Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection causing McAfee to report the Firewall is turned On when it is OFF


  • This topic is locked This topic is locked
43 replies to this topic

#1 jackal100

jackal100

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 27 April 2016 - 06:10 AM

Hello good people at Bleeping Computer, I have been using your forums for many years and pride myself at being pretty savvy when it comes to removing infections. I have used your forums many times to assist me in removing malware from my machine. However, I have had to admit defeat with this one.

 

I believe I am infected with some kind of Rootkit, possibly Zero Access, however, I have multiple symptoms and none of the removal techniques are fixing the problem. 

 

Let me first list the symptoms:

 

1. The most concerning is that McAfee is reporting that the Firewall is turned on, but when I go into the McAfee control panel, McAfee is reporting that the Firewall is OFF and clicking the 'Turn On' button does nothing. Please see two attached screen shots.

2. Internet Explorer 10 will not play any videos, although I have downloaded Chrome and videos work fine in Chrome. When I try to upgrade to IE11, the upgrade fails each time.

3. I am running Windows Live Mail 2012 as my email client. Whenever I click on ANY links, the link do not work and the following error is displayed:- This file does not have a program associated with it for performing this action. Please see attached screen shot for full error message.

4. Adobe Flash player will not install. It reports a failure part way through the installation.

 

I am running Windows 7 Home Premium SP1 - 64 bit.

 

Hardware is Toshiba Satellite Pro, Intel Core i3-2330M CPU @ 2.20 GHz, 4GB Ram

 

I have tried multiple removal techniques (probably much to your distress) and none have worked. 

 

So I am now coming to you cap in hand for your help. Like I said I generally manage to remove Malware myself, but this one has me beaten.

 

I have followed your good work for many years, hopefully you can now help me with this specific issue.

 

I have attached the two FRST logs.

 

Look forward to hearing from you guys and hoping you can help. I think this is a good one that you will enjoy getting your teeth into!!

 

Cheers

 

Jack

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:53 PM

Posted 27 April 2016 - 07:11 AM

jackal100:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall.  I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal  Instructor.  This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic.  That could take a few days.  Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 jackal100

jackal100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 27 April 2016 - 07:27 AM

Hi Phil, looking forward to working with you on this one. More than happy for you to call me Jack, that is my name after all!!

 

I think this may take some time to resolve, as I'm only online in the evenings, but we can work through it together. I think this is going to be good learning for us both.

 

Look forward to hearing from you soon.

 

Cheers

 

Jack



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:53 PM

Posted 27 April 2016 - 07:38 AM

Jack:

 

Thank you for permission to address you by your first name.  I am starting to analyze your FRST logs now.  Once I have completed my analysis, then I must prepare a proposed response and have a Malware Response Instructor (MRI) assigned to your topic.  This is done for the protection of the user community here at Bleeping Computer since I am still in training.  This could take a day or two, possibly more, because the MRIs are very busy here and the numbers are limited.

 

I am looking forward to assisting you and learning along the way.  Thank you in advance for your patience.  Have a great day, Jack.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 jackal100

jackal100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 28 April 2016 - 07:35 AM

Hi Phil, just an update for you. I realised that I had forgotten to create a restore point before we start the infection removal process, so I attempted to create a restore point this evening, however, the system would not allow a restore point to be created.

 

Please see attached file showing a screen shot of the error message returned.

 

Hope this helps.

 

Cheers

 

Jack

Attached Files



#6 jackal100

jackal100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 29 April 2016 - 06:10 AM

Hi Phil, apologies for this, but I have been reviewing the Addition file that I attached on the original post and some how I managed to attach an older Addition file. I have re-run FRST utility and re-attached the two log files. The original FRST log was the correct attachment it was just the Addition log that was incorrect. I have reviewed both Addition logs and there is very little difference between them, but I thought I should highlight  this to you.

 

Cheers

 

Jack

Attached Files



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:53 PM

Posted 29 April 2016 - 09:35 AM

Jack:

 

Thank you for the most current FRST logs files.  It is really important that I have current logs to prepare the correct "fix", so I am grateful that you brought this to my attention. :thumbup2:

 

It will take me some time to analyze the new logs and then consult with the Malware Response Instructor assigned to your topic.

 

I hope to post back by tomorrow at the latest.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:53 PM

Posted 29 April 2016 - 02:49 PM

Jack:


Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

OK, let's get started ...


In going over your logs I noticed that you have Shareaza installed, a P2P program.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Shareaza, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.



:step1: Please copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Desktop.

NOTE. It's important that both files, FRST64.EXE and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste it into your reply.
 

CreateRestorePoint:
CloseProcesses:

Winlogon\Notify\AutorunsDisabled: 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-09-06] ()
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-915558737-1952816950-674033686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-915558737-1952816950-674033686-1001 -> {2A761B08-B50D-78A6-61D3-77467D469E61} URL = 
Toolbar: HKU\S-1-5-21-915558737-1952816950-674033686-1001 -> No Name - {75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 mfeavfk02; \Device\mfeavfk02.sys [X]
S3 MFE_RR; \??\C:\Users\Jack\AppData\Local\Temp\mfe_rr.sys [X]
S0 ntcdrdrv; system32\DRIVERS\ntcdrdrv.sys [X]
C:\ProgramData\bnerhjwjw.ctrl
C:\ProgramData\bnerhjwjw.pff
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Public\autoruns.exe
C:\Users\Public\Malware Bytes.exe
C:\Program Files (x86)\Google\Desktop\Install
Task: {1783A3B6-5B28-48F4-AF83-B781C7F720C3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1BBAAD40-301D-4A06-A8CF-6A01D2889A9C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {29739869-1B39-4D29-9D18-DB686EA7B70F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {342CE569-2769-440F-90F1-21175F6D5439} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {467FEF56-E2C8-4AE5-9415-4501338708A2} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {6BF7EA13-A520-44AD-967A-8105FC65DC7F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {97DFECFF-5B77-4B3D-B2E8-51E72563BAE1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B8A77808-3365-4705-ABA2-21F66CD77C54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C7B04129-98E1-484A-AD9D-F08C8EEC44C7} - System32\Tasks\{3CC4C4CB-A37F-4ACD-AA51-9D2B1DCD382F} => pcalua.exe -a C:\ProgramData\SafeWeb\uninstall.exe -c /kb=y /ic=1
Task: {EF23F7AB-A74B-4505-9A1D-D4ED3CB81E69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FF18428F-A7AA-49EB-83BE-43CA3B32A8F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

EmptyTemp:


Your latest FRST "Addition.txt" file shows that McAfee Anti-Virus and McAfee Firewall are enabled. Windows Defender is also enabled. You should disable that to prevent conflicts. See this link for the reasons why you should only have one anti-virus running.

Also I noted that you Spybot Search and Destroy installed on your computer and it is showing as "disabled" and "out of date." You should uninstall that program.

I also see that your computer has GeekBuddyRSP listed as a service. Do you want to keep it?

You also have a faulty device: ElRawDisk. Do you use that or do any of your programs use it? You should check the "Addition.txt" file, which has more information about the device and determine what you want to do.

There are also Restore Point errors showing up in the "Addition.txt" file.

As you can see, there are some issues with your computer. This is but the first step to try to improve its health.

Please copy and paste the fixlog.txt into your next reply.
 
 
 
:step2: Please reboot your computer. Please run a new FRST scan. Please ENSURE that "Addition.txt" is checked as well. It is only checked, by default, the first time that FRST is run.

Please copy and paste the fresh copies of both logs "FRST.txt" and "Addition.txt" into a reply. I would also appreciate answers to my questions above.


Thank you and have a great day, Jack.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 jackal100

jackal100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 29 April 2016 - 05:46 PM

Hi Phil, thanks for the quick response and again apologies for incorrectly attaching the first Addition log. I though this would be an issue, hence my response.

 

So I have executed all the actions required above, but first I will answer all your questions:-

 

1. I have removed Shareaza, this is a legacy program that I have not used for many years.

2. Spybot SD has been removed from my system.

3. With regards to GeekBuddyRSP, I was not aware that this was on my system and I would certainly want to remove it, as I have not knowingly installed this. Please assist me in removing this service from my system. I could not see it in my Control Panel Programs list, however, I suspect if it is running as a service it would not come up here. Could you direct me how to remove this.

4. With regards to the ELRawDisk, I am not sure what this is or how to repair it. I have looked through my Device Manager and cannot see this device listed anywhere. Your assistance in rectifying this issue would be appreciated. I am running a laptop with no additional hardware devices installed to my knowledge.

5. I am aware of the Restore Point issue, as per my previous post, I attempted to create a restore point before starting this process but the restore process failed. If we could get this working as a priority allowing me to create a restore point, that would be good.

 

Please see all logs generated for this post below:-

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jack (2016-04-30 07:50:54) Run:1
Running from C:\Users\Jack\Desktop
Loaded Profiles: Jack (Available Profiles: Jack)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
 
