Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer has a hacker controlling it


  • This topic is locked This topic is locked
12 replies to this topic

#1 coachoflife

coachoflife

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 11 January 2017 - 10:42 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by John (administrator) on LENOVO-PC (10-01-2017 19:56:57)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.2.351.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McAMTaskAgent.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VertoAnalytics Oy) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Verto Analytics Inc) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2947496949-1313208790-3359982435-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DABC8EA0-2EB0-413F-AB21-5EDB3D69D8D0}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-11-18] (McAfee, Inc.)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-07] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 19:56 - 2017-01-10 19:57 - 00010827 _____ C:\Users\John\Downloads\FRST.txt
2017-01-10 19:56 - 2017-01-10 19:56 - 00000000 ____D C:\FRST
2017-01-10 19:55 - 2017-01-10 19:56 - 02419200 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2017-01-09 21:31 - 2017-01-09 21:31 - 00000000 ____D C:\7971a87b4dca212be284
2017-01-09 14:14 - 2017-01-09 14:14 - 00032534 _____ C:\Users\John\Desktop\MTB.txt
2017-01-09 14:12 - 2017-01-09 14:12 - 00892416 _____ (Farbar) C:\Users\John\Downloads\MiniToolBox.exe
2017-01-09 01:54 - 2017-01-09 01:54 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2017-01-09 01:29 - 2017-01-09 01:29 - 02870984 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2017-01-09 01:29 - 2017-01-09 01:29 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-09 01:27 - 2017-01-09 01:27 - 00000552 _____ C:\Users\John\Desktop\JRT.txt
2017-01-09 01:26 - 2017-01-09 01:26 - 01663040 _____ (Malwarebytes) C:\Users\John\Downloads\JRT.exe
2017-01-09 01:20 - 2017-01-09 01:20 - 03988944 _____ C:\Users\John\Downloads\AdwCleaner.exe
2017-01-09 01:06 - 2017-01-10 18:54 - 00003326 _____ C:\windows\System32\Tasks\SmartAppMonitor
2017-01-09 01:06 - 2017-01-10 02:02 - 00004092 _____ C:\windows\System32\Tasks\SmartAppLiveUpdater
2017-01-09 01:06 - 2017-01-09 01:07 - 00000000 ____D C:\Users\John\AppData\Local\VertoAnalytics
2017-01-09 01:06 - 2017-01-09 01:06 - 00000000 ____D C:\Program Files (x86)\SmartApp
2017-01-09 01:00 - 2017-01-10 19:40 - 00003846 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-07 13:23 - 2017-01-07 13:23 - 06771840 _____ (ESET spol. s r.o.) C:\Users\John\Downloads\esetonlinescanner_enu.exe
2017-01-07 13:23 - 2017-01-07 13:23 - 00000000 ____D C:\Users\John\AppData\Local\ESET
2017-01-07 12:58 - 2017-01-09 01:22 - 00000000 ____D C:\AdwCleaner
2017-01-07 12:58 - 2017-01-07 12:58 - 03988944 _____ C:\Users\John\Downloads\adwcleaner_6.042.exe
2017-01-07 01:50 - 2017-01-07 01:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2017-01-07 00:24 - 2017-01-07 00:31 - 00000000 ____D C:\Users\John\AppData\Roaming\ZHP
2017-01-07 00:24 - 2017-01-07 00:24 - 02670592 _____ C:\Users\John\Downloads\ZHPCleaner.exe
2017-01-07 00:24 - 2017-01-07 00:24 - 00000888 _____ C:\Users\John\Desktop\ZHPCleaner.lnk
2017-01-07 00:09 - 2017-01-07 00:09 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2017-01-07 00:09 - 2017-01-07 00:09 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-01-06 23:45 - 2017-01-10 19:00 - 00004020 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-05 18:13 - 2017-01-05 18:13 - 00002003 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2017-01-05 18:13 - 2017-01-05 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-05 18:08 - 2017-01-08 13:19 - 00003068 _____ C:\windows\System32\Tasks\McAfeeLogon
2017-01-05 18:08 - 2017-01-08 13:19 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2017-01-05 18:08 - 2017-01-05 18:08 - 00000000 ____D C:\ProgramData\Intel Security
2017-01-05 18:08 - 2017-01-05 18:08 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-01-04 18:05 - 2017-01-04 19:05 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-04 18:05 - 2017-01-04 18:05 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-04 13:30 - 2017-01-10 18:58 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2947496949-1313208790-3359982435-1001
2017-01-04 13:30 - 2017-01-04 13:30 - 00000000 __SHD C:\Users\John\AppData\LocalLow\EmieUserList
2017-01-04 13:30 - 2017-01-04 13:30 - 00000000 __SHD C:\Users\John\AppData\Local\EmieUserList
2017-01-04 13:30 - 2017-01-04 13:30 - 00000000 __SHD C:\Users\John\AppData\Local\EmieSiteList
2017-01-04 13:29 - 2017-01-04 13:30 - 00000000 __SHD C:\Users\John\AppData\LocalLow\EmieSiteList
2017-01-04 13:26 - 2017-01-04 13:27 - 00000000 ____D C:\Users\John\AppData\Local\Lenovo
2017-01-04 13:25 - 2017-01-04 13:25 - 00000000 ____D C:\Users\John\AppData\Roaming\Lenovo
2017-01-04 13:25 - 2017-01-04 13:25 - 00000000 ____D C:\Users\John\AppData\Local\Power2Go
2017-01-04 13:24 - 2017-01-06 23:54 - 00000000 ____D C:\Users\John
2017-01-04 13:24 - 2017-01-04 13:26 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2017-01-04 13:24 - 2017-01-04 13:24 - 00001457 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-04 13:24 - 2017-01-04 13:24 - 00000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-04 13:24 - 2017-01-04 13:24 - 00000020 ___SH C:\Users\John\ntuser.ini
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 _SHDL C:\Users\John\My Documents
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 _SHDL C:\Users\John\Documents\My Videos
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 _SHDL C:\Users\John\Documents\My Pictures
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 _SHDL C:\Users\John\Documents\My Music
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 ____D C:\Users\John\AppData\Roaming\Adobe
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2017-01-04 13:24 - 2017-01-04 13:24 - 00000000 ____D C:\ProgramData\eBay
2017-01-04 13:24 - 2014-08-10 04:52 - 00000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2017-01-04 13:24 - 2014-03-18 09:54 - 00000369 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-01-04 13:24 - 2014-03-18 09:54 - 00000369 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-01-04 13:19 - 2017-01-04 13:19 - 00000000 __RHD C:\Users\Public\AccountPictures

