Skyclad Posted August 30, 2016 Posted August 30, 2016 Hello... I'm copy and pasting the below from a previously posted topic on a different website.........was directed here, and I'm hoping you guys can help me figure this out.. Since I first posted this, it seems that my computer is to some degree selfCorrecting (if that is possible).. Still some issues going on, but some strange things like when I have a page open over my main AOL page, when clicking off the overlying page, AOL homePage goes logs off as well.... Also, several things having to do with inaccurate "MouseClicks"........things popping up that I did not click on, but that were nearby the cursor.. Hoping this makes sense.. Below is my original posting.. Hoping you guys can help! For some reason, everything was running super slow this morning, as in, when I would even click the mouse, there was a 5 ot 10 second delay before anything would happen.. Also, when clicking on something nothing happened, but when I hit enter after a click it would execute just fine.. These are symptoms I've never seen before.. I've run an MBam scan with no infections reported, and my Kaspersky AV ran earlier this morning and it was clean.. Have run System Restore twice, and in both instances it said "was unable to complete system restore, etc....." Further said that my drive might be corrupted if System Restore failed.. Now I am truly at my wits end.. That is when I usually call on you guys, who have bailed me out over the years many times.. I'm hoping you can do it once again! My connection, along with the above is "iffy" currently, so I'm rolling the dice in going this route.. I might lose connection at any time, but it always comes back strangely enough.. Thinking I might have a DSL problem on that front.. For now, the earlier problem is first and foremost.. As I said, just showed up this morning.. Thanks in advance for any help! Skyclad Quote
seedy21 Posted September 1, 2016 Posted September 1, 2016 Hello Skyclad I'm Seedy21 and I will be helping you with your issues. Please note the following information about the malware forum: From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post. Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive If you are using Cracked or Illegal software your thread will be closed Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close. Please note Farbar Recovery Scan Tool has two versions. Please visit How to tell if you are running a 32-bit or 64-bit version of Windows to see which version you need for your system. Please download Farbar Recovery Scan Tool and save it to your Desktop. Right-click on https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Make sure that Addition option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt. Please copy and paste their content into your next reply. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 2, 2016 Author Posted September 2, 2016 Hello Seedy 21 and thanks for your assistance! Please find below a copy and paste of the items you requested..I am only now seeing your post, so will be more attentive in the future..I have a 64 bit machine, as you can see.. Thanks again,, S Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Mike (administrator) on HOME (01-09-2016 22:02:14) Running from C:\Users\Mike\Downloads Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe (CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\shellmon.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\aolbrowser.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-08] (Luis Cobian, CobianSoft) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.) HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-20] (Google Inc.) HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2\AOL.EXE [73584 2015-12-15] (AOL Inc.) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-17] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{30240170-2754-43C0-8F1E-C67D1234ECC7}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKU\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hbcams.com/ BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-4197961188-714576266-808560349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) FireFox: ======== FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\olk2c82k.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-26] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-17] Chrome: ======= CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20] CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20] CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20] CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20] CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20] CHR Extension: (Google Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-20] CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Kaspersky Protection) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20] CHR Extension: (Chrome Media Router) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01] CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi StartMenuInternet: Google Chrome.AULL7JPKOAZNRFMN4VMN37U7VU - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian) [File not signed] S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-17] (Puran Software) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-17] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-17] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-17] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-01] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-01 