Winlogon\Notify\AutorunsDisabled: 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013-09-06] ()
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-915558737-1952816950-674033686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-915558737-1952816950-674033686-1001 -> {2A761B08-B50D-78A6-61D3-77467D469E61} URL = 
Toolbar: HKU\S-1-5-21-915558737-1952816950-674033686-1001 -> No Name - {75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 mfeavfk02; \Device\mfeavfk02.sys [X]
S3 MFE_RR; \??\C:\Users\Jack\AppData\Local\Temp\mfe_rr.sys [X]
S0 ntcdrdrv; system32\DRIVERS\ntcdrdrv.sys [X]
C:\ProgramData\bnerhjwjw.ctrl
C:\ProgramData\bnerhjwjw.pff
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Public\autoruns.exe
C:\Users\Public\Malware Bytes.exe
C:\Program Files (x86)\Google\Desktop\Install
Task: {1783A3B6-5B28-48F4-AF83-B781C7F720C3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1BBAAD40-301D-4A06-A8CF-6A01D2889A9C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {29739869-1B39-4D29-9D18-DB686EA7B70F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {342CE569-2769-440F-90F1-21175F6D5439} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {467FEF56-E2C8-4AE5-9415-4501338708A2} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {6BF7EA13-A520-44AD-967A-8105FC65DC7F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {97DFECFF-5B77-4B3D-B2E8-51E72563BAE1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B8A77808-3365-4705-ABA2-21F66CD77C54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C7B04129-98E1-484A-AD9D-F08C8EEC44C7} - System32\Tasks\{3CC4C4CB-A37F-4ACD-AA51-9D2B1DCD382F} => pcalua.exe -a C:\ProgramData\SafeWeb\uninstall.exe -c /kb=y /ic=1
Task: {EF23F7AB-A74B-4505-9A1D-D4ED3CB81E69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FF18428F-A7AA-49EB-83BE-43CA3B32A8F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => moved successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-915558737-1952816950-674033686-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-915558737-1952816950-674033686-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A761B08-B50D-78A6-61D3-77467D469E61}" => key removed successfully
HKCR\CLSID\{2A761B08-B50D-78A6-61D3-77467D469E61} => key not found. 
HKU\S-1-5-21-915558737-1952816950-674033686-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} => value removed successfully
HKCR\CLSID\{75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
catchme => service removed successfully
dgderdrv => service removed successfully
ElRawDisk => service removed successfully
ew_hwusbdev => service removed successfully
ew_usbenumfilter => service removed successfully
huawei_cdcacm => service removed successfully
huawei_enumerator => service removed successfully
huawei_ext_ctrl => service removed successfully
huawei_wwanecm => service removed successfully
mfeavfk01 => service removed successfully
mfeavfk02 => service removed successfully
MFE_RR => service removed successfully
ntcdrdrv => service removed successfully
C:\ProgramData\bnerhjwjw.ctrl => moved successfully
C:\ProgramData\bnerhjwjw.pff => moved successfully
C:\Program Files (x86)\Google\Desktop\Install => moved successfully
C:\Users\Public\autoruns.exe => moved successfully
C:\Users\Public\Malware Bytes.exe => moved successfully
"C:\Program Files (x86)\Google\Desktop\Install" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1783A3B6-5B28-48F4-AF83-B781C7F720C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1783A3B6-5B28-48F4-AF83-B781C7F720C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BBAAD40-301D-4A06-A8CF-6A01D2889A9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BBAAD40-301D-4A06-A8CF-6A01D2889A9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29739869-1B39-4D29-9D18-DB686EA7B70F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29739869-1B39-4D29-9D18-DB686EA7B70F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{342CE569-2769-440F-90F1-21175F6D5439}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{342CE569-2769-440F-90F1-21175F6D5439}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{467FEF56-E2C8-4AE5-9415-4501338708A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{467FEF56-E2C8-4AE5-9415-4501338708A2}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6BF7EA13-A520-44AD-967A-8105FC65DC7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BF7EA13-A520-44AD-967A-8105FC65DC7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97DFECFF-5B77-4B3D-B2E8-51E72563BAE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97DFECFF-5B77-4B3D-B2E8-51E72563BAE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8A77808-3365-4705-ABA2-21F66CD77C54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8A77808-3365-4705-ABA2-21F66CD77C54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7B04129-98E1-484A-AD9D-F08C8EEC44C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7B04129-98E1-484A-AD9D-F08C8EEC44C7}" => key removed successfully
C:\Windows\System32\Tasks\{3CC4C4CB-A37F-4ACD-AA51-9D2B1DCD382F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CC4C4CB-A37F-4ACD-AA51-9D2B1DCD382F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF23F7AB-A74B-4505-9A1D-D4ED3CB81E69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF23F7AB-A74B-4505-9A1D-D4ED3CB81E69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF18428F-A7AA-49EB-83BE-43CA3B32A8F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF18428F-A7AA-49EB-83BE-43CA3B32A8F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
EmptyTemp: => 710.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 07:52:49 ====
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Jack (administrator) on LAPTOP (30-04-2016 08:12:48)
Running from C:\Users\Jack\Desktop
Loaded Profiles: Jack (Available Profiles: Jack)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-04-30] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-08-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14
Tcpip\..\Interfaces\{24CB7F95-E4C9-45CF-A8F5-58C6A5CA0244}: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-915558737-1952816950-674033686-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-915558737-1952816950-674033686-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-915558737-1952816950-674033686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
SearchScopes: HKLM-x32 -> {27B99341-413B-4A5F-6E3F-14E6506F5AF2} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-915558737-1952816950-674033686-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-25] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-915558737-1952816950-674033686-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-04-26]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-04-17] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.au/"
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B211GB105D20131010&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-17]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-17]
CHR Extension: (SiteAdvisor) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-04-26]
CHR Extension: (Google Docs Offline) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-26]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-12-22] (Comodo Security Solutions, Inc.)
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-12-08] (Comodo Security Solutions, Inc.)
S4 GSService; C:\Windows\SysWOW64\GSService.exe [443080 2013-12-16] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
S4 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)
R2 wlidsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-28] (Microsoft Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
S3 DrmCAudio; C:\Windows\System32\drivers\DrmCAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ISpeakVA; C:\Windows\System32\drivers\wav_mixer.sys [35592 2014-05-09] ()
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [84824 2016-03-16] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-03] (Apple Inc.) [File not signed]
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [138304 2011-12-14] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [14912 2011-12-14] (SMSC)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-30 08:12 - 2016-04-30 08:13 - 00019496 _____ C:\Users\Jack\Desktop\FRST.txt
2016-04-28 22:09 - 2016-04-28 22:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{704659B4-26DA-4D3B-8ADA-4FCEBC37950E}
2016-04-28 20:27 - 2016-04-28 20:27 - 00018753 _____ C:\Users\Jack\Downloads\Addition (2).txt
2016-04-28 20:14 - 2016-04-28 20:14 - 00018753 _____ C:\Users\Jack\Downloads\Addition (1).txt
2016-04-28 20:13 - 2016-04-28 20:13 - 00012451 _____ C:\Users\Jack\Downloads\FRST.txt
2016-04-28 20:11 - 2016-04-28 20:11 - 00014101 _____ C:\Users\Jack\Downloads\Addition.txt
2016-04-27 21:58 - 2016-04-29 22:37 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-04-27 20:30 - 2016-04-30 08:05 - 00000000 ____D C:\Users\Jack\Desktop\Repair
2016-04-27 19:45 - 2016-04-27 19:45 - 00977920 _____ C:\Users\Jack\Downloads\MicrosoftFixit50194 (1).msi
2016-04-27 19:44 - 2016-04-27 19:45 - 00977920 _____ C:\Users\Jack\Downloads\MicrosoftFixit50194.msi
2016-04-27 19:15 - 2016-04-27 19:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{A4A5DE2C-852C-49D3-8CF9-5035AF74B9AA}
2016-04-26 21:07 - 2016-04-26 21:07 - 00000000 ____D C:\Users\Jack\AppData\Local\{0CE79E21-4ECF-4E05-858C-77FA516389DB}
2016-04-26 20:35 - 2016-04-30 06:17 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-21 19:23 - 2016-04-21 19:23 - 00024853 _____ C:\ComboFix.txt
2016-04-21 19:02 - 2016-04-21 19:02 - 00000000 ____D C:\Users\Jack\AppData\Local\{DEBC3D0F-DBA9-48DC-B5A2-A6D558950603}
2016-04-21 11:11 - 2016-04-21 11:11 - 00001420 _____ C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 14:29 - 2016-03-16 14:56 - 00084824 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2016-04-17 10:25 - 2016-04-17 10:25 - 00000579 _____ C:\Users\Jack\Documents\IE feeds 17_04_16.opml
2016-04-17 09:23 - 2016-04-17 09:23 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 09:23 - 2016-04-17 09:23 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 09:10 - 2016-04-17 09:10 - 06871040 _____ C:\Program Files (x86)\GUT67F7.tmp
2016-04-17 09:10 - 2016-04-17 09:10 - 00000000 ____D C:\Program Files (x86)\GUM67F6.tmp
2016-04-16 11:05 - 2016-03-17 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-16 11:05 - 2016-03-17 04:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-16 11:05 - 2016-03-17 04:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-16 11:04 - 2016-04-05 04:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-16 11:04 - 2016-04-05 04:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-16 11:04 - 2016-04-02 23:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-16 11:04 - 2016-03-30 03:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-16 11:04 - 2016-03-24 00:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-16 11:04 - 2016-03-18 09:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-16 11:04 - 2016-03-18 09:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-16 11:04 - 2016-03-18 09:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-16 11:04 - 2016-03-18 09:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-16 11:04 - 2016-03-18 09:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-16 11:04 - 2016-03-18 09:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-16 11:04 - 2016-03-18 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-16 11:04 - 2016-03-18 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-16 11:04 - 2016-03-18 08:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-16 11:04 - 2016-03-18 08:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-16 11:04 - 2016-03-18 08:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-16 11:04 - 2016-03-18 08:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-16 11:04 - 2016-03-18 08:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-16 11:04 - 2016-03-18 08:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-16 11:04 - 2016-03-18 08:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-16 11:04 - 2016-03-18 08:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-16 11:04 - 2016-03-18 08:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-16 11:04 - 2016-03-18 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-16 11:04 - 2016-03-18 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-16 