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 02:02 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Inf
2017-01-09 22:10 - 2014-03-18 09:53 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-09 22:06 - 2013-08-22 14:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-09 01:23 - 2014-08-10 04:40 - 00000000 ____D C:\Program Files\Common Files\mcafee
2017-01-07 19:55 - 2014-08-10 04:34 - 00000000 ____D C:\windows\jmesoft
2017-01-07 13:01 - 2014-08-10 04:42 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-01-07 12:20 - 2014-08-10 04:40 - 00000000 ____D C:\Program Files\mcafee
2017-01-07 12:08 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-07 01:57 - 2014-08-10 04:40 - 00000000 ____D C:\Program Files\Lenovo
2017-01-07 01:57 - 2014-08-10 04:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-07 01:53 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\NDF
2017-01-07 00:03 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-01-06 23:54 - 2013-08-22 14:44 - 00344624 _____ C:\windows\system32\FNTCACHE.DAT
2017-01-06 23:52 - 2013-08-22 15:36 - 00000000 ___HD C:\windows\ELAMBKUP
2017-01-05 18:11 - 2014-08-10 04:40 - 00000000 ____D C:\ProgramData\McAfee
2017-01-05 18:10 - 2013-08-22 13:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-01-04 20:18 - 2013-08-22 15:36 - 00000000 ____D C:\windows\rescache
2017-01-04 13:31 - 2014-08-10 04:52 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2017-01-04 13:31 - 2013-08-22 15:36 - 00000000 ____D C:\windows\AppReadiness
2017-01-04 13:29 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-04 13:25 - 2014-04-02 17:34 - 00000000 ____D C:\windows\Panther
2017-01-04 13:22 - 2013-08-22 15:20 - 00000000 ____D C:\windows\CbsTemp
2017-01-04 13:22 - 2013-08-22 13:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2014-08-10 04:32 - 2014-08-10 04:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-10 04:24

