Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy hijacker found - Am I clear of it completely?.


  • This topic is locked This topic is locked
16 replies to this topic

#1 coachoflife

coachoflife

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 10 October 2016 - 05:38 PM

~ ZHPCleaner v2016.9.3.119 by Nicolas Coolman (2016/09/03)
~ Run by John (Administrator)  (10/10/2016 18:43:12)
~ State version : 
~ Type : Repair
~ Report : C:\Users\John\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\John\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Connected, 64-bit  (Build 9600)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (5)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <-loopback>]  =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer [Bad : http=127.0.0.1:53612;https=127.0.0.1:53612]  =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable [Bad : 1]  =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=53612 <-Loopback>]  =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=53612 <-Loopback>]  =>Hijacker.Proxy
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.
 
 
---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.
 
 
---\\  Summary of the elements found (1)
 
 
---\\  Other deletions. (29)
~ Registry Keys Tracing deleted (10)
~ Remove the old reports ZHPCleaner. (19)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.
 
 
---\\ Statistics
~ Items scanned : 257
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 5
 
 
~ End of clean in 00h00mn11s
~====================
ZHPCleaner-[R]-10102016-18_43_23.txt
ZHPCleaner-[R]-11072016-14_36_00.txt
ZHPCleaner-[S]-10102016-18_42_11.txt
 


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:15 PM

Posted 11 October 2016 - 02:40 PM

Hello, we can also do these and be sure.

zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 07 January 2017 - 08:16 AM

I never received an e-mail about a reply and when I checked weeks after 11 October it said 0 replies.  I had an e-mail with yahoo (through another company) which got hacked and was being controlled by someone else for over 2 years.  I only got the above by shutting down my old e-mail account and running a few scans for viruses.  A couple of days ago I got a subscription to watch football which I could not get to work so uninstalled my google browser and tried to reinstall which did not work.  I had to go back to factory settings and the default browser (internet explorer) and after removing a few viruses left over from doing this previously the football subscription worked.  I now have no hacker, hope that continues, but a few other viruses which I am having trouble finding and getting rid of.  Just thought I would put up my experience in case it might help someone else.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:15 PM

Posted 08 January 2017 - 02:46 PM

please run the tools above.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 08 January 2017 - 08:25 PM

# AdwCleaner v6.042 - Logfile created 09/01/2017 at 01:22:49
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Local]
# Operating System : Windows 8.1 Connected  (X64)
# Username : John - LENOVO-PC
# Running from : C:\Users\John\Downloads\adwcleaner_6.042.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1035 Bytes] - [07/01/2017 13:01:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [1275 Bytes] - [09/01/2017 01:22:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [1170 Bytes] - [07/01/2017 13:00:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [1670 Bytes] - [09/01/2017 01:14:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1494 Bytes] ##########



#6 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 08 January 2017 - 08:34 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 Connected x64
Ran by John (Administrator) on 09/01/2017 at  1:26:21.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 0

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/01/2017 at  1:27:53.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 08 January 2017 - 08:56 PM

ESET found nothing.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:15 PM

Posted 08 January 2017 - 09:24 PM

Looks good just one more quick one.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 09 January 2017 - 10:20 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by John (administrator) on 09-01-2017 at 14:14:06
Running from "C:\Users\John\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Model: 10157 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:64550;https=127.0.0.1:64550

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Ethernet (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Lenovo-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : C0-3F-D5-9B-D1-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ccf7:68f8:179d:c36%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 09 January 2017 01:23:48
   Lease Expires . . . . . . . . . . : 10 January 2017 14:02:57
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 62930901
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-78-AC-81-C0-3F-D5-9B-D1-1A
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.64%6(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 100663296
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-78-AC-81-C0-3F-D5-9B-D1-1A
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:34af:cc99:3049:4b1:a94e:e1ab(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3049:4b1:a94e:e1ab%7(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-78-AC-81-C0-3F-D5-9B-D1-1A
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  BThomehub.home
Address:  192.168.1.254

Name:    google.com
Addresses:  2a00:1450:4009:804::200e
   216.58.212.110

Pinging google.com [216.58.212.110] with 32 bytes of data:
Reply from 216.58.212.110: bytes=32 time=18ms TTL=54
Reply from 216.58.212.110: bytes=32 time=18ms TTL=54