22:02 - 2016-09-01 22:02 - 00013611 _____ C:\Users\Mike\Downloads\FRST.txt 2016-09-01 22:01 - 2016-09-01 22:02 - 00000000 ____D C:\FRST 2016-09-01 21:59 - 2016-09-01 21:59 - 02397696 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe 2016-09-01 11:35 - 2016-09-01 11:35 - 00000000 ____D C:\Users\Mike\Desktop\Smoked Beef Ribs Recipe_files 2016-09-01 11:34 - 2016-09-01 11:35 - 00074692 _____ C:\Users\Mike\Desktop\Smoked Beef Ribs Recipe.html 2016-09-01 08:38 - 2016-09-01 08:38 - 00588822 _____ C:\Users\Mike\Desktop\Pork Steaks for Labor Day.html 2016-09-01 08:38 - 2016-09-01 08:38 - 00000000 ____D C:\Users\Mike\Desktop\Pork Steaks for Labor Day_files 2016-08-30 12:24 - 2016-08-30 12:24 - 00055454 _____ C:\Users\Mike\Desktop\Oxygen Sensors & Emissions - Facts & Repair Advice.html 2016-08-30 12:24 - 2016-08-30 12:24 - 00000000 ____D C:\Users\Mike\Desktop\Oxygen Sensors & Emissions - Facts & Repair Advice_files 2016-08-28 13:42 - 2016-08-28 13:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\772463C4.sys 2016-08-28 09:40 - 2016-08-28 09:40 - 00138630 _____ C:\Users\Mike\Desktop\congestive heart - Search Results.html 2016-08-28 09:40 - 2016-08-28 09:40 - 00000000 ____D C:\Users\Mike\Desktop\congestive heart - Search Results_files 2016-08-26 11:38 - 2016-08-26 11:38 - 00296320 _____ C:\Windows\Minidump\082616-18096-01.dmp 2016-08-25 20:57 - 2016-08-25 20:58 - 00000000 ____D C:\Users\Mike\Desktop\111 2016-08-25 01:58 - 2016-08-25 02:28 - 00000000 ____D C:\Users\Mike\Desktop\TikkaBDay15 2016-08-16 13:25 - 2016-07-08 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-16 13:25 - 2016-07-08 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-13 11:10 - 2016-08-13 11:10 - 00000000 ____D C:\Users\Mike\Desktop\Boxley 2016-08-10 05:42 - 2016-07-08 10:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 05:42 - 2016-07-08 10:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-10 05:42 - 2016-07-08 10:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-10 05:42 - 2016-07-08 10:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-10 05:42 - 2016-07-08 10:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-10 05:42 - 2016-07-08 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-10 05:42 - 2016-07-08 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-10 05:42 - 2016-07-08 10:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-10 05:42 - 2016-07-08 09:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-10 05:42 - 2016-07-08 09:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-10 05:42 - 2016-07-08 09:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 05:42 - 2016-07-08 09:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-10 05:42 - 2016-07-08 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-10 05:42 - 2016-07-08 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-10 05:41 - 2016-08-02 09:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 05:41 - 2016-08-02 09:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 05:41 - 2016-08-02 01:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 05:41 - 2016-08-02 01:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 05:41 - 2016-08-02 01:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 05:41 - 2016-08-02 01:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 05:41 - 2016-08-02 01:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 05:41 - 2016-08-02 01:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 05:41 - 2016-08-02 01:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 05:41 - 2016-08-02 01:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 05:41 - 2016-08-02 01:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 05:41 - 2016-08-02 01:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 05:41 - 2016-08-02 01:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 05:41 - 2016-08-02 01:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 05:41 - 2016-08-02 01:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 05:41 - 2016-08-02 01:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 05:41 - 2016-08-02 01:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 05:41 - 2016-08-02 01:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 05:41 - 2016-08-02 01:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 05:41 - 2016-08-02 01:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 05:41 - 2016-08-02 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 05:41 - 2016-08-02 01:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-10 05:41 - 2016-08-02 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 05:41 - 2016-08-02 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 05:41 - 2016-08-02 00:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 05:41 - 2016-08-02 00:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 05:41 - 2016-08-02 00:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 05:41 - 2016-08-02 00:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 05:41 - 2016-08-02 00:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 05:41 - 2016-08-02 00:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-10 05:41 - 2016-08-02 00:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 05:41 - 2016-08-02 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-10 05:41 - 2016-08-02 00:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-10 05:41 - 2016-08-02 00:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-10 05:41 - 2016-08-02 00:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 05:41 - 2016-08-02 00:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-10 05:41 - 2016-08-02 00:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-10 05:41 - 2016-08-02 00:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-10 05:41 - 2016-08-02 00:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 05:41 - 2016-08-02 00:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-10 05:41 - 2016-08-02 00:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-10 05:41 - 2016-08-02 00:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 05:41 - 2016-08-02 00:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 05:41 - 2016-08-02 00:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 05:41 - 2016-08-02 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 05:41 - 2016-08-02 00:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 05:41 - 2016-08-02 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-10 05:41 - 2016-08-02 00:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 05:41 - 2016-08-02 00:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 05:41 - 2016-08-02 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-10 05:41 - 2016-08-02 00:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-10 05:41 - 2016-08-02 00:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-10 05:41 - 2016-08-02 00:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-10 05:41 - 2016-08-02 00:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 05:41 - 2016-08-02 00:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-10 05:41 - 2016-08-02 00:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 05:41 - 2016-08-02 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-10 05:41 - 2016-08-02 00:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 05:41 - 2016-08-02 00:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 05:41 - 2016-08-02 00:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-10 05:41 - 2016-08-02 00:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 05:41 - 2016-08-02 00:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 05:41 - 2016-08-01 23:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 05:41 - 2016-08-01 23:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 05:41 - 2016-08-01 23:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 05:41 - 2016-08-01 23:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 05:41 - 2016-07-08 10:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-03 15:06 - 2016-08-03 15:06 - 01303642 _____ C:\Users\Mike\Desktop\2015-2020 Construction Schedule Map.pdf 2016-08-03 08:20 - 2016-08-03 12:33 - 00000000 ____D C:\Users\Mike\Desktop\SheriPics16 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-01 22:01 - 2009-07-13 23:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-01 22:01 - 2009-07-13 23:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-01 21:59 - 2016-07-28 16:54 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27.job 2016-09-01 21:07 - 2013-12-17 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-01 17:38 - 2015-09-22 16:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-01 16:59 - 2016-07-28 16:54 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61.job 2016-09-01 12:30 - 2016-07-20 19:24 - 00000000 ____D C:\Users\Mike\Desktop\Cartoons 2016-09-01 08:39 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\SmokingMeatJeffFile 2016-09-01 01:50 - 2014-01-02 15:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-08-30 20:58 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-30 20:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-08-30 20:50 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-30 12:31 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\TravelStuff 2016-08-29 18:31 - 2013-12-17 22:33 - 00000000 ____D C:\Users\Mike\Documents\DogStuff 2016-08-28 16:40 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\Turmeric 2016-08-28 15:05 - 2016-06-23 12:10 - 00000000 ____D C:\Users\Mike\Desktop\Summer16 2016-08-28 13:17 - 2013-12-26 13:54 - 00000000 ____D C:\Program Files\Puran Defrag 2016-08-28 09:55 - 2016-06-29 09:23 - 00000000 ____D C:\Users\Mike\Documents\MercolaDr 2016-08-27 14:26 - 2015-06-08 11:15 - 00000000 ____D C:\Users\Mike\Documents\Political 15 2016-08-27 08:50 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\Weil 2016-08-26 11:38 - 2014-05-17 08:33 - 578179329 _____ C:\Windows\MEMORY.DMP 2016-08-26 11:38 - 2014-05-17 08:33 - 00000000 ____D C:\Windows\Minidump 2016-08-26 02:46 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\TeslaStuff 2016-08-24 23:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2016-08-20 17:19 - 2016-02-28 15:34 - 00000000 ____D C:\Users\Mike\Desktop\ScanStuff 2016-08-17 14:49 - 2014-01-27 10:31 - 00000000 ____D C:\Users\Mike\Desktop\Desktop1 2016-08-17 14:26 - 2015-09-08 19:18 - 00000000 ____D C:\Users\Mike\Desktop\Pics 2016-08-17 01:53 - 2016-07-11 22:26 - 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-08-17 01:53 - 2015-12-03 11:10 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys 2016-08-17 01:52 - 2016-04-29 06:12 - 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-08-15 16:28 - 2014-10-14 18:37 - 00000000 ____D C:\Users\Mike\Desktop\RecipesWord 2016-08-13 18:21 - 2013-12-17 22:33 - 00000000 ____D C:\Users\Mike\Documents\CaliStuff 2016-08-13 13:42 