11:04 - 2016-03-18 08:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-16 11:04 - 2016-03-18 08:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-16 11:04 - 2016-03-18 08:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-16 11:04 - 2016-03-18 08:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-16 11:04 - 2016-03-18 08:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-16 11:04 - 2016-03-18 08:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-16 11:04 - 2016-03-18 08:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-16 11:04 - 2016-03-18 08:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-16 11:04 - 2016-03-18 08:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-16 11:04 - 2016-03-18 08:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-16 11:04 - 2016-03-18 08:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-16 11:04 - 2016-03-18 08:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-16 11:04 - 2016-03-18 08:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-16 11:04 - 2016-03-18 08:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-16 11:04 - 2016-03-18 08:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-16 11:04 - 2016-03-18 08:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-16 11:04 - 2016-03-18 08:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-16 11:04 - 2016-03-18 08:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-16 11:04 - 2016-03-18 08:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-16 11:04 - 2016-03-18 08:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-16 11:04 - 2016-03-18 08:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-16 11:04 - 2016-03-18 08:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-16 11:04 - 2016-03-18 08:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-16 11:04 - 2016-03-18 08:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 07:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-16 11:04 - 2016-03-18 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-16 11:04 - 2016-03-18 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-16 11:04 - 2016-03-18 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-16 11:04 - 2016-03-18 07:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-16 11:04 - 2016-03-18 07:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-16 11:04 - 2016-03-18 07:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-16 11:04 - 2016-03-18 07:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-16 11:04 - 2016-03-18 07:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-16 11:04 - 2016-03-18 07:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-16 11:04 - 2016-03-18 07:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-16 11:04 - 2016-03-18 07:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-16 11:04 - 2016-03-18 07:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-16 11:04 - 2016-03-18 07:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-16 11:04 - 2016-03-18 07:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-16 11:04 - 2016-03-18 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-16 11:04 - 2016-03-18 07:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-16 11:04 - 2016-03-18 07:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 07:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 07:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 07:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-16 11:04 - 2016-03-18 04:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-16 11:04 - 2016-03-18 04:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-16 11:04 - 2016-03-18 04:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-16 11:04 - 2016-03-18 04:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-16 11:04 - 2016-03-16 10:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-16 11:04 - 2016-03-16 10:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-16 11:04 - 2016-03-16 09:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-16 11:04 - 2016-03-07 04:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-16 11:04 - 2016-03-07 04:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-16 11:04 - 2016-03-07 04:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-16 11:04 - 2016-03-07 04:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-16 11:04 - 2016-02-06 04:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-16 11:04 - 2016-02-06 04:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-16 11:04 - 2016-02-06 03:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-16 11:04 - 2016-02-03 04:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-16 11:04 - 2016-01-21 10:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-16 11:04 - 2015-06-04 06:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-16 11:03 - 2016-03-12 04:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-16 11:03 - 2016-03-12 04:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-08 22:21 - 2016-04-08 22:21 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 22:21 - 2016-04-08 22:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 22:01 - 2016-04-08 22:01 - 01173184 _____ (Adobe Systems Incorporated) C:\Users\Jack\Desktop\uninstall_flash_player.exe
2016-04-06 22:27 - 2016-04-06 22:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{7323943F-B272-433E-9413-2504720DE614}
2016-04-05 20:46 - 2016-04-18 22:28 - 00000134 _____ C:\Users\Jack\Desktop\Internet Explorer Troubleshooting.url
2016-04-05 19:54 - 2016-04-05 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-04 21:33 - 2016-04-04 21:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{50388FBB-6732-4739-A67C-C67F3D36F32E}
2016-04-03 21:25 - 2016-04-03 21:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{DF8447CE-011F-4675-AA1A-D8450CBD0D5A}
2016-04-03 21:05 - 2016-04-26 21:01 - 00000000 ____D C:\Users\Jack\.oracle_jre_usage
2016-04-03 21:05 - 2016-04-03 21:05 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Sun
2016-04-02 22:06 - 2016-04-15 21:15 - 00000865 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-04-02 22:06 - 2016-04-15 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-02 22:06 - 2016-04-15 21:15 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-02 20:20 - 2016-04-30 08:12 - 00000000 ____D C:\FRST
2016-04-02 20:20 - 2016-04-02 20:20 - 02374144 _____ (Farbar) C:\Users\Jack\Desktop\FRST64.exe
2016-04-02 12:35 - 2016-04-02 12:35 - 00000000 ____D C:\Users\Jack\Documents\ProcAlyzer Dumps
2016-04-02 12:33 - 2016-03-20 12:16 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20160402-133355.backup
2016-04-02 11:58 - 2016-04-02 11:58 - 00380928 _____ C:\Users\Jack\Desktop\GMER1.exe
2016-04-02 11:57 - 2016-04-21 19:01 - 05660069 ____R (Swearware) C:\Users\Jack\Desktop\ComboFix1.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-30 08:12 - 2009-07-14 14:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-30 08:12 - 2009-07-14 14:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-30 08:10 - 2009-07-14 15:13 - 00006300 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-30 08:04 - 2016-03-22 20:42 - 00000000 __RSD C:\Users\Jack\Documents\McAfee Vaults
2016-04-30 08:03 - 2012-05-30 03:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-30 08:03 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-30 07:52 - 2012-05-26 17:24 - 00000000 ____D C:\Users\Jack\AppData\LocalLow\Temp
2016-04-30 07:44 - 2013-04-27 19:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-30 07:42 - 2012-05-30 03:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-30 07:39 - 2012-09-08 21:09 - 00000000 ___RD C:\Users\Jack\Documents\Shareaza Downloads
2016-04-29 23:11 - 2012-07-22 19:27 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC796474-8B2C-438D-91EC-99AB37ED9D22}
2016-04-27 21:59 - 2016-03-24 02:54 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-04-26 22:27 - 2011-08-26 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-04-26 22:27 - 2011-08-26 20:25 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-04-26 22:26 - 2011-08-26 20:25 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-04-26 21:02 - 2011-08-26 19:55 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-26 21:01 - 2015-05-30 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-26 21:00 - 2015-05-30 14:22 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-21 21:19 - 2014-09-30 22:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-21 21:16 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\IME
2016-04-21 19:23 - 2015-07-05 09:00 - 00000000 ____D C:\Qoobox
2016-04-21 19:16 - 2009-07-14 12:34 - 00000215 _____ C:\Windows\system.ini
2016-04-21 15:05 - 2010-11-21 13:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 12:42 - 2015-03-08 16:26 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-19 22:08 - 2013-03-11 20:57 - 00000000 ____D C:\ProgramData\LexmarkUpdate
2016-04-18 23:30 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2016-04-18 22:10 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-18 22:10 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf
2016-04-17 22:00 - 2012-05-26 08:34 - 00000425 _____ C:\Users\Jack\Desktop\Explorer.lnk
2016-04-17 14:29 - 2012-05-26 05:30 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-17 13:10 - 2012-05-26 02:04 - 00000000 ____D C:\Users\Jack\AppData\Local\Google
2016-04-17 12:13 - 2014-12-30 17:33 - 02796202 _____ C:\Windows\ntbtlog.txt
2016-04-17 10:25 - 2012-05-31 05:39 - 00000000 ____D C:\Users\Jack\Documents\Internet Downloads
2016-04-17 09:23 - 2014-11-27 22:16 - 00000000 ____D C:\Users\Jack\AppData\Local\Deployment
2016-04-17 09:14 - 2009-07-14 14:45 - 00363464 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-17 09:11 - 2014-12-11 02:25 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-17 09:10 - 2011-08-26 20:31 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-17 09:09 - 2014-11-27 22:16 - 00000000 ____D C:\Users\Jack\AppData\Local\Apps\2.0
2016-04-17 08:59 - 2013-08-15 03:02 - 00000000 ____D C:\Windows\system32\MRT
2016-04-17 08:55 - 2015-04-21 22:07 - 00000000 ____D C:\Users\Jack\AppData\Local\CrashDumps
2016-04-17 08:53 - 2015-08-15 08:20 - 00056320 _____ C:\Users\Jack\Desktop\Ben's Basketball Results.xls
2016-04-17 08:50 - 2012-05-29 05:46 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-17 08:37 - 2012-05-26 01:56 - 00000000 ____D C:\Users\Jack
2016-04-15 20:56 - 2011-08-26 20:17 - 00000000 ____D C:\ProgramData\McAfee
2016-04-15 20:54 - 2016-03-19 13:58 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-04-08 22:21 - 2012-05-26 02:03 - 00000000 ____D C:\Users\Jack\AppData\Local\Adobe
2016-04-08 22:17 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-07 20:18 - 2011-08-26 20:32 - 00000000 ____D C:\Program Files\Google
2016-04-07 20:18 - 2011-08-26 20:31 - 00000000 ____D C:\ProgramData\Google
2016-04-06 22:37 - 2011-10-21 11:35 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-06 22:36 - 2011-10-21 11:38 - 00000000 ____D C:\Intel
2016-04-06 22:33 - 2015-09-12 17:00 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-04-06 22:33 - 2012-05-26 03:52 - 00000000 ____D C:\Users\Jack\AppData\LocalLow\Adobe
2016-04-06 21:43 - 2012-05-26 18:39 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Skype
2016-04-05 20:53 - 2012-05-29 06:35 - 00000000 ____D C:\Users\Jack\AppData\Local\ElevatedDiagnostics
2016-04-05 19:54 - 2014-03-16 07:38 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-05 19:54 - 2014-03-16 07:38 - 00000000 ____D C:\Users\Jack\AppData\Local\Skype
2016-04-05 19:54 - 2011-08-26 20:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-05 19:54 - 2011-08-26 20:12 - 00000000 ____D C:\ProgramData\Skype
2016-04-04 22:11 - 2009-07-14 15:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-03 08:00 - 2015-09-07 22:03 - 00000000 ____D C:\Users\Jack\Desktop\mbar
2016-04-03 08:00 - 2015-03-08 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-02 23:14 - 2014-09-30 22:40 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-02 20:27 - 2015-03-08 16:26 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-02 16:34 - 2014-09-30 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-02 16:34 - 2014-09-30 22:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-02 16:34 - 2012-06-11 06:46 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
==================== Files in the root of some directories =======
 