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by John (10-01-2017 19:57:57)
Running from C:\Users\John\Downloads
Windows 8.1 Connected (X64) (2017-01-04 13:23:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2947496949-1313208790-3359982435-500 - Administrator - Disabled)
Guest (S-1-5-21-2947496949-1313208790-3359982435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2947496949-1313208790-3359982435-1003 - Limited - Enabled)
John (S-1-5-21-2947496949-1313208790-3359982435-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {B10D5953-051E-97F6-F53B-3839EFD98259}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {0A6CB8B7-2324-9878-CF8B-034B945EC8E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {8936D876-4F71-96AE-DE64-910C110AC522}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.1.12.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.2063 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
SmartApp (HKLM-x32\...\{A933DBFF-6E8B-461D-B79D-08481CFFE26F}) (Version: 3.2.6 - SmartApp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {092B9D1C-D93D-4691-A184-737E9AF471FF} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2017-01-04] (Lenovo)
Task: {0F1C23CB-71CC-4FEE-97A8-A065B514ADA7} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {0F710E3C-CFBA-41C5-A891-43996960558C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-18] (Lenovo)
Task: {2022B68B-1BF8-4B68-AA76-C41347F873A5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {26001794-7A95-4C24-97B9-FC9924DC5DFC} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2017-01-06] (McAfee, Inc.)
Task: {600B7C72-756E-44D5-A00B-8399F717A3E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-10-11] (McAfee, Inc.)
Task: {70ED0B2F-D553-439C-83E4-4E8DDC163455} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-18] ()
Task: {73BC487F-3C1E-4892-A656-E027E9FE01CA} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2017-01-06] (McAfee, Inc.)
Task: {7ED6C76A-9AFD-48BB-B68F-DDB878739F5C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-10-11] (McAfee, Inc.)
Task: {9742D52B-8FBA-4543-B4E2-308C3F4A6394} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2016-12-28] ()
Task: {98CE9A28-0CCC-434B-9430-DEA27F317513} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {AC7342AA-9D88-4326-A415-E509EE6EFA92} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {DDF046B5-5109-49A7-906C-4C1E46E642B6} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {F933D4F7-52E5-49F1-B472-E7EC5AA7B484} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2016-12-28] (VertoAnalytics Oy)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-08-10 04:34 - 2011-08-17 03:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-08-10 04:50 - 2013-05-14 18:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2009-12-04 23:59 - 2009-12-04 23:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 00:04 - 2009-12-05 00:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "FamilySafetyGuide.lnk"
HKLM\...\StartupApproved\Run32: => "jmesoft"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C7618433-CEDF-4D9F-BBF4-89DE5032E38A}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AFF1105-9103-435B-ACDC-0530BE0692E7}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1AAF4B19-3558-4D71-9A1E-69D0D4FA9D07}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{2847AD01-714E-412B-80EC-6A4EDF395E56}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2386ABE3-7B34-40F2-A338-2982A32834D1}] => C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE

==================== Restore Points =========================

04-01-2017 13:21:30 Windows Modules Installer
07-01-2017 00:06:52 JRT Pre-Junkware Removal
09-01-2017 01:05:40 Installed SmartApp
09-01-2017 01:26:23 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2017 02:27:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 02:26:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:54:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OnlineScannerApp.exe, version: 1.0.0.1, time stamp: 0x55546904
Faulting module name: ONLINE~1.OCX, version: 1.0.0.7777, time stamp: 0x55546935
Exception code: 0xc000041d
Fault offset: 0x0002d516
Faulting process id: 0x548
Faulting application start time: 0x01d26a180b6e05af
Faulting application path: C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
Faulting module path: C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX
Report Id: 85478671-d60e-11e6-825f-c03fd59bd11a
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2017 01:54:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OnlineScannerApp.exe, version: 1.0.0.1, time stamp: 0x55546904
Faulting module name: ONLINE~1.OCX, version: 1.0.0.7777, time stamp: 0x55546935
Exception code: 0xc0000005
Fault offset: 0x0002d516
Faulting process id: 0x548
Faulting application start time: 0x01d26a180b6e05af
Faulting application path: C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
Faulting module path: C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX
Report Id: 7ef95b84-d60e-11e6-825f-c03fd59bd11a
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2017 01:30:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:30:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:30:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:29:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/09/2017 01:29:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\John\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

System errors:
=============
Error: (01/10/2017 06:59:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

