Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Formatted drive due to Trojan feel it's still there, please help!


  • This topic is locked This topic is locked
39 replies to this topic

#1 Mcm's pc

Mcm's pc

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:31 PM

Posted 30 January 2015 - 09:32 AM

Hello,

I noticed I had an issue first when my usage was up extremely. I got notices half halfway through month when I usually only use 60% if that. I did notice the odd thing like sluggish browser etc but nothing red flag. I scanned everything on highest setting and nothing. Downloaded AVG free and scanned with that, it had picked up a medium threat Trojan. Forget what it was called. Cleaned out everything. When it (AVG) ran my F-secure from Cogeco cable would pop up and say it blocked and removed Gen.Heur Fkp1 and Gen.Variant.Symmi45380. Both say removed but would do each time I ran AVG. Couldn't find folder info on scan etc. I wasn't convinced and watched usuage still skyrocketing so would turn off wifi and only use when downloading virus scanners. Basically I ran, Malewarebytes, Adwcleaner, Rkill, RogueKiller, Tddskiller, mcafee stinger etc in deferent removal suggestions and most showed stuff and remover or deleted etc. I know Rkill doesn't remove etc just ends processes just letting u know I went through different removal strategies before resorting to reinstall of Windows. Virus also detected in forget which scan was Win32Gen and Win64Gen as well.
They were supposedly removed too. I did format with Acer recovery because typing reinstall caused pc to shut down. Windows defender was stopped and couldn't get to work. They unsecured my wifi. They had granted permissions on files. Stuff was showing up on desktop. Had hard time downloading some security programs, wouldn't let me or wouldn't run.
After format main reason still suspect is I can't seem to install updates. All scans I've done are totally clean but will not let me install any windows updates. I installed Secunia as well after format which has issues running. Also, issues with restarting. On task manager don't see anything running network but usuall still going whenever connected.
I can't really afford to take it in, single income family plus I've now wiped drive anyways and don't know where to go. I did back up on jump drive which realize is probably useless but go there after I hopefully fix issue.
I really hope you can help. My poor 6yr really wants to play Minecraft and is driving me crazy too! ha, least of my problems but so annoying.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 PM

Posted 04 February 2015 - 09:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/565095 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Mcm's pc

Mcm's pc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:31 PM

Posted 04 February 2015 - 12:00 PM

Using a Acer Windows 8 64 bit 6g RAM AMD A6 4400M no windows CD

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015
Ran by m at 2015-02-04 11:56:20
Running from C:\Users\m\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{5BB5183C-58C2-32FB-AFCC-CFDF63970006}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 11.6.385 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

29-01-2015 16:53:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {023CC0AC-E2BE-43B2-B15D-EE3B99BFB221} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {2EFD6F09-1EB0-473E-ADEE-02D67FFD79CA} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {58286E8F-A5E8-41E9-9F23-6308FB542866} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {74B39F39-2AA7-4727-8A52-FB970E448324} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {81A14586-FD85-4C16-9F26-AB5E3FBAC321} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {CE41F859-49B5-4478-AC6E-7702BF5FCB9D} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
Task: {E70F7D3C-DF82-4C64-AE13-2050A254DEE6} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {E8FEB196-E433-4495-A7BC-389F3080F333} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()

==================== Loaded Modules (whitelisted) =============

2012-09-03 21:20 - 2012-06-22 09:41 - 00024704 _____ () C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll
2012-08-22 17:04 - 2012-08-22 17:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-22 17:04 - 2012-08-22 17:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-10 20:28 - 2012-08-10 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-29 23:40 - 2012-08-29 23:40 - 03331216 _____ () C:\Program Files (x86)\Acer\Live Updater\updater.exe
2012-08-23 01:26 - 2012-08-23 01:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 01:25 - 2012-08-23 01:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 01:26 - 2012-08-23 01:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 01:25 - 2012-08-23 01:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 01:25 - 2012-08-23 01:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 01:25 - 2012-08-23 01:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 01:26 - 2012-08-23 01:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2430347323-3201313752-2256404176-500 - Administrator - Disabled)
Guest (S-1-5-21-2430347323-3201313752-2256404176-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2430347323-3201313752-2256404176-1003 - Limited - Enabled)
m (S-1-5-21-2430347323-3201313752-2256404176-1001 - Administrator - Enabled) => C:\Users\m