2016-04-17 09:10 - 2016-04-17 09:10 - 6871040 _____ () C:\Program Files (x86)\GUT67F7.tmp
2012-05-31 05:14 - 2012-05-31 05:14 - 0000236 _____ () C:\Users\Jack\AppData\Local\LaunchHomeCenter.log
2013-05-17 22:12 - 2013-05-17 22:12 - 0007597 _____ () C:\Users\Jack\AppData\Local\Resmon.ResmonCfg
2013-03-11 21:40 - 2013-09-01 21:09 - 0012748 _____ () C:\ProgramData\LMADIscan.log
2014-11-27 22:20 - 2014-11-27 22:20 - 0000181 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-28 00:56
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jack (2016-04-30 08:13:53)
Running from C:\Users\Jack\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-25 15:56:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-915558737-1952816950-674033686-500 - Administrator - Disabled)
Guest (S-1-5-21-915558737-1952816950-674033686-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-915558737-1952816950-674033686-1004 - Limited - Enabled)
Jack (S-1-5-21-915558737-1952816950-674033686-1001 - Administrator - Enabled) => C:\Users\Jack
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Donkey Kong Classics (HKLM-x32\...\Donkey Kong Classics_is1) (Version:  - DotNes)
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Garmin Express (HKLM-x32\...\{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}) (Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM-x32\...\{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}) (Version: 2.7.1 - Garmin Ltd or its subsidiaries)
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark Pro710 Series Uninstaller (HKLM\...\Lexmark Pro710 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\MyFreeCodec) (Version:  - )
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.32 - Remo Software)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
RonyaSoft CD DVD Label Maker 3.01 (HKLM-x32\...\RonyaSoft CD DVD Label Maker) (Version: 3.01 - RonyaSoft)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SMSC Core Graphics Software (HKLM\...\{98423918-9CF7-408D-8D5C-EC38E282A49B}) (Version: 2.8.40.7443 - SMSC)
SolidWorks eDrawings 2012 (HKLM-x32\...\{F6FB7A4E-3306-4E06-8B29-CA8EB19BC90B}) (Version: 12.4.108 - Dassault Systèmes SolidWorks Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
Unity Web Player (HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WMP12 maximize fix 1.0 (HKLM-x32\...\{C91779A3-FA57-49EE-9E9A-5409FB33270A}_is1) (Version:  - Dead:Code)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-915558737-1952816950-674033686-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02E100D2-1F7C-4E56-8E8D-8B426CBC69E7} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {21FCC6A5-3E7E-4A4F-86D6-09E25889DBAA} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {465050DF-0831-479A-910F-046931EDA5F7} - System32\Tasks\{88D2CBC6-5748-4353-A8A6-EDB0D3EB6F6C} => pcalua.exe -a C:\Users\Jack\Desktop\setup2.exe -d C:\Users\Jack\Desktop
Task: {549D0B37-7CE4-49C0-8969-EA42E6081FCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {54D21A0F-17CA-49CE-B43A-E1EB5545739F} - System32\Tasks\{DAA5BC3E-1792-4D6E-90B1-83504406BCC2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsProgressBar
Task: {5A15C5DF-1C96-46EF-85E2-1F4E7C31EECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {636588DE-0A63-4F05-B263-D73B7520EA44} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {677F2E83-6512-4DB1-B6E4-091DCFC76BDD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {8622B908-5EFC-40B5-84AC-FAB6F37BDBBF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {8CC3747F-8DD0-4210-9720-A0F2020758CF} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {A7381273-FA54-44DC-AFEE-9A60D0180D94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C080C528-3C63-43AF-88F0-1D6318452E3B} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-05-30 08:58 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-04-05 03:18 - 2011-04-05 03:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-17 09:23 - 2016-04-13 18:37 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libglesv2.dll
2016-04-17 09:23 - 2016-04-13 18:36 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\config:! [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\11671779.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33770753.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\11671779.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33770753.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7849 more sites.
 
IE trusted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\microsoft.com -> hxxp://support.microsoft.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-915558737-1952816950-674033686-1001\...\123simsen.com -> www.123simsen.com
 
There are 7885 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2016-03-20 12:16 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-915558737-1952816950-674033686-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 198.142.0.51 - 211.29.132.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: GSService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAPExe => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SGFXMgr => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{70A29DF0-3A9F-45FA-93BC-DEC6B2D593FC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{11068735-08D2-4B77-93E1-1EE0679DEFA5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{215499AE-BDBB-42C0-BF86-1589EE864943}] => (Allow) LPort=2869
FirewallRules: [{A5B01C78-310A-4DE1-854B-9747C4F60839}] => (Allow) LPort=1900
FirewallRules: [{71BA43D5-3DF7-4F06-8EEB-DAB652C2895F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0E6626B1-D122-4C3C-9ACE-FDDBFD3B911F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{058399DE-19D0-4DB3-9E88-8E080B00284C}] => (Allow) C:\Windows\system32\lmadi_32coms.exe
FirewallRules: [{C8A992C8-2D27-4401-A41F-37A378B188A0}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe
FirewallRules: [{16E54ACD-BFF9-4130-9616-087C5FFEDC4D}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe
FirewallRules: [{96A3AA96-2EFE-4B95-BD36-71A033B1E22A}] => (Allow) C:\Users\Jack\AppData\Local\Temp\nsm8CD6.tmp\CnetInstaller-76168651.exe
FirewallRules: [{C0F6A64B-7387-4F1E-A2B5-AA564B76210E}] => (Allow) C:\Users\Jack\AppData\Local\Temp\nsm8CD6.tmp\CnetInstaller-76168651.exe
FirewallRules: [{F7CE11BB-3F15-494C-B4A1-17F05AFA91C9}] => (Allow) C:\Users\Jack\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{10B42F62-E2D8-47F8-9962-86F5C5E55123}] => (Allow) C:\Users\Jack\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{AB45EBEC-7292-4326-9876-57121B29814C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DAF8ED6B-5C17-4226-8127-D98D7CFD44EF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{95D77220-011D-49F6-80F3-8589CBC27F5E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{556ABF23-57ED-499D-B84F-A98D5CF8FC1D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{750A7759-F256-4DEB-8DFA-E31343465426}] => (Allow) C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZG63P91\ProductDetection.exe
FirewallRules: [{171719A5-C9D5-45FB-9D70-99C8CBCD49BD}] => (Allow) C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZG63P91\ProductDetection.exe
FirewallRules: [{F9F80BA8-BC18-4ADF-8015-B31773AB3E5F}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{CEC0A3A9-CA49-43B8-B3B9-B0FF9E360614}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{DDC29313-83F0-48DE-B4A8-3521A62A15A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/30/2016 08:11:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.3.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 118c
 
Start Time: 01d1a263c149c350
 
Termination Time: 6
 
Application Path: C:\Users\Jack\Desktop\FRST64.exe
 
Report Id: 3881bd2d-0e57-11e6-af76-b870f4d5ded1
 
Error: (04/30/2016 08:09:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (04/30/2016 08:09:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (04/30/2016 07:52:19 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000164,0x00560034,000000000030AFD0,0,00000000002CEC70,4096,[0]).
 
 
Operation:
   Processing PostFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (04/30/2016 07:50:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2a8ae32c-b0be-412c-aaae-23697dada2df}
 
Error: (04/30/2016 05:31:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WinDefend, version: 6.1.7601.17568, time stamp: 0x4d6c7db2
Faulting module name: mpengine.dll, version: 1.1.12706.0, time stamp: 0x5716d660
Exception code: 0xc0000005
Fault offset: 0x000000000008a837
Faulting process id: 0x854
Faulting application start time: 0xsvchost.exe_WinDefend0
Faulting application path: svchost.exe_WinDefend1
Faulting module path: svchost.exe_WinDefend2
Report Id: svchost.exe_WinDefend3
 
Error: (04/30/2016 12:00:44 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80042308).
 
Error: (04/30/2016 12:00:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308).
 
Error: (04/29/2016 09:19:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (04/29/2016 08:32:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.3.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1fc
 
Start Time: 01d1a20207583409
 
Termination Time: 3
 
Application Path: C:\Users\Jack\Desktop\FRST64.exe
 
Report Id: 9675ee2b-0df5-11e6-b1bb-b870f4d5ded1
 
 
System errors:
=============
Error: (04/30/2016 07:52:20 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/30/2016 07:52:18 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (04/30/2016 07:51:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/30/2016 07:51:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/30/2016 07:51:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/30/2016 07:51:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/30/2016 07:51:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/30/2016 07:51:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/30/2016 07:51:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/30/2016 07:45:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ElRawDisk
ntcdrdrv
 
 
CodeIntegrity:
===================================
  Date: 2016-03-20 13:15:51.521
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-20 13:15:51.334
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-20 13:15:51.163
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-20 13:15:50.991
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-07-05 09:49:45.603
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-07-05 09:49:45.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-07-05 09:49:45.384
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-07-05 09:49:45.275
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-08 19:17:48.542
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-08 19:17:48.464
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 4003.76 MB
Available physical RAM: 2288.59 MB
Total Virtual: 8005.71 MB
Available Virtual: 6099.83 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:465.37 GB) (Free:239.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FBC500C1)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
OK hopefully this will help you with the next stages of the removal process.
 
I know my computer has some serious issues. . . . . . . .I told you this would be an interesting one for us both didn't I!. I'm confident if we keep going with your help it will get sorted.
 
Thanks for all your help so far.
 
Look forward to your next post.
 
Cheers
 
Jack


#10 jackal100

jackal100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 29 April 2016 - 06:07 PM

Hi Phil, good news, I have just attempted to create a restore point and this time a restore point was successfully created, so we must be getting somewhere with this fix.

 

None of the other symptoms appear to have been fixed, but the restore point is a great start.

 

Cheers

 

Jack



#11 jackal100

jackal100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 29 April 2016 - 06:30 PM

Hi Phil, looks like I got too excited too soon. I just rebooted my laptop and went back to check the restore point. To my dismay, the restore point I had successfully created had been deleted and when I tried to create a new restore point, we are back to the failure message received earlier and a failure to create a restore point.

 

This is a little disappointing, but I thought I'd give you this information as it may help your diagnosis.

 

Cheers

 

Jack

 

:(



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:53 PM

Posted 01 May 2016 - 11:27 AM

Jack:

Thank you for your posts and your logs.
 

3. With regards to GeekBuddyRSP, I was not aware that this was on my system and I would certainly want to remove it, as I have not knowingly installed this. Please assist me in removing this service from my system. I could not see it in my Control Panel Programs list, however, I suspect if it is running as a service it would not come up here. Could you direct me how to remove this.

I will remove this for you with the fixlist.txt file below in the code box.

 

4. With regards to the ELRawDisk, I am not sure what this is or how to repair it. I have looked through my Device Manager and cannot see this device listed anywhere. Your assistance in rectifying this issue would be appreciated. I am running a laptop with no additional hardware devices installed to my knowledge.