Error: (01/09/2017 10:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/09/2017 10:06:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (01/09/2017 09:59:30 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/09/2017 09:59:30 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/09/2017 08:30:25 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/09/2017 08:30:25 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/09/2017 02:26:43 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (01/09/2017 02:26:13 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (01/09/2017 02:07:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

CodeIntegrity:
===================================
  Date: 2017-01-09 22:06:48.166
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-09 01:23:56.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 13:02:00.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 12:55:15.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-07 00:04:14.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-06 23:54:30.086
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU J2900 @ 2.41GHz
Percentage of memory in use: 48%
Total physical RAM: 3983.68 MB
Available physical RAM: 2068.26 MB
Total Virtual: 5391.68 MB
Available Virtual: 3204.76 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:416.89 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DISK1) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 712BA21C)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:18 PM

Posted 13 January 2017 - 10:47 AM

Hi coachoflife,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Thank you for your patience,

 

packetanalyzer



#3 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:18 PM

Posted 16 January 2017 - 02:56 PM

Hi coachoflife,
 
Welcome to Bleeping Computer and thank you for posting your FRST log. You can call me packetanalyzer and I will be helping you with your removing malware from your computer. Please take a moment to review the following.

Please read my instructions completely and follow them closely.

Please do not run any tools unless and until I ask you to do so.

Please only run the tools I ask you to run.

If you have any questions at any point, please stop and ask me before you try to complete the step.

Please refrain from using your computer for any purpose other than us working together to clean malware from it until I have notified you your computer is clean.

Please be patient as most of us at Bleeping Computer are volunteers and your logs take time to closely analyze. If you do not hear back from me in 48 hours, please feel free to send me a PM.

If I do not hear from you within 3 days after any post, this thread will be closed.
 
Now we are going to get started. Please do the following:

 
++++ Step 1 Review and if needed uninstall a specific program ++++
 
It appears you have SmartApp. SmartApp works by proxying your web traffic through a program so it can obtain information about your browsing activity. You may or may not have installed this on purpose.

 
If you did not mean to install SmartApp, please remove the program.
 
To uninstall SmartApp please:

  • Press the windows key + r on your keyboard at the same time (his will open Run)
  • In the Run window type control appwiz.cpl
  • Press Enter
  • Select SmartApp and click Uninstall
  • Follow the steps in the uninstallation wizard
  • Do not restart the computer yet

++++ Step 2 FRST Fix ++++

  • Move C:\Users\John\Downloads\FRST64.exe to C:\Users\John\Desktop.
  • Press the windows key + r on your keyboard at the same time (this will open Run)
  • Type notepad.exe
  • Press Enter
  • Copy and paste the code below in the open notepad window
  • Save the file as fixlist.txt in the same folder where the Farbar tool is running from (FRST should be on your desktop).
  • Right click FRST64.exe
  • Click Run as administrator
  • Click the Fix button
  • When FRST finishes running, your computer will restart itself
RemoveProxy:
C:\windows\System32\Tasks\SmartAppMonitor
C:\windows\System32\Tasks\SmartAppLiveUpdater
C:\Users\John\AppData\Local\VertoAnalytics
CMD: type C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
File: C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
File: C:\Program Files\Windows Defender\MsMpEng.exe
EmptyTemp:

++++ Step 3  Share Your Logs++++

  • Please post the contents of the Fixlog.txt file that was created when you ran the FRST fix in your next reply


#4 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 18 January 2017 - 06:26 PM

The computer you have the logs for has an alarm noise on starting up and will not fully load up.  The 2nd computer will not allow me to access any webpage to solve the problems it has.  I get a warning message, apparently from google, telling me that the page I am trying to access is controlled by someone else.  When I try to go to the page anyway it waits a few seconds then tells me it cannot access the webpage as it took too long to load.  I have a 3rd computer I am now using which has a virus I cannot find.  I have written to smartapp telling them I will not be using them again as the hacker used their software to access my computer again after 4-5 days of not doing so.
cleardot.gif


#5 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:18 PM

Posted 18 January 2017 - 07:32 PM

Hi coachoflife,
 

There are a few things in your post that are confusing and concerning.

 

The first is that we have to work on one computer at a time. If you have multiple computers and they all have problems, the volunteers here at Bleeping Computer are happy to help you but we need you to focus on one computer in a single thread. I don't know which computer you originally asked me to help with, but please limit your responses in this thread to that computer.