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 11:31:20 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, IntPtr eventData)

Error: (02/04/2015 11:30:58 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (02/01/2015 04:25:53 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (01/30/2015 07:39:41 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (01/30/2015 07:08:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 89c

Start Time: 01d03c82d53e21c4

Termination Time: 250

Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Report Id: aa75cea6-a878-11e4-be72-b888e3a3e8b9

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (01/30/2015 06:44:21 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (01/29/2015 06:37:41 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (01/29/2015 04:42:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcshield.exe, version: 15.1.0.461, time stamp: 0x4fb3db47
Faulting module name: mcshield.exe, version: 15.1.0.461, time stamp: 0x4fb3db47
Exception code: 0xc0000005
Fault offset: 0x0000000000011de1
Faulting process id: 0x714
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3
Faulting package full name: mcshield.exe4
Faulting package-relative application ID: mcshield.exe5

Error: (01/29/2015 04:42:05 PM) (Source: McLogEvent) (EventID: 5019) (User: NT AUTHORITY)
Description: Exception in McShield.Exe!

Exception details follow :

VSCORE.15.1.0.461
Exception Code       : 0X00000000C0000005
Exception Address    : 0X000007F7F0A61DE1
Exception Parameters : 2
 Param 1 = 0000000000000000
 Param 2 = 0000000000000000

More information :

Error: (01/29/2015 04:38:25 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

System errors:
=============
Error: (02/01/2015 04:30:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A}

Error: (01/30/2015 07:56:18 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (01/30/2015 07:43:33 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (01/30/2015 07:43:33 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/30/2015 07:43:26 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (01/30/2015 07:41:47 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (01/30/2015 07:39:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:13:58 AM on ‎2015-‎01-‎30 was unexpected.

Error: (01/30/2015 06:59:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (01/30/2015 06:59:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (01/30/2015 06:55:05 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Microsoft Office Sessions:
=========================
Error: (02/04/2015 11:31:20 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, IntPtr eventData)

Error: (02/04/2015 11:30:58 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (02/01/2015 04:25:53 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (01/30/2015 07:39:41 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (01/30/2015 07:08:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.2.9200.1638489c01d03c82d53e21c4250C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeaa75cea6-a878-11e4-be72-b888e3a3e8b9windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (01/30/2015 06:44:21 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (01/29/2015 06:37:41 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (01/29/2015 04:42:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcshield.exe15.1.0.4614fb3db47mcshield.exe15.1.0.4614fb3db47c00000050000000000011de171401d03c0beb5fa458C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeaad34e88-a7ff-11e4-be70-b888e3a3e8b9

Error: (01/29/2015 04:42:05 PM) (Source: McLogEvent) (EventID: 5019) (User: NT AUTHORITY)
Description: VSCORE.15.1.0.461
Exception Code       : 0X00000000C0000005
Exception Address    : 0X000007F7F0A61DE1
Exception Parameters : 2
 Param 1 = 0000000000000000
 Param 2 = 0000000000000000

More information :