Ping statistics for 216.58.212.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 18ms, Average = 18ms
Server:  BThomehub.home
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=208ms TTL=48
Reply from 206.190.36.45: bytes=32 time=155ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 155ms, Maximum = 208ms, Average = 181ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...c0 3f d5 9b d1 1a ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.64     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.64    276
     192.168.1.64  255.255.255.255         On-link      192.168.1.64    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.64    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.64    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.64    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:34af:cc99:3049:4b1:a94e:e1ab/128
                                    On-link
  3    276 fe80::/64                On-link
  7    306 fe80::/64                On-link
  6    281 fe80::5efe:192.168.1.64/128
                                    On-link
  7    306 fe80::3049:4b1:a94e:e1ab/128
                                    On-link
  3    276 fe80::ccf7:68f8:179d:c36/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/09/2017 01:54:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:54:14 AM) (Source: Application Error) (User: )
Description: Faulting application name: OnlineScannerApp.exe, version: 1.0.0.1, time stamp: 0x55546904
Faulting module name: ONLINE~1.OCX, version: 1.0.0.7777, time stamp: 0x55546935
Exception code: 0xc000041d
Fault offset: 0x0002d516
Faulting process id: 0x548
Faulting application start time: 0xOnlineScannerApp.exe0
Faulting application path: OnlineScannerApp.exe1
Faulting module path: OnlineScannerApp.exe2
Report Id: OnlineScannerApp.exe3
Faulting package full name: OnlineScannerApp.exe4
Faulting package-relative application ID: OnlineScannerApp.exe5

Error: (01/09/2017 01:54:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: OnlineScannerApp.exe, version: 1.0.0.1, time stamp: 0x55546904
Faulting module name: ONLINE~1.OCX, version: 1.0.0.7777, time stamp: 0x55546935
Exception code: 0xc0000005
Fault offset: 0x0002d516
Faulting process id: 0x548
Faulting application start time: 0xOnlineScannerApp.exe0
Faulting application path: OnlineScannerApp.exe1
Faulting module path: OnlineScannerApp.exe2
Report Id: OnlineScannerApp.exe3
Faulting package full name: OnlineScannerApp.exe4
Faulting package-relative application ID: OnlineScannerApp.exe5

Error: (01/09/2017 01:30:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:30:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:30:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:29:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:29:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:29:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:29:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

System errors:
=============
Error: (01/09/2017 02:07:13 PM) (Source: Service Control Manager) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

Error: (01/09/2017 01:33:35 AM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading

Error: (01/09/2017 01:33:35 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys

Error: (01/09/2017 01:33:35 AM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading

Error: (01/09/2017 01:33:35 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys

Error: (01/09/2017 01:33:35 AM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading

Error: (01/09/2017 01:33:35 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys

Error: (01/09/2017 01:25:55 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/09/2017 01:23:56 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/09/2017 01:23:51 AM) (Source: Service Control Manager) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

 

Microsoft Office Sessions:
=========================
Error: (01/09/2017 01:54:40 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (01/09/2017 01:54:14 AM) (Source: Application Error)(User: )
Description: OnlineScannerApp.exe1.0.0.155546904ONLINE~1.OCX1.0.0.777755546935c000041d0002d51654801d26a180b6e05afC:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exeC:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX85478671-d60e-11e6-825f-c03fd59bd11a

Error: (01/09/2017 01:54:03 AM) (Source: Application Error)(User: )
Description: OnlineScannerApp.exe1.0.0.155546904ONLINE~1.OCX1.0.0.777755546935c00000050002d51654801d26a180b6e05afC:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exeC:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX7ef95b84-d60e-11e6-825f-c03fd59bd11a

Error: (01/09/2017 01:30:59 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (01/09/2017 01:30:57 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (01/09/2017 01:30:22 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (01/09/2017 01:29:20 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (01/09/2017 01:29:16 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (01/09/2017 01:29:08 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (01/09/2017 01:29:08 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

CodeIntegrity Errors:
===================================
  Date: 2017-01-09 01:23:56.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 13:02:00.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 12:55:15.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 00:04:14.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-06 23:54:30.086
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.1.12.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.2063 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
SmartApp (HKLM-x32\...\{A933DBFF-6E8B-461D-B79D-08481CFFE26F}) (Version: 3.2.6 - SmartApp)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3983.68 MB
Available physical RAM: 2285.16 MB
Total Virtual: 5391.68 MB
Available Virtual: 3476.93 MB

========================= Partitions: =====================================

1 Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:417.04 GB) NTFS
2 Drive d: (DISK1) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\LENOVO-PC

Administrator            Guest                    John                    

**** End of log ****



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:15 PM

Posted 09 January 2017 - 11:55 AM

Looks good here,,, Start a new topic in WIN8. Repost the MiniToolbox log and ask about the conflicts in the Application errors section.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 09 January 2017 - 05:14 PM

The hacker is back using the same port as before and stopping me using any of the subscriptions I paid for.  I get a message on both saying I need a flash player installed which comes by default on internet explorer.  Plus have adobe air.



