Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SmartScreen and Security Center Service gets disabled automatically


  • This topic is locked This topic is locked
10 replies to this topic

#1 Dinnerplates

Dinnerplates

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 03 December 2015 - 01:40 AM

Hi, this is probably the result of using a crack a day ago. Today, soon after I turned my computer on, I was asked permission to run command prompt (or something like that). I denied it the first time but it kept popping up so I ok'ed it. Immediately the computer restarted itself. I went to Action Center in the control panel and Windows SmartScreen and Security Center Service were disabled. If I reenabled them, they would automatically disable themselves within 30 seconds. I have to go through services to reenable security center because it doesn't work through Action Center.

Here's the FRST log:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by c (administrator) on WHITESTCHRIST (02-12-2015 22:07:45)
Running from C:\Users\c\Desktop
Loaded Profiles: c (Available Profiles: c)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Video DSP\DriverMFTService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\c\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(BitTorrent Inc.) C:\Users\c\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe
(BitTorrent Inc.) C:\Users\c\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\Core\mchost.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3246920 2014-10-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-19] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [UseReferenceAssemblies] => C:\ProgramData\Reference Assemblies\UseReferenceAssemblies.exe [163840 2015-12-02] (LSoft Technologies Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [Google Update] => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-30] (Google Inc.)
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [GoogleChromeAutoLaunch_48555157F9018AAD449F1763D57508C7] => C:\Users\c\AppData\Local\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [BitTorrent] => C:\Users\c\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-01] (BitTorrent Inc.)
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [WindowsMediaPlayerCtrl] => C:\Users\c\AppData\Roaming\Windows Media Player\WindowsMediaPlayerCtrl.exe
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.59.144.100 64.59.150.143
Tcpip\..\Interfaces\{162124D9-EAD4-44EE-8F74-FB6FF0E4DC09}: [DhcpNameServer] 64.59.144.100 64.59.150.143
Tcpip\..\Interfaces\{23690492-D53C-4485-A64E-70B031DAD7DF}: [DhcpNameServer] 192.11.128.24
 
Internet Explorer:
==================
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-09-28] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-12] (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin HKU\S-1-5-21-164665030-3040496297-2910328690-1001: @tools.google.com/Google Update;version=3 -> C:\Users\c\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-164665030-3040496297-2910328690-1001: @tools.google.com/Google Update;version=9 -> C:\Users\c\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-164665030-3040496297-2910328690-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-02] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-30]
CHR Extension: (Google Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-30]
CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Google Search) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Google Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30]
CHR Extension: (AdBlock) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-30]
CHR Extension: (feedly) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-30]
CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-19] (ASUS Cloud Corporation) [File not signed]
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [356664 2015-02-02] (ASUSTeK)
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
R2 DriverMFTService; C:\Program Files (x86)\Asus\ASUS Video DSP\DriverMFTService.exe [9728 2014-10-29] (ASUSTek Computer Inc.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-09-30] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-08] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-09-22] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259040 2011-09-22] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292384 2011-09-22] (SafeNet, Inc.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-11-09] (Valve Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-16] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-08] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-03] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [53440 2015-01-05] (Titan ARC Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [40256 2015-04-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-09-24] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-09-24] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-02 22:07 - 2015-12-02 22:07 - 00023981 _____ C:\Users\c\Desktop\FRST.txt
2015-12-02 22:03 - 2015-12-02 22:07 - 00000000 ____D C:\FRST
2015-12-02 21:59 - 2015-12-02 22:00 - 02350080 _____ (Farbar) C:\Users\c\Desktop\FRST64.exe
2015-12-02 21:39 - 2015-12-02 21:43 - 415323328 _____ C:\Users\c\Downloads\sec_530_sfx.exe
2015-12-02 21:34 - 2015-12-02 21:34 - 00602112 _____ (OldTimer Tools) C:\Users\c\Downloads\OTL.exe
2015-12-02 21:06 - 2015-12-02 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-02 21:02 - 2015-12-02 21:02 - 00000000 ____D C:\ProgramData\Reference Assemblies
2015-12-02 21:01 - 2015-12-02 21:01 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-12-02 20:59 - 2015-12-02 20:59 - 00001506 _____ C:\Users\c\Downloads\KeyframeJumper.mxp
2015-12-02 20:58 - 2015-12-02 21:03 - 00000000 ____D C:\Users\c\Downloads\Adobe Audition CS6 v5.0.708 Multilang Cracked - iND
2015-12-02 20:57 - 2015-12-02 21:03 - 00000000 ____D C:\Users\c\AppData\LocalLow\BitTorrent
2015-12-02 02:03 - 2015-12-02 02:03 - 00018728 _____ C:\Users\c\Downloads\[kat.cr]adobe.audition.cs6.v5.0.708.multilang.cracked.ind.torrent
2015-12-02 00:49 - 2015-12-02 00:49 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-12-02 00:49 - 2015-12-02 00:49 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-12-01 23:51 - 2015-12-01 23:51 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-01 22:46 - 2015-12-01 22:46 - 00000000 ____D C:\Users\c\AppData\LocalLow\Adobe
2015-12-01 22:45 - 2015-12-01 22:45 - 21138014 _____ C:\Users\c\Downloads\BrushYannPonyPants.abr
2015-12-01 22:41 - 2015-12-01 22:41 - 03100124 _____ C:\Users\c\Downloads\KYLE ULTIMATE Set apr.tpl
2015-12-01 22:28 - 2015-12-01 22:28 - 00006276 _____ C:\Users\c\Downloads\FW_FramesToSymbol.mxp
2015-12-01 22:20 - 2015-12-01 22:20 - 00001117 _____ C:\Users\c\Desktop\AIM.lnk