Error: (01/29/2015 04:38:25 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 5578.26 MB
Available physical RAM: 3241.92 MB
Total Pagefile: 9546.26 MB
Available Pagefile: 6458.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:676.75 GB) (Free:641.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 25B87A85)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by m (administrator) on MMPC on 04-02-2015 11:48:42
Running from C:\Users\m\Desktop
Loaded Profiles: m (Available profiles: m)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1527896 2012-06-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2430347323-3201313752-2256404176-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2430347323-3201313752-2256404176-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2430347323-3201313752-2256404176-1001 -> {A70F2E79-EE99-4D72-AEA2-43CAE735243B} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150129185522.dll (McAfee, Inc.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150129185522.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\tBdDksGJ.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Avira Browser Safety - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\tBdDksGJ.default\Extensions\abs@avira.com [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-09-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-05-22] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-18] (Dritek System INC.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-18] (Dritek System Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 11:48 - 2015-02-04 11:51 - 00017487 _____ () C:\Users\m\Desktop\FRST.txt
2015-02-04 11:48 - 2015-02-04 11:49 - 00000000 ____D () C:\FRST
2015-02-04 11:46 - 2015-02-04 11:46 - 02131968 _____ (Farbar) C:\Users\m\Desktop\FRST64.exe
2015-02-04 11:46 - 2015-02-04 11:46 - 00000117 _____ () C:\WINDOWS\system32\netcfg-939952.txt
2015-02-04 11:45 - 2015-02-04 11:46 - 00000117 _____ () C:\WINDOWS\system32\netcfg-927472.txt
2015-02-04 11:45 - 2015-02-04 11:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-916833.txt
2015-02-04 11:45 - 2015-02-04 11:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-913339.txt
2015-02-04 11:39 - 2015-02-04 11:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-565956.txt
2015-02-04 11:39 - 2015-02-04 11:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-565784.txt
2015-02-04 11:39 - 2015-02-04 11:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-562914.txt
2015-02-04 11:37 - 2015-02-04 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-01 16:37 - 2015-02-01 16:37 - 00000117 _____ () C:\WINDOWS\system32\netcfg-745591.txt
2015-02-01 16:30 - 2015-02-01 16:30 - 00000117 _____ () C:\WINDOWS\system32\netcfg-299397.txt
2015-02-01 16:30 - 2015-02-01 16:30 - 00000117 _____ () C:\WINDOWS\system32\netcfg-296089.txt
2015-02-01 16:29 - 2015-02-01 16:29 - 00000117 _____ () C:\WINDOWS\system32\netcfg-285606.txt
2015-02-01 16:28 - 2015-02-01 16:28 - 00000000 ____D () C:\ProgramData\HP
2015-01-30 07:53 - 2015-01-30 07:53 - 00000117 _____ () C:\WINDOWS\system32\netcfg-884962.txt
2015-01-30 07:42 - 2015-01-30 07:42 - 00000117 _____ () C:\WINDOWS\system32\netcfg-172334.txt
2015-01-30 07:41 - 2015-01-30 07:42 - 00000117 _____ () C:\WINDOWS\system32\netcfg-168683.txt
2015-01-30 07:23 - 2015-01-30 07:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2396908.txt
2015-01-30 07:23 - 2015-01-30 07:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2377408.txt
2015-01-30 07:04 - 2015-01-30 07:04 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1280737.txt
2015-01-30 07:04 - 2015-01-30 07:04 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1251502.txt
2015-01-30 06:54 - 2015-01-30 06:54 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-01-30 06:54 - 2015-01-30 06:54 - 00000000 ____D () C:\Users\m\AppData\Local\Secunia PSI
2015-01-30 06:54 - 2015-01-30 06:54 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-01-30 06:36 - 2015-01-30 06:40 - 00000000 ____D () C:\AdwCleaner
2015-01-30 06:35 - 2015-01-30 06:35 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43117272.txt
2015-01-30 06:34 - 2015-01-30 06:34 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43049084.txt
2015-01-30 06:34 - 2015-01-30 06:34 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43040675.txt
2015-01-30 06:34 - 2015-01-30 06:34 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43039022.txt
2015-01-30 06:33 - 2015-01-30 06:33 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43032719.txt
2015-01-30 06:33 - 2015-01-30 06:33 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43032126.txt