#12 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 09 January 2017 - 09:21 PM

To give you a full background on the hacker I used a software to see what ports were being used and could shut them down.  I got a programme on my computer a few months ago that logs your internet activity and the hacker started using this and no matter what I done I could not get rid of it using the software.  I had lost it when I wiped everything and got an e-mail yesterday from the company so put it back on my computer and hey presto hacker appears again. 



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:15 PM

Posted 10 January 2017 - 12:11 PM

Let's get a deeper look and find it.

Start at step 6...

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 10 January 2017 - 03:00 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by John (10-01-2017 19:57:57)
Running from C:\Users\John\Downloads
Windows 8.1 Connected (X64) (2017-01-04 13:23:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2947496949-1313208790-3359982435-500 - Administrator - Disabled)
Guest (S-1-5-21-2947496949-1313208790-3359982435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2947496949-1313208790-3359982435-1003 - Limited - Enabled)
John (S-1-5-21-2947496949-1313208790-3359982435-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {B10D5953-051E-97F6-F53B-3839EFD98259}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {0A6CB8B7-2324-9878-CF8B-034B945EC8E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {8936D876-4F71-96AE-DE64-910C110AC522}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.1.12.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.2063 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
SmartApp (HKLM-x32\...\{A933DBFF-6E8B-461D-B79D-08481CFFE26F}) (Version: 3.2.6 - SmartApp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {092B9D1C-D93D-4691-A184-737E9AF471FF} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2017-01-04] (Lenovo)
Task: {0F1C23CB-71CC-4FEE-97A8-A065B514ADA7} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {0F710E3C-CFBA-41C5-A891-43996960558C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-18] (Lenovo)
Task: {2022B68B-1BF8-4B68-AA76-C41347F873A5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {26001794-7A95-4C24-97B9-FC9924DC5DFC} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2017-01-06] (McAfee, Inc.)
Task: {600B7C72-756E-44D5-A00B-8399F717A3E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-10-11] (McAfee, Inc.)
Task: {70ED0B2F-D553-439C-83E4-4E8DDC163455} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-18] ()
Task: {73BC487F-3C1E-4892-A656-E027E9FE01CA} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2017-01-06] (McAfee, Inc.)
Task: {7ED6C76A-9AFD-48BB-B68F-DDB878739F5C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-10-11] (McAfee, Inc.)
Task: {9742D52B-8FBA-4543-B4E2-308C3F4A6394} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2016-12-28] ()
Task: {98CE9A28-0CCC-434B-9430-DEA27F317513} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {AC7342AA-9D88-4326-A415-E509EE6EFA92} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {DDF046B5-5109-49A7-906C-4C1E46E642B6} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {F933D4F7-52E5-49F1-B472-E7EC5AA7B484} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2016-12-28] (VertoAnalytics Oy)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-08-10 04:34 - 2011-08-17 03:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-08-10 04:50 - 2013-05-14 18:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2009-12-04 23:59 - 2009-12-04 23:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 00:04 - 2009-12-05 00:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "FamilySafetyGuide.lnk"
HKLM\...\StartupApproved\Run32: => "jmesoft"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C7618433-CEDF-4D9F-BBF4-89DE5032E38A}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AFF1105-9103-435B-ACDC-0530BE0692E7}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1AAF4B19-3558-4D71-9A1E-69D0D4FA9D07}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{2847AD01-714E-412B-80EC-6A4EDF395E56}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2386ABE3-7B34-40F2-A338-2982A32834D1}] => C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE

==================== Restore Points =========================

04-01-2017 13:21:30 Windows Modules Installer
07-01-2017 00:06:52 JRT Pre-Junkware Removal
09-01-2017 01:05:40 Installed SmartApp
09-01-2017 01:26:23 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2017 02:27:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 02:26:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:54:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OnlineScannerApp.exe, version: 1.0.0.1, time stamp: 0x55546904
Faulting module name: ONLINE~1.OCX, version: 1.0.0.7777, time stamp: 0x55546935
Exception code: 0xc000041d
Fault offset: 0x0002d516
Faulting process id: 0x548
Faulting application start time: 0x01d26a180b6e05af
Faulting application path: C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
Faulting module path: C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX
Report Id: 85478671-d60e-11e6-825f-c03fd59bd11a
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2017 01:54:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OnlineScannerApp.exe, version: 1.0.0.1, time stamp: 0x55546904
Faulting module name: ONLINE~1.OCX, version: 1.0.0.7777, time stamp: 0x55546935
Exception code: 0xc0000005
Fault offset: 0x0002d516
Faulting process id: 0x548
Faulting application start time: 0x01d26a180b6e05af
Faulting application path: C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
Faulting module path: C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX
Report Id: 7ef95b84-d60e-11e6-825f-c03fd59bd11a
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2017 01:30:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:30:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:30:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:29:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:29:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