I removed that for you with my previous fix. This is the line from the Fixlog.txt file, showing it as removed: EIRawDisk => service removed successfully

 

5. I am aware of the Restore Point issue, as per my previous post, I attempted to create a restore point before starting this process but the restore process failed. If we could get this working as a priority allowing me to create a restore point, that would be good.

Please check your the Restore Point settings in the Control Panel, System and Security, System, System Protection. Please ensure that System Restore Points are turned on for your drive, and press the "Configure" button to ensure that adequate space has been allocated for system restore points.

If you have already done that, and all is good there, then we should check the integrity of the Windows 7 OS files. See :step2: below.




:step1: Please copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste it into your reply.
 

CloseProcesses:

S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-12-08] (Comodo Security Solutions, Inc.)
C:\Program Files (x86)\Common Files\COMODO

:step2: Click the Windows Start button. In the search box, enter "cmd.exe". When it appears at the top of list, right click "cmd.exe" and select "Run as Administrator". Next, type sfc /scannow and press Enter. Note that there is a space between "sfc" and "/scannow". Let the scan run. It should take about 20 minutes to an hour. When it completes, please tell me whether it found and fixed, or didn't fix, or didn't find, any "resource integrity violations."

 

:step3:  Please provide details of any remaining outstanding issues with your computer.  

 

Thank you, Jack. Have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 jackal100

jackal100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 01 May 2016 - 10:33 PM

Hi Phil, thanks for responding over the weekend, its much appreciated.

 

I have followed all your instructions, however there is no change to my computer, all original symptoms continue to persist. Please see actions detailed below.

 

OK, here are the following actions I have taken:-

 

1. I have ran the fix list and this appears to have removed the Geek Buddy service. Note: I have not re-ran the FRST scan utility, if you would like me to do so, please let me know.

 

2. With regards to System Restore, I checked the configuration and the max usage was set to 1% (5GB), I increased this to 20% (93GB) and this allowed me to successfully create a restore point, however, as soon as I rebooted, this restore point was deleted and further attempts to create a restore point would fail and return the same error message as previous. Error message attached. Filename: System Restore Error 2nd. something is definitely wrong here, as I am able to create a restore point (sometimes) but a reboot will always delete this restore point.

 

3. I performed a scan with SFC, however it did not find any integrity violations. Please see attached screen shot of the CMD window. Filename: SFC Scan Results.

 

With the Internet Explorer fault, I should be clear that whenever I attempt to play a video, IE crashes with the error message 'Internet Explorer has stopped working'. Please see attached screen shot, Filename: Explorer Error Message. Also as discussed I cannot remove or upgrade IE10 from my system.

 

OK hoping you can bring out the 'Big Guns' now and get these persistent problems fixed up.

 

Cheers

 

Jack

 

 

 

Attached Files



#14 jackal100

jackal100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 02 May 2016 - 05:25 AM

Hi Phil, I took the liberty of running a FRST scan again. I hope this is OK. I thought it might give you some more information to help you further identify and rectify the problems I'm having. Please see attached files.

 

Cheers

 

Jack

Attached Files



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:53 PM

Posted 03 May 2016 - 03:13 AM

Jack:

Thank you for your posts. New FRST scan logs were not required, but I have checked them anyways, just to see if there are any remnants of malware remaining. I did find some hard disk IO errors being reported in the Addition.txt file, which are related to your restore point issue.


:step1: We need to check your hard disk for errors.

  • Please open an Elevated Command Prompt. To do this:
    • Press the Windows "Start" button.
    • Type "cmd.exe" into the "Search" box.
    • At the top of the list that generates, you should see "cmd.exe".
    • Right click "cmd.exe" and select "Run as Administrator".
  • Type the following command exactly: chkdsk /r unless you have an SSD hard drive, in which case, type chkdsk /f
  • Please note that there is a space between "chkdsk" and "/r" or "/f"
  • You will get a message that the volume is locked and do you want to reboot.
  • Click on "Yes" to permit the computer to reboot.
  • When the computer reboots, do not press any keys. Let the chkdsk run, which will take several hours.
  • The computer will reboot automatically when the "chkdsk" has finished.

Please follow the instructions here to find the results of the "chkdsk" scan.

Please copy and paste those results into your next reply.



:step2: Please search the web for a hard drive diagnostic utility from the manufacturer of your hard drive. Please download and run the diagnostic tool and check the S.M.A.R.T status. I would also recommend running a "full" or "deep" scan. We need to rule out the possibility of impending hard drive failure. These first two steps will probably take many hours to complete, but they are essential. Please provide details of any findings or errors reported by the hard disk diagnostic utility in your next reply.

 


:step2: You are running an outdated version of Internet Explorer. The current version is IE11. IE10 should have been updated automatically by Windows Updates, so we need to ensure that you have all available Windows updates installed on your computer and that nothing is interfering with the Windows Update program.

  • Please go to this web page and download the version of the Windows System Update and Readiness Tool for Windows 7 SP1 x64.
  • Run this tool. It will take over an hour to run and may appear to hang. Please be patient and let the program complete its scan.
  • Please report any errors that SURT reports in your next reply.

 

 

:step3: Manually launch Windows Update from the Control Panel and search for Windows Updates. Download and install all Critical and Important Windows Updates, except those related to Windows 10, if you are not planning to update to Windows 10.

 

 

:step4: If Windows Updates does not install IE11, as a part of its updating, then please go here and download the Windows IE11 installer for Windows 7, 64-bit version, and install it.

 

If we are lucky, Jack, these steps may resolve some or all of your remaining issues, which are not malware-related.

I would like you to provide the chkdsk log and the details of what the hard drive diagnostic utility reported as well.

Also please let me know the results of the SURT scan and how many Windows Updates were installed; or, what errors might have been reported.

Please provide details of how your computer is running after following all of the above-listed steps.

I am sorry for all of the "homework", but we both want to resolve your computer issues, and so now you have to do some "heavy lifting" for us.

Thank you, Jack. Have a great day.

Regards,
-Phil

 

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users