2015-01-30 06:33 - 2015-01-30 06:33 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43002596.txt
2015-01-30 06:33 - 2015-01-30 06:33 - 00000117 _____ () C:\WINDOWS\system32\netcfg-42998992.txt
2015-01-30 06:31 - 2015-01-30 06:31 - 00000117 _____ () C:\WINDOWS\system32\netcfg-42911912.txt
2015-01-29 19:05 - 2015-01-29 19:05 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1737086.txt
2015-01-29 18:58 - 2015-01-29 18:57 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-01-29 18:56 - 2015-01-29 18:56 - 00000000 ____D () C:\Users\m\AppData\Roaming\Avira
2015-01-29 18:55 - 2015-01-29 18:55 - 00000000 _____ () C:\Recovery.txt
2015-01-29 18:53 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-01-29 18:53 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-01-29 18:53 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-01-29 18:44 - 2015-01-29 18:44 - 00000117 _____ () C:\WINDOWS\system32\netcfg-451903.txt
2015-01-29 18:44 - 2015-01-29 18:44 - 00000117 _____ () C:\WINDOWS\system32\netcfg-446022.txt
2015-01-29 18:38 - 2015-01-29 18:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-81666.txt
2015-01-29 18:38 - 2015-01-29 18:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-119075.txt
2015-01-29 18:38 - 2015-01-29 18:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-113428.txt
2015-01-29 18:36 - 2015-01-29 18:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-7106968.txt
2015-01-29 18:26 - 2015-01-29 18:43 - 00000000 ____D () C:\OETemp
2015-01-29 18:23 - 2015-01-29 18:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1636700.txt
2015-01-29 18:23 - 2015-01-29 16:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1638478.txt
2015-01-29 18:21 - 2015-01-29 18:21 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6226935.txt
2015-01-29 18:21 - 2015-01-29 18:21 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6220305.txt
2015-01-29 18:21 - 2015-01-29 18:21 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6195439.txt
2015-01-29 18:21 - 2015-01-29 18:21 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1562896.txt
2015-01-29 17:37 - 2015-01-29 17:37 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3576369.txt
2015-01-29 17:37 - 2015-01-29 17:37 - 00000000 ____D () C:\Users\m\AppData\Roaming\Mozilla
2015-01-29 17:24 - 2015-01-29 17:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2797144.txt
2015-01-29 17:24 - 2015-01-29 17:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2791669.txt
2015-01-29 17:23 - 2015-01-29 17:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2734666.txt
2015-01-29 17:10 - 2015-01-29 17:10 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1989730.txt
2015-01-29 17:06 - 2015-01-29 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-29 17:06 - 2015-01-29 17:06 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-29 17:05 - 2015-01-29 18:53 - 00000000 ____D () C:\ProgramData\Avira
2015-01-29 17:05 - 2015-01-29 18:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-29 17:05 - 2015-01-29 17:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 16:58 - 2014-05-14 20:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-29 16:58 - 2014-05-14 17:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-29 16:58 - 2014-05-14 17:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-29 16:58 - 2014-05-14 17:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-29 16:58 - 2014-05-14 17:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-01-29 16:56 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-29 16:56 - 2012-11-05 23:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-01-29 16:56 - 2012-11-05 23:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2015-01-29 16:50 - 2015-01-29 16:50 - 00000117 _____ () C:\WINDOWS\system32\netcfg-776510.txt
2015-01-29 16:50 - 2015-01-29 16:50 - 00000117 _____ () C:\WINDOWS\system32\netcfg-775262.txt
2015-01-29 16:49 - 2015-02-04 11:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 16:49 - 2015-01-29 17:45 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2430347323-3201313752-2256404176-1001
2015-01-29 16:48 - 2015-01-29 16:48 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 16:48 - 2015-01-29 16:48 - 00000000 ____D () C:\Users\m\AppData\Local\EgisTec IPS
2015-01-29 16:48 - 2015-01-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 16:48 - 2015-01-29 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 16:48 - 2015-01-29 16:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 16:48 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-29 16:48 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-29 16:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-29 16:43 - 2015-01-29 16:43 - 00000000 ____D () C:\Users\m\AppData\Roaming\Atheros