System errors:
=============
Error: (01/10/2017 06:59:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

Error: (01/09/2017 10:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/09/2017 10:06:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (01/09/2017 09:59:30 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/09/2017 09:59:30 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/09/2017 08:30:25 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/09/2017 08:30:25 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/09/2017 02:26:43 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (01/09/2017 02:26:13 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (01/09/2017 02:07:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

CodeIntegrity:
===================================
  Date: 2017-01-09 22:06:48.166
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-09 01:23:56.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 13:02:00.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 12:55:15.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 00:04:14.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-06 23:54:30.086
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU J2900 @ 2.41GHz
Percentage of memory in use: 48%
Total physical RAM: 3983.68 MB
Available physical RAM: 2068.26 MB
Total Virtual: 5391.68 MB
Available Virtual: 3204.76 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:416.89 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DISK1) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 712BA21C)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by John (administrator) on LENOVO-PC (10-01-2017 19:56:57)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.2.351.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McAMTaskAgent.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VertoAnalytics Oy) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Verto Analytics Inc) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2947496949-1313208790-3359982435-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DABC8EA0-2EB0-413F-AB21-5EDB3D69D8D0}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-11-18] (McAfee, Inc.)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-07] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 19:56 - 2017-01-10 19:57 - 00010827 _____ C:\Users\John\Downloads\FRST.txt
2017-01-10 19:56 - 2017-01-10 19:56 - 00000000 ____D C:\FRST
2017-01-10 19:55 - 2017-01-10 19:56 - 02419200 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2017-01-09 21:31 - 2017-01-09 21:31 - 00000000 ____D C:\7971a87b4dca212be284
2017-01-09 14:14 - 2017-01-09 14:14 - 00032534 _____ C:\Users\John\Desktop\MTB.txt
2017-01-09 14:12 - 2017-01-09 14:12 - 00892416 _____ (Farbar) C:\Users\John\Downloads\MiniToolBox.exe
2017-01-09 01:54 - 2017-01-09 01:54 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2017-01-09 01:29 - 2017-01-09 01:29 - 02870984 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2017-01-09 01:29 - 2017-01-09 01:29 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-09 01:27 - 2017-01-09 01:27 - 00000552 _____ C:\Users\John\Desktop\JRT.txt
2017-01-09 01:26 - 2017-01-09 01:26 - 01663040 _____ (Malwarebytes) C:\Users\John\Downloads\JRT.exe
2017-01-09 01:20 - 2017-01-09 01:20 - 03988944 _____ C:\Users\John\Downloads\AdwCleaner.exe
2017-01-09 01:06 - 2017-01-10 18:54 - 00003326 _____ C:\windows\System32\Tasks\SmartAppMonitor
2017-01-09 01:06 - 2017-01-10 02:02 - 00004092 _____ C:\windows\System32\Tasks\SmartAppLiveUpdater
2017-01-09 01:06 - 2017-01-09 01:07 - 00000000 ____D C:\Users\John\AppData\Local\VertoAnalytics
2017-01-09 01:06 - 2017-01-09 01:06 - 00000000 ____D C:\Program Files (x86)\SmartApp
2017-01-09 01:00 - 2017-01-10 19:40 - 00003846 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-07 13:23 - 2017-01-07 13:23 - 06771840 _____ (ESET spol. s r.o.) C:\Users\John\Downloads\esetonlinescanner_enu.exe
2017-01-07 13:23 - 2017-01-07 13:23 - 00000000 ____D C:\Users\John\AppData\Local\ESET
2017-01-07 12:58 - 2017-01-09 01:22 - 00000000 ____D C:\AdwCleaner
2017-01-07 12:58 - 2017-01-07 12:58 - 03988944 _____ C:\Users\John\Downloads\adwcleaner_6.042.exe
2017-01-07 01:50 - 2017-01-07 01:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2017-01-07 00:24 - 2017-01-07 00:31 - 00000000 ____D C:\Users\John\AppData\Roaming\ZHP
2017-01-07 00:24 - 2017-01-07 00:24 - 02670592 _____ C:\Users\John\Downloads\ZHPCleaner.exe
2017-01-07 00:24 - 2017-01-07 00:24 - 00000888 _____ C:\Users\John\Desktop\ZHPCleaner.lnk
2017-01-07 00:09 - 2017-01-07 00:09 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2017-01-07 00:09 - 2017-01-07 00:09 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-01-06 23:45 - 2017-01-10 19:00 - 00004020 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-05 18:13 - 2017-01-05 18:13 - 00002003 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2017-01-05 18:13 - 2017-01-05 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-05 18:08 - 2017-01-08 13:19 - 00003068 _____ C:\windows\System32\Tasks\McAfeeLogon
2017-01-05 18:08 - 2017-01-08 13:19 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2017-01-05 18:08 - 2017-01-05 18:08 - 00000000 ____D C:\ProgramData\Intel Security
2017-01-05 18:08 - 2017-01-05 18:08 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-01-04 18:05 - 2017-01-04 19:05 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-04 18:05 - 2017-01-04 18:05 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-04 13:30 - 2017-01-10 18:58 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2947496949-1313208790-3359982435-1001
2017-01-04 13:30 - 2017-01-04 13:30 - 00000000 __SHD C:\Users\John\AppData\LocalLow\EmieUserList
2017-01-04 13:30 - 2017-01-04 13:30 - 00000000 __SHD C:\Users\John\AppData\Local\EmieUserList
2017-01-04 13:30 - 2017-01-04 13:30 - 00000000 __SHD C:\Users\John\AppData\Local\EmieSiteList
2017-01-04 13:29 - 2017-01-04 13:30 - 00000000 __SHD C:\Users\John\AppData\LocalLow\EmieSiteList
2017-01-04 13:26 - 2017-01-04 13:27 - 00000000 ____D C:\Users\John\AppData\Local\Lenovo
2017-01-04 13:25 - 2017-01-04 13:25 - 00000000 ____D C:\Users\John\AppData\Roaming\Lenovo
2017-01-04 13:25 - 2017-01-04 13:25 - 00000000 ____D C:\Users\John\AppData\Local\Power2Go
2017-01-04 13:24 - 2017-01-06 23:54 - 00000000 ____D C:\Users\John
2017-01-04 13:24 - 2017-01-04 13:26 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2017-01-04 13:24 - 2017-01-04 13:24 - 00001457 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-04 13:24 - 2017-01-04 13:24 - 00000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-04 13:24 - 2017-01-04 13:24 - 00000020 ___SH C:\Users\John\ntuser.ini
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 _SHDL C:\Users\John\My Documents
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 _SHDL C:\Users\John\Documents\My Videos
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 _SHDL C:\Users\John\Documents\My Pictures
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 _SHDL C:\Users\John\Documents\My Music
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 ____D C:\Users\John\AppData\Roaming\Adobe
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 ____D C:\ProgramData\eBay
2017-01-04 13:24 - 2014-08-10 04:52 - 00000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2017-01-04 13:24 - 2014-03-18 09:54 - 00000369 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-01-04 13:24 - 2014-03-18 09:54 - 00000369 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-01-04 13:19 - 2017-01-04 13:19 - 00000000 __RHD C:\Users\Public\AccountPictures