 

Please understand that the problems on your numerous computers might not be caused by the same thing. We need to obtain information from your computer and analyze what each step reveals. Please do not assume a program is causing the problem. Acting on assumptions about what is causing the problem is not helpful. Although SmartApp may collect information about online behavior that does not mean a hacker is using SmartApp to control your computer. Please refrain from making unfounded accusations.

 

Before continuing, you said that your computer makes a beeping noise when it starts up. Is this the computer you created the FRST log with earlier? Did you make any hardware or software changes after you created the FRST log? How many times does the computer beep when it starts?



#6 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 18 January 2017 - 10:39 PM

It has 3 beeps and then a longer 4th beep and repeats this over and over again.



#7 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:18 PM

Posted 20 January 2017 - 06:15 PM

Hi coachoflife,
 
We need to see if your RAM is bad. You may need to fully insert your RAM, clean your RAM, or replace your RAM.

++++ Step 4 Run a memory test ++++
 
From an operational Windows 8 or Windows 10 computer please do this.

Note: The following steps will erase everything on your USB device and may take several hours to complete.

  • Insert your USB device into your computer
  • Press the Windows Key + E at the same time
  • Right click on your USB device and select Format
  • Click Start then OK on the warning screen
  • Click OK on the format complete screen
  • Download the Windows MemTest86 USB image onto your Desktop
  • Unzip the file to the memtest86-usb folder onto your Desktop
  • Double click the memtest86-usb folder
  • Double click the imageUSB icon
  • Under Step #1 place a check mark on your USB device
  • Under Step #2 select Write image to to USB drive
  • Under Step #3 verify the file path indicates your Desktop and ends with memtest86-usb\memtest86-usb.img
  • Under Available Options place a check mark in Post Image Verification
  • Under Step #4 click Write
  • Click Yes on the Confirmation\Verification screen
  • Click Yes on FINAL Warning
  • Click OK on the Completed! screen then click Exit
  • With the USB device inserted into the computer to be tested restart the computer
  • Boot your computer from the USB device - you may see something on the boot up screen like "Press F12 to Choose Boot Device" (See here for more instructions)
  • Patiently allow the program to start automatically
  • When completed press any key to display the summary
  • Press any key again
  • Hit the Y key to save the report on the USB device
  • Exit the program and allow your computer to boot (it may be necessary to force restart your computer)
  • Using Windows Explorer locate the HTML file on your USB (example E:\EFI\BOOT\MemTest86-Report-20161202-092656) and attach it to your reply. If necessary hold down the power button to turn of the computer

 

packetanalyzer



#8 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 21 January 2017 - 05:41 AM

I cannot get the Lenovo with windows 8.1 to work.  When switched on all I get is a black screen and the keyboard will not work.



#9 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:18 PM

Posted 21 January 2017 - 01:39 PM

Hi coachoflife,

 

Yes, I realize the computer we are working on does not start right now. The reason it does not start is because you have a problem with the RAM in your computer. To determine what kind of problem the RAM has we want to run a memory test. You will need to follow the previous set of instructions on a computer that does startup.

 

If you are not able to do that then I can provide you documentation on how to take your computer apart and what RAM you need to purchase so you can replace the bad RAM in your computer. Until the RAM problem is handled we will not be able to assist you in removing any malware that may be on your computer.



#10 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 21 January 2017 - 07:24 PM

I have the USB loaded up and tried it on the computer but it stayed black and loaded up nothing at all.  Could we go the documentation route please.



#11 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:18 PM

Posted 24 January 2017 - 03:12 PM

 

I have the USB loaded up and tried it on the computer but it stayed black and loaded up nothing at all.  Could we go the documentation route please.

 

 

Yes that is really our only option currently. If you know what model Lenovo you have and know how to remove the RAM from your computer, we want to try to clean the RAM. When you have the RAM removed, please let me know. If you need assistance with removing the RAM from the computer please let me know what model Lenovo you have.



#12 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 25 January 2017 - 09:53 AM

My health is really poor at present and I am unable to do things for a while so will either have to postpone your help or cancel and come back at a later date.  Thanks for your help so far.



#13 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:18 PM

Posted 26 January 2017 - 04:23 PM

Hi coachoflife,

 

You are always welcome to come back later. Hopefully, next time we work on this you will have good RAM and better health!

 

Thanks,

 

packetanalyzer






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users