2015-01-29 16:42 - 2015-01-29 16:42 - 00000000 ____D () C:\Program Files (x86)\OEM
2015-01-29 16:41 - 2015-01-29 16:41 - 00001930 _____ () C:\Users\Public\Desktop\Netflix.lnk
2015-01-29 16:41 - 2015-01-29 16:41 - 00001438 _____ () C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-29 16:41 - 2015-01-29 16:41 - 00000000 ____D () C:\Users\m\AppData\Roaming\lm
2015-01-29 16:41 - 2015-01-29 16:41 - 00000000 ____D () C:\ProgramData\OEM_E471269A730E
2015-01-29 16:40 - 2015-01-29 16:40 - 00000000 ____D () C:\Users\m\AppData\Roaming\Macromedia
2015-01-29 16:40 - 2015-01-29 16:40 - 00000000 ____D () C:\Users\m\AppData\Roaming\Adobe
2015-01-29 16:39 - 2015-01-29 16:41 - 00000000 ____D () C:\Users\m\AppData\Local\Packages
2015-01-29 16:39 - 2015-01-29 16:39 - 00000000 ____D () C:\Users\m\AppData\Local\VirtualStore
2015-01-29 16:38 - 2015-01-29 16:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-54569.txt
2015-01-29 16:37 - 2015-02-04 11:40 - 01817578 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-29 16:37 - 2015-01-29 16:41 - 00000000 ____D () C:\Users\m
2015-01-29 16:37 - 2015-01-29 16:37 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2488902.txt
2015-01-29 16:37 - 2015-01-29 16:37 - 00000020 ___SH () C:\Users\m\ntuser.ini
2015-01-29 16:37 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-29 16:37 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-29 16:37 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-29 16:37 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 11:51 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-04 11:45 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-04 11:37 - 2012-09-03 21:21 - 00001832 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2015-02-04 11:36 - 2012-07-26 02:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-04 11:35 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-04 11:30 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-01 16:38 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-01 16:25 - 2012-09-03 21:19 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-01 16:25 - 2012-09-03 21:02 - 00168176 _____ () C:\WINDOWS\PFRO.log
2015-01-29 19:24 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-29 18:55 - 2012-07-26 03:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-01-29 18:37 - 2012-07-26 02:19 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-29 18:04 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-29 18:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-29 18:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-29 18:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-29 18:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-29 18:04 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-29 18:04 - 2012-07-26 00:37 - 00000000 ____D () C:\WINDOWS\servicing
2015-01-29 18:03 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-29 18:03 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-01-29 18:03 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-01-29 18:03 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-01-29 18:03 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-01-29 18:03 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-01-29 18:03 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-01-29 18:03 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-01-29 18:03 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-01-29 18:03 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-01-29 18:03 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-01-29 18:03 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-01-29 18:03 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-01-29 18:00 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-01-29 18:00 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-29 18:00 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-01-29 17:59 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-01-29 17:59 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-01-29 17:58 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-01-29 17:58 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-01-29 17:58 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-01-29 17:33 - 2012-09-03 21:19 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-29 16:53 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-01-29 16:48 - 2012-09-03 21:23 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2015-01-29 16:44 - 2012-09-03 21:56 - 00000000 ___HD () C:\OEM
2015-01-29 16:41 - 2012-09-18 09:41 - 00000000 ____D () C:\ProgramData\OEM

==================== Files in the root of some directories =======

2012-09-18 09:19 - 2012-09-18 09:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\m\AppData\Local\Temp\avgnt.exe
C:\Users\m\AppData\Local\Temp\Quarantine.exe
C:\Users\m\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-09-03 21:02

==================== End Of Log ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:31 PM

Posted 05 February 2015 - 10:40 AM

Greetings Mcm's pc and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Although this is not malware related I am going to see if I can help you anyway since you have been waiting so long.

I don't see anything malicious on your computer but that is to be expected. However I notice there are 2 Antivirus programs installed (in addition to the required Windows Defender). I am providing information regarding potential complications when this is the case. What I would like you to do is uninstall McAfee since it has a Firewall component. After you have done that, disable Avira and then try to update Windows. If Windows still won't update complete the second step.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

McAfee Anti-Virus and Anti-Spyware


===================================================

Obtaining Windows Update Log

--------------------
  • Please browse to the following location

C:\Windows\WindowsUpdate.log

  • Zip the file and attach it to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did McAfee uninstall?
  • Did Windows update properly?
  • Attached Windows Update log (if necessary)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Mcm's pc

Mcm's pc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:31 PM

Posted 05 February 2015 - 12:16 PM

Hi Gary! So glad you can help me. I'm on my iPhone right now I just wanted to quickly mention few things before I happly follow your instructions which I plan to do in few moments.
I did reinstall windows from Acer recovery which was available on pc, no start up disk etc. I never instled anything since except for security programs other them Mcafee. I normally run F secure in whole as a program my internet provides full service with package. It didn't pick up problem before wipe out. I totally get conflicting issues hence the only picking up virus when AVG scanned. Anyway, moot point really just thought it could help to know where coming from. The reason I am pretty certain they are still on there is as soon as I hook up to internet uploading is up. Just looking for info it start at like 200MB and I get to a G of usage in like 30 min. I'm pretty sure that's not normal since I've never came close to my old 80 G cap and was on all the time. Also I am doing what u recommended still but I did try windows update before installing avira or any other programs. Plus windows defender was off from the boot and I can't get on. That could be mcafee but thought I'd mention. So I'll get on your requests and get back to you!

Thanks again and really appreciate the help.

Maria :)

#6 Mcm's pc

Mcm's pc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:31 PM

Posted 05 February 2015 - 01:18 PM

Hi Gary, I've uninstalled mcafee and rebooted. Started windows update. Said I needed 135 updates. Trying to install, says downloading updates but has 0Kb and 0% complete for 45 min. Usage at 300mb for 45min with only Avira updating as far as I know. How long should I keep waiting? Doesnt get hung up anywhere else.

Thanks

Maria

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:31 PM

Posted 05 February 2015 - 01:25 PM

Hi Maria,

With a fresh install of Windows it can take quite some time to update. Not only the amount of data needing to be downloaded but it is not uncommon for the Microsoft connection to be slow.

Can I assume this is better than what you experienced before?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Mcm's pc

Mcm's pc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:31 PM

Posted 05 February 2015 - 01:34 PM

Thx for quick response Gary! Yes it is better. Got kicked out last time couldn't even do the initial update it asks u to at set up. Funny thing, it's moving since I posted remark too! Ill get back to you when complete with log. Noticed windows 8.1 update not showing in list.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:31 PM

Posted 05 February 2015 - 01:47 PM

This will probably be a lengthy, multi-reboot process where you find it will say 150 updates, it will complete, then there will be another set of updates right behind that. And on, and on. and on.......


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Mcm's pc

Mcm's pc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:31 PM

Posted 05 February 2015 - 02:15 PM

Ok, so I guess u want me to keep updating until it says up to date then send log?

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:31 PM

Posted 05 February 2015 - 02:18 PM

Yes keep updating until there are no more. As long as you get to that point I do not need the log. The log is only for investigating why Windows wouldn't update if that continued to be the case.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Mcm's pc

Mcm's pc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:31 PM

Posted 05 February 2015 - 07:41 PM

Hi Gary, windows says it's up to date. Still didn't pick up windows 8.1 though even checked for updates manually.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:31 PM

Posted 05 February 2015 - 07:54 PM

Click on the Store Tile and try to obtain it that way.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Mcm's pc

Mcm's pc
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:31 PM

Posted 05 February 2015 - 09:17 PM

Ok, says downloading so I guess it's going to take hours since over 3Gigs. If not done in next couple of hours you won't hear from me until tomorrow. If so, have a great night.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:31 PM

Posted 05 February 2015 - 09:44 PM

Thanks Maria. We will touch base tomorrow to make sure all went well.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users