sorry for the delay ive been busy working again,

 

I shall download Delfix tomorrow and will have the log for you some time in the evening.

 

Thanks

 

Dan


  • 0

#28
Bruce1270
Posted 27 November 2015 - 04:39 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
OK. No worries. :)
  • 0

#29
Essexboy
Posted 29 November 2015 - 05:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP