Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Kovter detected


  • This topic is locked This topic is locked
8 replies to this topic

#1 Tnbrat94

Tnbrat94

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 July 2016 - 11:37 PM

My windows defender on my laptop (windows 8) and my desktop (windows 10) alerted me today that a trojan kovter was detected. I followed the help area that you guys have: http://www.bleepingcomputer.com/virus-removal/remove-kovter-trojan#self-help.

 

I already have malware bytes downloaded on both and ran them. I then downloaded and ran the rkill program, but it stated that it didn't find anything. I went ahead and downloaded and ran the Fixtool64 on them. And it popped up saying that the program was not installed. But when I re-ran malware bytes, it did not detect it. I ran the ESET scan as suggested in the help area, (just to be on the safe side) and it did not find it.

 

I do remember seeing the pop ups for the "firefox patch". But I closed it and the browser immediately and scan the pcs with windows defender and malware bytes. I just want to make sure if there is anything else that I need to do to make sure it is not on my computers. Thanks so much :thumbup2:



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:05 PM

Posted 05 July 2016 - 09:01 AM

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic link ed below:
This will give us a deeper look and we can be certain if it is gone.


Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Edited by boopme, 05 July 2016 - 09:03 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Tnbrat94

Tnbrat94
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 July 2016 - 09:43 AM

.


Edited by Tnbrat94, 05 July 2016 - 02:03 PM.


#4 Tnbrat94

Tnbrat94
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 July 2016 - 09:47 AM

I don't see how to attach the log of the Addition. Do I copy & paste it here?



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:05 PM

Posted 05 July 2016 - 12:03 PM

Please follow step 7...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Tnbrat94

Tnbrat94
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 July 2016 - 01:40 PM

Please follow step 7...

There isn't an attachment button on my screen.

 

But here is the Addition log:

---------------------------------------------------------

 

Windows 10 Home Version 1511 (X64) (2016-02-14 10:51:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-213681358-3918420537-3065366430-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-213681358-3918420537-3065366430-503 - Limited - Disabled)
Guest (S-1-5-21-213681358-3918420537-3065366430-501 - Limited - Disabled)
Mystic Pagan (S-1-5-21-213681358-3918420537-3065366430-1001 - Administrator - Enabled) => C:\Users\Mystic Pagan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.00.2004.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.07.2003.0 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated)
Acer Drive (HKLM-x32\...\{5D45E67C-B04E-411F-93BB-947DAAF355D5}) (Version: 1.00.3009 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3005 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-213681358-3918420537-3065366430-1001\...\Host App Service) (Version: 0.271.1.403 - SweetLabs)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6623.01 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3602.01 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5527.01 - CyberLink Corp.)
Dino Storm (x32 Version: 13.0.0.6 - WildTangent) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{1A51AA9E-D4BC-4318-9419-B55EA4C95B3C}) (Version: 17.1.1525.1443 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c92e37dd-de51-4a9e-abfc-54c4b71d1b72}) (Version: 18.11.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version:  - FUNAI ELECTRIC CO., LTD.)
Magic Academy (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\{9850BE9B-BC00-437F-B229-1F982D8CA2BF}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Rory's Restaurant (x32 Version: 3.0.2.126 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vegas World (x32 Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (x32 Version: 13.0.0.6 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.16 - WildTangent) Hidden
Windows Driver Package - Intel Corporation (iagpioe) System  (05/21/2015 604.10120.2652.361) (HKLM\...\AF9226384B030787C4D0F761A23F48F7649D6D17) (Version: 05/21/2015 604.10120.2652.361 - Intel Corporation)
Windows Driver Package - Intel Corporation (iai2ce) System  (05/21/2015 604.10120.2654.367) (HKLM\...\B37036F6A0766DAC3E418F6CAE67005C5F3A8C40) (Version: 05/21/2015 604.10120.2654.367 - Intel Corporation)
Windows Driver Package - Intel Corporation (iauarte) System  (05/21/2015 604.10120.2653.391) (HKLM\...\1D4FF76A05A14FF5BA3636A41E0AB237F3A55E14) (Version: 05/21/2015 604.10120.2653.391 - Intel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-213681358-3918420537-3065366430-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mystic Pagan\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08360911-4A6E-4BAA-B1D2-7BA1D53BF5B0} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-09-26] (Dolby Laboratories Inc.)
Task: {0C3CF772-099A-4D6A-93D3-CDE280FE32B9} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-08-05] (Acer Incorporated)
Task: {0C49185E-A0FB-4B83-9405-820FC2A43DF5} - System32\Tasks\AcerDriveTrayLauncher => C:\Program Files (x86)\Acer\Acer Drive\AcerDriveTray.exe [2015-09-30] (Acer Incorporated)
Task: {3296E8EE-1864-4821-93E1-E0A05EE9FE72} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {3F0C160A-7A03-4997-9F94-3090CCDDC238} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-10] ()
Task: {40C46426-18AF-4CCF-A46F-1CA8E43BC6BD} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {7042F621-E201-466F-98B9-41E063BED48D} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {73F6C0FD-D425-43B6-871E-6BB16BF85142} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-09] (Acer Incorporated)
Task: {77B27D35-EC90-4BDF-850F-799646626FC7} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-10] ()
Task: {A574EF4E-E19C-48DF-ABA2-51071DAE5024} - System32\Tasks\AcerDriveProxyLauncher => C:\Program Files (x86)\Acer\Acer Drive\AcerDriveProxy.exe [2015-09-30] (Acer Incorporated)
Task: {AB400BC0-592A-4E82-A580-5B21F99CA73D} - System32\Tasks\AcerDriveUpdateChecker => C:\Program Files (x86)\Acer\Acer Drive\CheckUpdate.exe [2015-08-05] (Acer Incorporated)
Task: {BBC2CA35-E236-4140-B5A8-26A8ED3C3337} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-04-20] (Acer)
Task: {D2858055-50A8-46B8-A66C-621BB04E80BF} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {DBBBEEEF-8C17-4956-B246-21900944F348} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {E8222215-8A97-48CF-9F91-74876019C025} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {F05A38D0-E70B-420D-9425-E661ED1D340E} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-04-18] (Acer Incorporated)
Task: {F5A54F1B-00F6-46ED-BC34-C72F778339D3} - System32\Tasks\App Explorer => C:\Users\Mystic Pagan\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2016-03-10] (SweetLabs, Inc)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Mystic Pagan\Desktop\desktop\Acer Store.lnk -> hxxp://go.acer.com/?id=16752&model=Aspire ZC-700G+C:\Program Files\Accessory Store\AStore.ico (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-07-16 04:29 - 2014-10-07 20:27 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-12 16:21 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 16:21 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-16 04:38 - 2015-05-08 12:41 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-02-14 07:09 - 2016-02-14 07:09 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 12:22 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 12:22 - 2016-04-22 23:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-02-12 15:10 - 2016-02-12 15:10 - 00415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-02-26 13:12 - 2015-02-26 13:12 - 00330240 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
2015-11-23 19:44 - 2015-11-23 19:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-07-10 05:38 - 2015-07-10 05:38 - 04580704 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2016-06-16 10:03 - 2016-06-16 10:04 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-16 10:03 - 2016-06-16 10:04 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-16 10:03 - 2016-06-16 10:04 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-04 07:14 - 2016-03-04 07:14 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-28 07:13 - 2016-06-28 07:21 - 03790336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-02-12 20:20 - 2016-02-12 20:20 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-16 10:05 - 2016-05-27 22:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-16 10:05 - 2016-05-27 22:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-16 10:05 - 2016-05-27 22:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-16 10:05 - 2016-05-27 22:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-16 10:09 - 2016-06-16 10:09 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.9.5250.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2015-09-25 15:50 - 2015-09-25 15:50 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Drive\curllib.dll
2015-09-25 15:50 - 2015-09-25 15:50 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Drive\OpenLDAP.dll
2016-05-16 11:02 - 2016-05-16 11:02 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-05-16 11:04 - 2016-05-16 11:04 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-05-16 11:04 - 2016-05-16 11:04 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-05-16 11:03 - 2016-05-16 11:03 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-04-27 12:39 - 2016-04-27 12:39 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-04-18 16:13 - 2016-04-18 16:13 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-04-18 16:11 - 2016-04-18 16:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-04-20 14:57 - 2016-04-20 14:57 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-04-20 14:57 - 2016-04-20 14:57 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-07-16 04:38 - 2015-05-08 12:41 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-213681358-3918420537-3065366430-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mystic Pagan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "KOBAAmon"
HKU\S-1-5-21-213681358-3918420537-3065366430-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-213681358-3918420537-3065366430-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-213681358-3918420537-3065366430-1001\...\StartupApproved\Run: => "KOab1err"
HKU\S-1-5-21-213681358-3918420537-3065366430-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-213681358-3918420537-3065366430-1001\...\StartupApproved\Run: => "KOBAAmon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2C29DE6D-4C29-4840-A4E9-8ABD9F14F0D4}] => (Allow) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveProxy.exe
FirewallRules: [{3AAB2869-5E9F-463B-BB91-3C0CE0E64833}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CFF4CC2F-D513-4D39-B384-92025B92A282}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8847AEC8-CC02-4C6B-B697-80C6BC86E1F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C3826D6-8436-4760-948A-D00A357CCD49}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{857ED246-4887-44C8-9E88-E058887C08A2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7AEA683C-AB1F-42C8-B5D4-B00983198D85}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{247AD33A-A4A1-46AF-A55A-4E20A8CBB30A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8AAD0AC1-F82B-4DC0-8CA4-83C182895E5B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{580175EF-ACF8-4060-B4DF-F6193DFEB696}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B15001C2-DB09-4985-B9BE-CC5479B9D163}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D0424C05-5856-4856-873C-BE0814B47436}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F16FA17B-0677-4578-82E6-BEC1964687BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{13552DD1-BE8C-4CD0-A246-BB4791A49390}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6B4813A0-0E06-4ACF-992D-F1D3CB7557B9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8455F70F-C925-4EB4-9D68-0E59E7EF2D79}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B5FCF574-4E74-4BAB-BD22-04EB442F8F5B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9347B61D-CE09-404A-B3E0-843DABCB6983}] => (Allow) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveProxy.exe
FirewallRules: [{FFA86625-A3FC-42A9-AE61-629C41458F2F}] => (Allow) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveProxy.exe
FirewallRules: [{9978F72A-4A33-45DD-8E0C-70F6E8DA4C3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{BC345C94-B301-4EE4-9E70-4A4DA0DDE04B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A502FB4D-9018-4267-AFD4-3DF8B8194BAA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{65015F92-7C0E-480C-8FD1-FADFDE670E79}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{34E46D47-E099-4353-8109-76B0A2319329}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{66A66804-37D9-4E1F-8A3F-4F44B47A934E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{BA5AEDB0-FC28-4644-858C-59513E3A1F66}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{416B0EAA-CAE0-4B01-8B8B-214E5E984382}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C43B470C-FCFF-406E-AF45-D54C5F584C56}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{CB7A78C2-785F-4FFA-BD9F-3BEC6B359CFB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{3A0C0369-0756-4942-BECE-2A6FFE0147F6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E781A381-8910-4260-AFDA-702C1A1BFB3B}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{B6800481-106E-47D0-9BF4-ACF2D50E1CD9}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{5E2E827D-FDAD-4579-895A-7FE32B4BEF48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E15657BA-804C-4D50-BC87-387649CF7E56}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{927A37FD-E810-4F76-8FF4-F87A6483412F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{1D54F97F-7188-49C7-876A-644B542DD97A}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\KOZZZ_32__bc.dll
FirewallRules: [{2621FCE2-CFEF-4EDE-9432-D323E46F6737}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\KOZZZ_32__bc.dll
FirewallRules: [{5EFDAD33-194E-481C-974F-9A9DFA4E9418}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\KOzzz_32serv.dll
FirewallRules: [{8D76D4EE-B45D-4619-BC27-03E5B1F92CB6}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\KOzzz_32serv.dll
FirewallRules: [{78F24E34-0A7F-47D4-9601-74E24651DFEA}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\lextwprotocol.dll
FirewallRules: [{014881EE-5DDC-4F07-A1E6-3757B76B4D48}] => (Allow) C:\Program Files (x86)\KODAK VERITE\NetworkTwain\lextwprotocol.dll
FirewallRules: [{5D87770D-E128-4B27-91DE-C78E67BBE2C9}] => (Allow) C:\Windows\twain_32\KODAK VERITE\NetworkTwain\lexnetworkds.ds
FirewallRules: [{CD49F9E3-B66B-49E1-A727-EC96EA619180}] => (Allow) C:\Windows\twain_32\KODAK VERITE\NetworkTwain\lexnetworkds.ds
FirewallRules: [{65EDCCDD-E7DF-4790-9F60-218772D07727}] => (Allow) C:\Program Files (x86)\KODAK VERITE\ErrorApp\koab1err.exe
FirewallRules: [{2B9BE22E-48C9-4FD5-909C-E1831EAE3EEE}] => (Allow) C:\Program Files (x86)\KODAK VERITE\ErrorApp\koab1err.exe
FirewallRules: [{BDA03218-C343-4D5E-971D-88724AEA02DF}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAHiResScan.exe
FirewallRules: [{B43DEBF8-517D-411B-8329-F6682E789975}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAHiResScan.exe
FirewallRules: [{CF26373D-310B-4497-A9C0-EF63461A3522}] => (Allow) C:\Program Files (x86)\KODAK VERITE\WirelessSetup\KOwpss.exe
FirewallRules: [{567CB493-6FE9-4A6A-996D-2E7973B5A995}] => (Allow) C:\Program Files (x86)\KODAK VERITE\WirelessSetup\KOwpss.exe
FirewallRules: [{F2A841F9-C6C9-4D38-A5EC-EFA306C84A56}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe
FirewallRules: [{5FF771A6-8FEC-4B68-AFBA-0C8861A971C2}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe
FirewallRules: [{A3B23A0B-AF34-41E1-8153-24D24AE65694}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAlscn.exe
FirewallRules: [{4BA3652B-BB29-49CC-AC38-10C54680DC9F}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAlscn.exe
FirewallRules: [{947AE2DE-9F32-4C56-8084-6440003B76F6}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOabscw.dll
FirewallRules: [{2985CDE5-AD81-496F-9A12-8768EEF9A99A}] => (Allow) C:\Program Files (x86)\KODAK VERITE 50 Series\KOabscw.dll
FirewallRules: [{20BA5130-1A4D-47CC-8661-7BD5E063BAEE}] => (Allow) C:\Program Files (x86)\KODAK VERITE\Status Center\kosmc.exe
FirewallRules: [{22120BA4-DD61-46A7-B1E6-2B0664CFAEF2}] => (Allow) C:\Program Files (x86)\KODAK VERITE\Status Center\kosmc.exe
FirewallRules: [{FD01B5DC-2BE5-4E00-8413-A74A661C94E6}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{09769EF6-C93A-40A2-A2F7-F3383709189D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{07D8B71E-46BA-45D6-9D2D-2A2DAC10B786}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{E6B1F591-B7C4-40EE-B12A-C22FF3809AF5}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe

==================== Restore Points =========================

16-06-2016 10:33:44 Windows Update
26-06-2016 09:42:10 Scheduled Checkpoint
04-07-2016 23:39:47 Removed Nancy Drew: Tomb of the Lost Queen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2016 11:40:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/01/2016 10:20:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GLV3U1T)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/30/2016 11:25:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1dfc

Start Time: 01d1d2eac6fb1356

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 3cc1e43e-3edf-11e6-9be5-dc536075d937

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2016 11:25:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x157c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (06/30/2016 11:16:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1590

Start Time: 01d1d2e2bd698713

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 00cfc55a-3ede-11e6-9be5-dc536075d937

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2016 11:16:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x1768
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (06/29/2016 03:07:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 17a4

Start Time: 01d1d240d58acad0

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 25d73815-3e35-11e6-9be5-dc536075d937

Faulting package full name:

Faulting package-relative application ID:

Error: (06/29/2016 03:07:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0xe20
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (06/29/2016 03:00:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1034

Start Time: 01d1d23d3dcde02e

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 0f23c5fa-3e34-11e6-9be5-dc536075d937

Faulting package full name:

Faulting package-relative application ID:

Error: (06/29/2016 03:00:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x15d0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5


System errors:
=============
Error: (07/05/2016 09:37:15 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 09:37:10 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 09:37:07 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 09:37:04 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 06:09:51 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 06:09:49 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 06:09:46 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 06:09:41 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 06:09:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/05/2016 06:09:36 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
  Date: 2016-06-17 12:09:24.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-16 12:54:18.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-14 08:01:20.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-15 07:29:35.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 05:44:03.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 04:07:08.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 07:42:17.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 04:12:55.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 03:37:05.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 06:55:39.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N3150 @ 1.60GHz
Percentage of memory in use: 52%
Total physical RAM: 4015.26 MB
Available physical RAM: 1923.96 MB
Total Virtual: 6191.26 MB
Available Virtual: 3638.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:465.16 GB) (Free:418.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C4D9529D)

Partition: GPT.

==================== End of Addition.txt ============================



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:05 PM

Posted 05 July 2016 - 01:50 PM

Step 7... You need to create a NEW topic here
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Copy / paste your logs.

Thanks!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Tnbrat94

Tnbrat94
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 July 2016 - 01:51 PM

Sorry and thank you



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:05 PM

Posted 05 July 2016 - 02:03 PM

No problem...

New topic
http://www.bleepingcomputer.com/forums/t/619049/kovter-trojan-detected/

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users