2015-12-01 22:20 - 2015-12-01 22:20 - 00000000 ____D C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
2015-12-01 22:20 - 2015-12-01 22:20 - 00000000 ____D C:\Users\c\AppData\Local\AOL
2015-12-01 22:19 - 2015-12-01 22:19 - 00126699 _____ C:\Users\c\Downloads\TweensPanel.mxp
2015-12-01 22:19 - 2015-12-01 22:19 - 00027628 _____ C:\Users\c\Downloads\Lipper v1.0.mxp
2015-12-01 22:19 - 2015-12-01 22:19 - 00000877 _____ C:\Users\c\Downloads\tween2keys.mxp
2015-12-01 22:18 - 2015-12-01 22:18 - 00002805 _____ C:\Users\c\Downloads\frameEDIT.mxp
2015-12-01 22:13 - 2015-12-01 22:13 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS3.lnk
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swivel
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\Program Files\Swivel
2015-12-01 21:28 - 2015-12-01 21:28 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-12-01 21:28 - 2015-12-01 21:28 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-12-01 21:27 - 2015-12-01 21:27 - 00001187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-12-01 21:26 - 2015-12-01 21:33 - 00000000 ____D C:\Users\c\Documents\Photoshop backups
2015-12-01 21:26 - 2015-12-01 21:26 - 00001371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-12-01 11:32 - 2015-12-01 11:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-01 01:20 - 2015-12-02 22:05 - 00000000 ____D C:\Users\c\AppData\Roaming\BitTorrent
2015-12-01 01:20 - 2015-12-01 01:20 - 01873952 _____ (BitTorrent Inc.) C:\Users\c\Desktop\BitTorrent.exe
2015-12-01 01:11 - 2015-12-01 01:11 - 00000000 ____D C:\Users\c\AppData\Roaming\tvp animation 10
2015-12-01 01:09 - 2015-12-01 01:09 - 00000000 ____D C:\Users\c\AppData\Roaming\Apple Computer
2015-12-01 00:59 - 2015-12-01 00:59 - 00000000 ____D C:\Users\c\AppData\Roaming\tvp animation 10 pro
2015-12-01 00:58 - 2015-12-01 00:59 - 00000000 ____D C:\Users\c\Documents\TVP backups
2015-12-01 00:56 - 2015-12-01 00:56 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2015-12-01 00:56 - 2015-12-01 00:56 - 00000000 ____D C:\Program Files (x86)\SafeNet Sentinel
2015-12-01 00:56 - 2009-09-17 07:05 - 00145448 _____ (SafeNet, Inc.) C:\Windows\system32\Drivers\sentinel64.sys
2015-12-01 00:55 - 2015-12-01 00:55 - 00000000 ____D C:\Users\c\Documents\Downloaded Installations
2015-12-01 00:55 - 2015-12-01 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVPaint Developpement
2015-12-01 00:55 - 2015-12-01 00:55 - 00000000 ____D C:\Program Files (x86)\TVPaint Developpement
2015-12-01 00:50 - 2015-12-01 00:50 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-01 00:50 - 2015-12-01 00:50 - 00001859 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 ____D C:\Users\c\AppData\Local\Apple
2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 ____D C:\ProgramData\Apple
2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-01 00:48 - 2015-12-01 00:48 - 00000000 ____D C:\Users\c\AppData\LocalLow\Apple Computer
2015-12-01 00:47 - 2015-12-01 00:47 - 00000000 ____D C:\Users\c\AppData\Roaming\NVIDIA
2015-12-01 00:43 - 2015-12-01 00:46 - 00000000 ____D C:\Users\c\Documents\AE CS6 file copy
2015-12-01 00:40 - 2015-12-01 21:29 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-01 00:40 - 2015-12-01 00:40 - 00000000 ____D C:\Users\c\AppData\Roaming\PDAppFlex
2015-12-01 00:39 - 2015-12-01 21:28 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-12-01 00:39 - 2015-12-01 00:39 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
2015-12-01 00:38 - 2015-12-01 22:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-01 00:38 - 2015-12-01 21:28 - 00000000 ____D C:\Program Files\Adobe
2015-12-01 00:38 - 2015-12-01 21:26 - 00001541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-12-01 00:38 - 2015-12-01 00:38 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
2015-12-01 00:38 - 2015-12-01 00:38 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-12-01 00:38 - 2015-12-01 00:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-01 00:38 - 2015-12-01 00:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-01 00:37 - 2015-12-01 21:28 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-01 00:30 - 2015-12-01 22:25 - 00000000 ____D C:\ProgramData\Adobe
2015-12-01 00:24 - 2015-12-01 01:09 - 00000000 ____D C:\Users\c\AppData\Local\Adobe