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 02:02 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2017-01-09 22:10 - 2014-03-18 09:53 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-09 22:06 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-09 01:23 - 2014-08-10 04:40 - 00000000 ____D C:\Program Files\Common Files\mcafee
2017-01-07 19:55 - 2014-08-10 04:34 - 00000000 ____D C:\windows\jmesoft
2017-01-07 13:01 - 2014-08-10 04:42 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-01-07 12:20 - 2014-08-10 04:40 - 00000000 ____D C:\Program Files\mcafee
2017-01-07 12:08 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-07 01:57 - 2014-08-10 04:40 - 00000000 ____D C:\Program Files\Lenovo
2017-01-07 01:57 - 2014-08-10 04:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-07 01:53 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\NDF
2017-01-07 00:03 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-01-06 23:54 - 2013-08-22 14:44 - 00344624 _____ C:\windows\system32\FNTCACHE.DAT
2017-01-06 23:52 - 2013-08-22 15:36 - 00000000 ___HD C:\windows\ELAMBKUP
2017-01-05 18:11 - 2014-08-10 04:40 - 00000000 ____D C:\ProgramData\McAfee
2017-01-05 18:10 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-01-04 20:18 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2017-01-04 13:31 - 2014-08-10 04:52 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2017-01-04 13:31 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2017-01-04 13:29 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-04 13:25 - 2014-04-02 17:34 - 00000000 ____D C:\windows\Panther
2017-01-04 13:22 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2017-01-04 13:22 - 2013-08-22 13:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2014-08-10 04:32 - 2014-08-10 04:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-10 04:24

==================== End of FRST.txt ============================



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:15 PM

Posted 11 January 2017 - 10:15 AM

Please see Step 7 of the Prep Guide....
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users