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\TweedArticles 2016-08-13 13:25 - 2016-07-07 09:45 - 00000000 ____D C:\Users\Mike\Documents\RetirementStuff 2016-08-13 09:20 - 2013-12-17 22:52 - 00000000 ____D C:\Users\Mike\Documents\Political 2016-08-11 03:33 - 2009-07-13 23:45 - 00295216 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-11 03:15 - 2013-12-17 13:03 - 00000000 ____D C:\Windows\system32\MRT 2016-08-11 03:03 - 2013-12-17 13:03 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-10 13:41 - 2016-02-20 12:54 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA.job 2016-08-10 13:41 - 2016-02-20 12:54 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core.job 2016-08-10 13:40 - 2013-12-18 08:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-10 08:42 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\Wikipedia 2016-08-09 15:43 - 2015-08-23 13:12 - 00000000 ____D C:\Users\Mike\Desktop\Recipes16 2016-08-08 15:01 - 2016-02-20 12:59 - 00002363 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-08 15:01 - 2016-02-20 12:59 - 00002355 _____ C:\Users\Mike\Desktop\Google Chrome.lnk 2016-08-06 17:27 - 2013-12-17 22:34 - 00000000 ____D C:\Users\Mike\Documents\IndiaStuff 2016-08-04 12:00 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\RumiStuff 2016-08-04 09:30 - 2013-12-17 22:52 - 00000000 ____D C:\Users\Mike\Documents\PepperStuff 2016-08-03 12:19 - 2013-12-17 14:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-08-03 12:18 - 2014-12-24 16:53 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2013-12-24 15:36 - 2013-12-24 15:36 - 0000136 _____ () C:\Users\Mike\AppData\Roaming\mbam.context.scan 2013-12-23 09:43 - 2013-12-23 15:27 - 0004608 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-30 14:44 - 2014-10-30 14:45 - 0000202 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-26 00:25 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Mike (01-09-2016 22:02:57) Running from C:\Users\Mike\Downloads Windows 7 Professional Service Pack 1 (X64) (2013-12-17 17:27:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4197961188-714576266-808560349-500 - Administrator - Disabled) Guest (S-1-5-21-4197961188-714576266-808560349-501 - Limited - Disabled) HP_OWNER (S-1-5-21-4197961188-714576266-808560349-1001 - Administrator - Enabled) => C:\Users\HP_OWNER Mike (S-1-5-21-4197961188-714576266-808560349-1000 - Administrator - Enabled) => C:\Users\Mike ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated) AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.) AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.) Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - *Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.) CleanUp! (HKLM-x32\...\CleanUp!) (Version: - ) Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - ) Google Chrome (HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google) Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Puran Defrag 7.6 (HKLM\...\Puran Defrag_is1) (Version: - Puran Software) Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07A0926D-3B93-4542-A293-9D93B3E1751C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.) Task: {1700E63A-3168-43C9-9B93-434C08944EFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {2790EBF7-9F22-4842-BCF2-591079FAAB66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.) Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {3347AF7C-D9EC-4547-AE6C-89435CD71CDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {8B47A7D7-D2F2-4E50-96A4-7F7B232C171C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {97D0ACD3-7B8B-4AA9-B335-660342A4CCF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.) Task: {A6F662DE-561D-4DA5-8C9B-AF7EDE21550A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {B0BAD826-55FF-4D0D-BA85-3A7C89BCE42B} - System32\Tasks\{623394EB-E332-4EE6-87FC-185678DA9EE3} => pcalua.exe -a "C:\ProgramData\AOL Downloads\SUD4624\waol-0.4346.19.1.exe" -d C:\Users\Mike\Desktop Task: {C25D5070-BB51-4587-B189-2AE097F66BE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll 2015-12-07 13:21 - 2015-12-07 13:21 - 45365248 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\libcef.dll 2015-12-15 11:14 - 2015-12-15 11:14 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\zlib.dll 2015-12-15 11:14 - 2015-12-15 11:14 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libcef.dll 2015-12-15 11:14 - 2015-12-15 11:14 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libglesv2.dll 2015-12-15 11:14 - 2015-12-15 11:14 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libegl.dll 2015-12-15 11:14 - 2015-12-15 11:14 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\Components\Tier2Svc.dll 2015-12-15 11:14 - 2015-12-15 11:14 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\Components\DataSvcs.dll 2016-08-08 15:01 - 2016-08-02 19:24 - 01771336 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-08 15:01 - 2016-08-02 19:23 - 00094024 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\52.0.2743.116\libegl.dll 2016-08-08 15:01 - 2016-08-02 18:54 - 17602240 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2015-09-22 16:49 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4197961188-714576266-808560349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{C3E8EF01-3391-440D-8E60-7DFA4FFB6252}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{99BF0AA0-61CC-4402-91DD-688187EF1C2C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{507D92DA-D18F-456B-8580-CF4D7D3D4C34}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{6F25575C-4239-41E2-AF88-A8E4837B1FE8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{9ECD1C4E-7353-4D91-AE28-3F5E0B6F6894}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe FirewallRules: [{4E7E02DE-3224-4EEB-B741-CD4BCE906F97}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe FirewallRules: [{934581BF-C000-4943-A1A9-8D708C0DAC5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe FirewallRules: [{3617D4CB-7140-499B-8EF7-6114519D869E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe FirewallRules: [{F500CF40-7A91-41A3-AF7B-C3C6A51D14AC}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{43A258A9-3E67-4B57-971F-C5F555144649}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{80476B99-EE1F-4C04-A3EF-3BD08D4FB9DF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{489929A1-B33D-450F-9710-BBC963D0F529}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{06DFBD27-BEA0-49DF-9B1C-DB89A93EB606}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{8B5C5F96-14EA-4F12-9D95-8B28902D0B10}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{54A0577E-3E4F-4E17-A785-666F27081CBF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe FirewallRules: [{D10B1CEC-C576-4E4A-A262-C61C93C61591}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe FirewallRules: [{48B5CAF3-443C-435D-B13D-92C41E118353}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{02E4057D-CA37-4B4A-AFDA-1209DE386279}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{8AF77200-EAEE-46C8-886A-9584425FB642}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{88D1214E-2B23-4A42-AD05-5F9BB4E4824C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{D080DA85-6382-47D7-AB8E-BD03A8676BA5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe FirewallRules: [{84AB735B-D1AA-41CF-A172-F1CDF3B02D67}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe FirewallRules: [{EABF4886-EBCB-439E-BCC4-51D532737B94}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe FirewallRules: [{8A159DB4-5EB9-4714-AF31-A1E0E954D74F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe FirewallRules: [{79A1C0C6-DEA7-45B5-831B-B01DB292203D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{47F41458-5C50-4009-BC73-121478D3BF8D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{DC881B37-D9F3-4E8B-B374-E8F09B6F17D4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{3CCB0AFC-552C-47BF-921C-21E84C782125}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{13C79176-45D2-49E0-A01A-047B42F2A1CD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{0DD3A617-96B7-481D-AE9B-C4120FC44844}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe FirewallRules: [{883D8B11-2CDA-4848-8E6A-FDA27359ACD5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe FirewallRules: [{A6A724BC-3293-4F09-BAC8-1980D2D9FEAA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe FirewallRules: [{3F4722D1-3B44-4D4A-897A-4399C7F87769}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe FirewallRules: [{E9658CBE-25EC-4ECD-A959-F1498392F780}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe FirewallRules: [{8E051556-1681-4B46-BF41-11651985A308}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe FirewallRules: [{686645B1-A3D8-4D97-8E46-64585B91A100}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe FirewallRules: [{887AFAF5-9173-4281-BFE1-92FE5FAF4090}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe FirewallRules: [{DECA53EA-D174-47CE-9CAB-A82A113B469D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe ==================== Restore Points ========================= 26-08-2016 11:34:31 Restore Operation 30-08-2016 20:09:41 Windows Update ==================== Faulty Device Manager Devices ============= Name: WAN Miniport (ATW) #2 Description: WAN Miniport (ATW) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: America Online, Inc. Service: wanatw Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/01/2016 01:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (09/01/2016 01:11:22 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {252364e2-f728-4aef-8c56-0006c696231c} Error: (08/31/2016 06:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (08/31/2016 01:11:06 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {252364e2-f728-4aef-8c56-0006c696231c} Error: (08/30/2016 11:00:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (08/30/2016 10:00:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (08/30/2016 04:00:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (08/30/2016 01:11:16 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {b2ce60e4-b781-4ad6-8c5b-8aa37a1eff00} Error: (08/29/2016 09:00:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (08/29/2016 01:11:09 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {b2ce60e4-b781-4ad6-8c5b-8aa37a1eff00} System errors: ============= Error: (08/30/2016 08:49:28 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Error: (08/30/2016 05:25:00 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Error: (08/26/2016 12:57:17 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Error: (08/26/2016 11:38:21 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80073ab4f0, 0xfffffa80073ab7d0, 0xfffff8000318be40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082616-18096-01. Error: (08/26/2016 11:35:08 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Error: (08/26/2016 09:23:12 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Error: (08/24/2016 08:56:39 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:54:30 PM on 8/24/2016 was unexpected. Error: (08/17/2016 01:55:41 AM) (Source: KLIF) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/16/2016 09:24:32 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Error: (08/14/2016 10:45:09 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.423 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-13 00:22:23.266 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Phenom 8650 Triple-Core Processor Percentage of memory in use: 48% Total physical RAM: 5630.49 MB Available physical RAM: 2889.18 MB Total Virtual: 11259.17 MB Available Virtual: 7525.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:368.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 94549454) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Hello Skyclad I'm Seedy21 and I will be helping you with your issues. Please note the following information about the malware forum: From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post. Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive If you are using Cracked or Illegal software your thread will be closed Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close. Please note Farbar Recovery Scan Tool has two versions. Please visit How to tell if you are running a 32-bit or 64-bit version of Windows to see which version you need for your system. Please download Farbar Recovery Scan Tool and save it to your Desktop. Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Make sure that Addition option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt. Please copy and paste their content into your next reply. Quote
seedy21 Posted September 3, 2016 Posted September 3, 2016 (edited) HI Skyclad Step 1 https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif Fix with Farbar Recovery Scan Tool https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif This fix was created for this user for use on that particular machine.https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif Running it on another one may cause damage and render the system unstable. https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif Press the https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK. Copy the entire content of the codebox below and paste into the Notepad document: start CloseProcesses: Task: {1700E63A-3168-43C9-9B93-434C08944EFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {8B47A7D7-D2F2-4E50-96A4-7F7B232C171C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION CMD: sfc /scannow EmptyTemp: end Click File, Save As and type fixlist.txt as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif icon and select https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. Please post it to your reply. Step 2 Emsisoft Emergency Kit Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\). After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop. The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates. When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning. When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan. When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad. Please save the log in Notepad on your desktop and post the contents in your next reply. When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process. Edited September 3, 2016 by Starbuck Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 4, 2016 Author Posted September 4, 2016 Hello seedy21, and thanks for your continued help...! I've gotten down to the step where I click on the Farbar tool as an Administrator and that option isn't available when I right click on it on my task bar (there is no icon for this on desktop).. The options when I right click is..... close window, pin this program to task bar, and Farbar Recovery Tool.. I realize I might be a bit over cautions here and should proceed, but actions such as that in the past have proven problematic.. I wanted to check back with you before going further with this.. Please excuse inexperience here, but want to proceed correctly.. Please advise on this.. Will likely have more questions after this one as well to avoid any possible error.. Thanks for your help and patience here....! S Quote
seedy21 Posted September 4, 2016 Posted September 4, 2016 Hi SkyClad The issue your having is because FRST isn't installed on your desktop, its in your downloads folder. I would go into your Downloads folder > Right click on FRST > Copy Then go to your Desktop > Right click on a blank part on your Desktop > Paste Then you will be able to follow the following :- Right-click on https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif icon and select https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. Please post it to your reply. Step 2 Emsisoft Emergency Kit Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\). After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop. The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates. When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning. When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan. When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad. Please save the log in Notepad on your desktop and post the contents in your next reply. When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 6, 2016 Author Posted September 6, 2016 Hi seedy21.. Well, I've performed some of the steps you have suggested, and I do have