2015-12-01 00:18 - 2015-12-01 00:19 - 00000000 ____D C:\Program Files\Flash CS3
2015-12-01 00:09 - 2015-12-01 00:09 - 00000000 ____D C:\Users\c\AppData\Roaming\WTablet
2015-12-01 00:08 - 2015-12-01 00:08 - 00000000 ____D C:\Users\c\AppData\Roaming\vlc
2015-12-01 00:03 - 2015-12-01 00:03 - 00000889 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-12-01 00:03 - 2015-12-01 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-01 00:03 - 2015-12-01 00:03 - 00000000 ____D C:\Program Files\VideoLAN
2015-11-30 23:56 - 2015-11-30 23:56 - 00000000 ____D C:\Users\c\Desktop\pxtone
2015-11-30 23:56 - 2015-11-30 23:56 - 00000000 ____D C:\Users\c\Desktop\Easy Paint Tool SAI
2015-11-30 23:54 - 2015-11-30 23:54 - 00000000 ____D C:\Users\c\Desktop\Sumotori Dreams
2015-11-30 22:34 - 2015-11-30 22:34 - 00000000 ____D C:\Users\c\AppData\Roaming\LolClient
2015-11-30 22:32 - 2015-11-30 22:32 - 00000000 ____D C:\Users\c\Tracing
2015-11-30 22:31 - 2015-11-30 22:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-30 22:31 - 2015-11-30 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-30 22:26 - 2015-11-30 22:26 - 00052224 ___SH C:\Users\c\Downloads\Thumbs.db
2015-11-30 21:30 - 2015-11-30 21:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-11-30 21:27 - 2015-11-30 21:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2015-11-30 21:27 - 2015-11-30 21:27 - 00000000 ____D C:\Program Files\TabletPlugins
2015-11-30 21:27 - 2015-11-30 21:27 - 00000000 ____D C:\Program Files\Tablet
2015-11-30 21:27 - 2015-11-30 21:27 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2015-11-30 21:27 - 2014-01-13 08:24 - 01913624 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.dll
2015-11-30 21:27 - 2014-01-13 08:24 - 01906968 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Touch_Tablet.dll
2015-11-30 21:27 - 2014-01-13 08:24 - 01780504 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2015-11-30 21:27 - 2014-01-13 08:24 - 01778968 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2015-11-30 21:27 - 2014-01-13 08:24 - 01551640 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Pen_Tablet.dll
2015-11-30 21:27 - 2014-01-13 08:24 - 01544472 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Pen_Touch_Tablet.dll
2015-11-30 21:27 - 2014-01-13 08:24 - 01432344 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2015-11-30 21:27 - 2014-01-13 08:24 - 01428248 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2015-11-30 21:24 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-11-30 21:21 - 2015-11-30 22:21 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-11-30 21:21 - 2015-11-30 21:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-30 21:19 - 2015-11-30 21:19 - 00000000 ____D C:\ProgramData\Riot Games
2015-11-30 21:18 - 2015-11-30 21:18 - 00000000 ____D C:\Riot Games
2015-11-30 21:18 - 2015-11-30 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-11-30 21:18 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-11-30 21:18 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-11-30 21:18 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-11-30 21:18 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-11-30 21:18 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-11-30 21:12 - 2015-12-02 02:05 - 00079360 ___SH C:\Users\c\Desktop\Thumbs.db
2015-11-30 21:11 - 2015-11-30 21:11 - 00000000 ____D C:\Users\c\AppData\Local\Steam
2015-11-30 21:11 - 2015-11-30 21:11 - 00000000 ____D C:\Users\c\AppData\Local\CEF
2015-11-30 21:10 - 2015-12-02 02:07 - 00000000 ____D C:\Users\c\AppData\Roaming\Skype
2015-11-30 21:10 - 2015-11-30 21:10 - 00000000 ____D C:\Users\c\AppData\Local\Skype
2015-11-30 21:08 - 2015-11-30 21:18 - 00000000 ____D C:\Users\c\AppData\Roaming\Riot Games
2015-11-30 21:03 - 2015-12-02 20:59 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-11-30 21:03 - 2015-12-02 20:59 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-11-30 21:02 - 2015-12-02 21:13 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-164665030-3040496297-2910328690-1001UA1d12bf575a1037c.job
2015-11-30 21:02 - 2015-12-02 21:08 - 00002407 _____ C:\Users\c\Desktop\Google Chrome.lnk
2015-11-30 21:02 - 2015-12-01 20:13 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-164665030-3040496297-2910328690-1001Core1d12bf57597788a.job
2015-11-30 21:02 - 2015-12-01 20:08 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-164665030-3040496297-2910328690-1001UA1d12bf575a1037c
2015-11-30 21:02 - 2015-12-01 20:08 - 00003478 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-164665030-3040496297-2910328690-1001Core1d12bf57597788a
2015-11-30 21:02 - 2015-11-30 21:02 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-164665030-3040496297-2910328690-1001UA
2015-11-30 21:02 - 2015-11-30 21:02 - 00003478 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-164665030-3040496297-2910328690-1001Core
2015-11-30 21:02 - 2015-11-30 21:02 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-164665030-3040496297-2910328690-1001UA.job
2015-11-30 21:02 - 2015-11-30 21:02 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-164665030-3040496297-2910328690-1001Core.job
2015-11-30 21:02 - 2015-11-30 21:02 - 00000000 ____D C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-30 21:01 - 2015-11-30 21:02 - 00000000 ____D C:\Users\c\AppData\Local\Google
2015-11-30 21:01 - 2015-11-30 21:01 - 00000000 ____D C:\Users\c\AppData\Local\Deployment
2015-11-30 21:01 - 2015-11-30 21:01 - 00000000 ____D C:\Users\c\AppData\Local\Apps\2.0
2015-11-30 21:00 - 2015-11-30 21:00 - 00000000 __SHD C:\Users\c\AppData\LocalLow\EmieUserList
2015-11-30 21:00 - 2015-11-30 21:00 - 00000000 __SHD C:\Users\c\AppData\LocalLow\EmieSiteList
2015-11-30 21:00 - 2015-11-30 21:00 - 00000000 __SHD C:\Users\c\AppData\Local\EmieUserList
2015-11-30 21:00 - 2015-11-30 21:00 - 00000000 __SHD C:\Users\c\AppData\Local\EmieSiteList
2015-11-30 20:47 - 2015-12-02 21:13 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-164665030-3040496297-2910328690-1001
2015-11-30 20:47 - 2015-11-30 20:47 - 00000000 ____D C:\Users\c\AppData\Roaming\WebStorage
2015-11-30 20:46 - 2015-11-30 20:46 - 00000000 ____D C:\Users\c\AppData\Local\GWX
2015-11-30 20:45 - 2015-12-02 21:03 - 00000000 ____D C:\Users\c\OneDrive
2015-11-30 20:44 - 2015-11-30 20:44 - 00000000 ____D C:\Users\c\AppData\Roaming\Macromedia
2015-11-30 20:42 - 2015-12-02 21:03 - 00000093 _____ C:\Users\c\AppData\Roaming\sp_data.sys
2015-11-30 20:42 - 2015-12-01 22:25 - 00000000 ____D C:\Users\c\AppData\Roaming\Adobe
2015-11-30 20:42 - 2015-11-30 22:29 - 00000000 ____D C:\ProgramData\USBChargerPlus
2015-11-30 20:42 - 2015-11-30 20:43 - 00000000 ____D C:\Users\c\AppData\Local\NVIDIA Corporation
2015-11-30 20:42 - 2015-11-30 20:42 - 00001444 _____ C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-30 20:42 - 2015-11-30 20:42 - 00000000 ____D C:\Users\c\Documents\My Received Files
2015-11-30 20:42 - 2015-11-30 20:42 - 00000000 ____D C:\Users\c\AppData\Roaming\Intel
2015-11-30 20:42 - 2015-11-30 20:42 - 00000000 ____D C:\Users\c\AppData\Roaming\ASUS
2015-11-30 20:42 - 2015-11-30 20:42 - 00000000 ____D C:\Users\c\AppData\Local\VirtualStore
2015-11-30 20:42 - 2015-11-30 20:42 - 00000000 ____D C:\Users\c\AppData\Local\Packages
2015-11-30 20:42 - 2015-11-30 20:42 - 00000000 ____D C:\Users\c\AppData\Local\NVIDIA
2015-11-30 20:41 - 2015-11-30 22:32 - 00000000 ____D C:\Users\c
2015-11-30 20:41 - 2015-11-30 20:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-30 20:41 - 2015-11-30 20:41 - 00000020 ___SH C:\Users\c\ntuser.ini
2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 _SHDL C:\Users\c\My Documents
2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 _SHDL C:\Users\c\Documents\My Videos
2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 _SHDL C:\Users\c\Documents\My Pictures
2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 _SHDL C:\Users\c\Documents\My Music
2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-11-30 20:41 - 2014-03-18 02:13 - 00000369 _____ C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-11-30 20:41 - 2014-03-18 02:13 - 00000369 _____ C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-11-30 20:38 - 2015-11-14 06:50 - 00133248 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2015-11-30 20:38 - 2015-11-14 06:50 - 00114160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2015-11-30 20:38 - 2015-10-20 13:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-30 20:38 - 2015-10-20 06:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-30 20:38 - 2015-10-20 06:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-30 20:38 - 2015-10-20 06:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-30 20:38 - 2015-10-20 06:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-30 20:38 - 2015-10-20 06:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-30 20:38 - 2015-10-20 06:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-30 20:38 - 2015-10-20 06:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-30 20:38 - 2015-10-20 06:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-30 20:38 - 2015-10-20 06:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-30 20:38 - 2015-10-20 06:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-30 20:38 - 2015-10-20 06:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-30 20:38 - 2015-08-10 18:47 - 02757072 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-11-30 20:38 - 2015-08-10 18:47 - 02414096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-11-30 20:38 - 2015-07-09 10:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-30 20:38 - 2015-06-26 19:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-30 20:38 - 2015-06-26 19:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-30 20:38 - 2015-06-26 18:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-30 20:38 - 2015-03-13 17:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-30 20:38 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-11-12 22:50 - 2015-11-12 22:50 - 00026880 _____ (Western Digital Technologies, Inc.) C:\Windows\system32\Drivers\wdcsam64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-02 22:03 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-02 21:10 - 2014-09-24 03:25 - 00187318 _____ C:\Windows\system32\prfh0404.dat
2015-12-02 21:10 - 2014-09-24 03:25 - 00060758 _____ C:\Windows\system32\prfc0404.dat
2015-12-02 21:10 - 2014-09-24 03:14 - 00448962 _____ C:\Windows\system32\prfh0804.dat
2015-12-02 21:10 - 2014-09-24 03:14 - 00139754 _____ C:\Windows\system32\prfc0804.dat
2015-12-02 21:10 - 2014-09-24 03:03 - 00813276 _____ C:\Windows\system32\perfh00A.dat
2015-12-02 21:10 - 2014-09-24 03:03 - 00170436 _____ C:\Windows\system32\perfc00A.dat
2015-12-02 21:10 - 2014-09-24 02:53 - 00814850 _____ C:\Windows\system32\perfh00C.dat
2015-12-02 21:10 - 2014-09-24 02:53 - 00163070 _____ C:\Windows\system32\perfc00C.dat
2015-12-02 21:10 - 2014-03-18 02:03 - 03587496 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-02 21:10 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-02 21:03 - 2015-06-16 16:59 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-02 21:03 - 2015-06-16 14:40 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-02 21:03 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-02 21:03 - 2013-08-22 06:44 - 04958944 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-02 21:02 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-02 00:51 - 2015-06-16 16:59 - 00000000 ____D C:\ProgramData\McAfee
2015-12-02 00:51 - 2015-06-16 16:59 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-12-02 00:50 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-12-01 23:51 - 2014-09-24 03:55 - 00000000 ____D C:\Windows\Panther
2015-12-01 23:51 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-01 20:48 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-30 23:53 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-30 22:31 - 2014-09-24 04:20 - 00000000 ____D C:\ProgramData\Skype
2015-11-30 22:29 - 2015-06-16 17:01 - 00000000 ____D C:\ProgramData\ASUS
2015-11-30 21:24 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-30 21:16 - 2015-06-16 17:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-30 21:03 - 2015-06-16 14:49 - 00003382 _____ C:\Windows\System32\Tasks\Update Checker
2015-11-30 21:03 - 2014-09-24 04:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-11-30 21:03 - 2014-09-24 04:20 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-11-30 20:56 - 2015-06-16 14:48 - 00002922 _____ C:\Windows\System32\Tasks\ATK Package A22126881260
2015-11-30 20:42 - 2014-09-24 02:14 - 00000000 ____D C:\Windows\Log
2015-11-30 20:39 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
 
==================== Files in the root of some directories =======
 
2015-11-30 20:42 - 2015-12-02 21:03 - 0000093 _____ () C:\Users\c\AppData\Roaming\sp_data.sys
2015-06-16 14:45 - 2015-06-16 14:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-24 04:20 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-09-24 04:20 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-09-24 04:20 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
C:\Users\c\AppData\Local\Temp\bassmod.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-01 11:29
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 AM

Posted 03 December 2015 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
note for me....
DNS Servers: Media is not connected to internet.
MpsSvc => Firewall Service is not running.


Remove this program in bold via Control Panel > Programs and Features applet.
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [WindowsMediaPlayerCtrl] => C:\Users\c\AppData\Roaming\Windows Media Player\WindowsMediaPlayerCtrl.exe
U0 msahci; system32\drivers\msahci.sys [X]
CustomCLSID: HKU\S-1-5-21-164665030-3040496297-2910328690-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
C:\Users\c\AppData\Local\Temp\bassmod.dll
C:\Users\c\AppData\Roaming\sp_data.sys
C:\ProgramData\DP45977C.lfl
C:\Users\c\AppData\Roaming\Windows Media Player

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problems persists.

#3 Dinnerplates

Dinnerplates
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 03 December 2015 - 02:47 PM

Hi, unfortunately Windows SmartScreen and Security Center Service won't stay enabled. Also, trying to change the firewall settings brings up an error message saying it cant change some of the setting with this error code: 0x80070422

Here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by c (2015-12-03 11:30:37) Run:1
Running from C:\Users\c\Desktop
Loaded Profiles: c (Available Profiles: c)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\...\Run: [WindowsMediaPlayerCtrl] => C:\Users\c\AppData\Roaming\Windows Media Player\WindowsMediaPlayerCtrl.exe
U0 msahci; system32\drivers\msahci.sys [X]
CustomCLSID: HKU\S-1-5-21-164665030-3040496297-2910328690-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
C:\Users\c\AppData\Local\Temp\bassmod.dll
C:\Users\c\AppData\Roaming\sp_data.sys
C:\ProgramData\DP45977C.lfl
C:\Users\c\AppData\Roaming\Windows Media Player
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-164665030-3040496297-2910328690-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsMediaPlayerCtrl => value removed successfully
msahci => service removed successfully
"HKU\S-1-5-21-164665030-3040496297-2910328690-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
C:\Users\c\AppData\Local\Temp\bassmod.dll => moved successfully
C:\Users\c\AppData\Roaming\sp_data.sys => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\c\AppData\Roaming\Windows Media Player => moved successfully
EmptyTemp: => 854.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:31:00 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 AM

Posted 04 December 2015 - 09:07 AM


You will find a possible fix Here. You also have Mcafee Firewall.

Execute the instructions by Shekhar S replied on November 3, 2009

http://answers.microsoft.com/en-us/windows/forum/windows_7-security/error-code-0x80070422-cant-turn-on-firewall/e5ee6823-98f8-4575-a254-00a038b17e34?auth=1

Restart the computer normally after the fix.
===

If that fails to solve the issue Download and run this tool.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#5 Dinnerplates

Dinnerplates
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 04 December 2015 - 03:16 PM

I ran the fix but the error code still persists.

FSS log:
 

Farbar Service Scanner Version: 10-06-2014
Ran by c (administrator) on 04-12-2015 at 12:08:37
Running from "C:\Users\c\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 AM

Posted 05 December 2015 - 09:51 AM

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}


McAfee is disabling Windows Defender.
That's normal.

===

Try the suggested fix on this Microsoft Page.

Error message: “Security Center service cannot be started”
https://support.microsoft.com/en-us/kb/2519899

There is an an easy fix section try it.

Keep me posted

p.s.
If that fails, disconnect from the internet.
Disable McAfee for a short time.

See if the issue gets solved.

#7 Dinnerplates

Dinnerplates
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 06 December 2015 - 04:09 PM

Hey, I tried both and still no change. I should mention that the mcafee firewall won't turn on either.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 AM

Posted 07 December 2015 - 08:58 AM

Download and run the McAfee Removal tool.

https://service.mcafee.com/webcenter/portal/cp/home/articleview;jsessionid=v118uqXc__y4dmj7tAYIATd3SRtTo57ktSmSjZWppuWQceeu6hn1!-330517066!1876282219?articleId=TS101331&_afrLoop=205804993610277#!%40%40%3F_afrLoop%3D205804993610277%26articleId%3DTS101331%26centerWidth%3D100%2525%26leftWidth%3D0%2525%26rightWidth%3D0%2525%26showFooter%3Dfalse%26showHeader%3Dfalse%26_adf.ctrl-state%3Dpk6kae8sj_4

Restart the computer normally.

Window defender should the be enabled.

If your computer is running well the close all application and Reinstall McAfee.

Keep me posted.

#9 Dinnerplates

Dinnerplates
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 08 December 2015 - 05:04 AM

Ah, yes. This fixed those problems. Thanks a lot! I think I'm going to switch antivirus programs though.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 AM

Posted 08 December 2015 - 10:46 AM

If you have reinstall the McAfee program make sure your run their uninstaller after installing a new program.

Keep in mind that the other program will possibly disable Windows Defender.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 AM

Posted 14 December 2015 - 10:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users