some further questions (sorry).. First of all, I want to give you a list of all the files on my desktop that I've saved there, as there is some discrepency showing up compared to what you are saying will be showing up.... The files are: Addition FRST Fixlog I do not see fixlist.txt anywhere, including in the downloads file, despite remembering that I created a file in this name previously.. Have no idea where it is though.. So, before going further (once again) I want to be absolutely sure how to proceed.. I have downloaded the EmisoftEmergencyKit to desktop in addition to the above files listed.. I wanted to get further instruction from you about this issue of the fixlist.txt not appearing anywhere.. Do I need to start over? Please advise.... Thanks again, S PS If you decide I need to start over, please include ALL of the instructions from the beginning.. I do not want to omit a step by overlooking it while looking at previous posts you have sent.. Thx..! Quote
seedy21 Posted September 6, 2016 Posted September 6, 2016 Hi skyclad Can you please copy and paste the content in fixlog ? Thanks Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 8, 2016 Author Posted September 8, 2016 Absolutely! I hope this is what you are needing! Thanks again for the assistance... S Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Mike (06-09-2016 09:09:37) Run:1 Running from C:\Users\Mike\Desktop Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: Task: {1700E63A-3168-43C9-9B93-434C08944EFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {8B47A7D7-D2F2-4E50-96A4-7F7B232C171C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION CMD: sfc /scannow EmptyTemp: end ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1700E63A-3168-43C9-9B93-434C08944EFF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1700E63A-3168-43C9-9B93-434C08944EFF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B47A7D7-D2F2-4E50-96A4-7F7B232C171C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B47A7D7-D2F2-4E50-96A4-7F7B232C171C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully ========= sfc /scannow ========= Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 0% complete.�������������������������Verification 1% complete.�������������������������Verification 1% complete.�������������������������Verification 2% complete.�������������������������Verification 3% complete.�������������������������Verification 3% complete.�������������������������Verification 4% complete.�������������������������Verification 4% complete.�������������������������Verification 5% complete.�������������������������Verification 6% complete.�������������������������Verification 6% complete.�������������������������Verification 7% complete.�������������������������Verification 7% complete.�������������������������Verification 8% complete.�������������������������Verification 9% complete.�������������������������Verification 9% complete.�������������������������Verification 10% complete.��������������������������Verification 11% complete.��������������������������Verification 11% complete.��������������������������Verification 12% complete.��������������������������Verification 12% complete.��������������������������Verification 13% complete.��������������������������Verification 14% complete.��������������������������Verification 14% complete.��������������������������Verification 15% complete.��������������������������Verification 15% complete.��������������������������Verification 16% complete.��������������������������Verification 17% complete.��������������������������Verification 17% complete.��������������������������Verification 18% complete.��������������������������Verification 19% complete.��������������������������Verification 19% complete.��������������������������Verification 20% complete.��������������������������Verification 20% complete.��������������������������Verification 21% complete.��������������������������Verification 22% complete.��������������������������Verification 22% complete.��������������������������Verification 23% complete.��������������������������Verification 23% complete.��������������������������Verification 24% complete.��������������������������Verification 25% complete.��������������������������Verification 25% complete.��������������������������Verification 26% complete.��������������������������Verification 26% complete.��������������������������Verification 27% complete.��������������������������Verification 28% complete.��������������������������Verification 28% complete.��������������������������Verification 29% complete.��������������������������Verification 30% complete.��������������������������Verification 30% complete.��������������������������Verification 31% complete.��������������������������Verification 31% complete.��������������������������Verification 32% complete.��������������������������Verification 33% complete.��������������������������Verification 33% complete.��������������������������Verification 34% complete.��������������������������Verification 34% complete.��������������������������Verification 35% complete.��������������������������Verification 36% complete.��������������������������Verification 36% complete.��������������������������Verification 37% complete.��������������������������Verification 38% complete.��������������������������Verification 38% complete.��������������������������Verification 39% complete.��������������������������Verification 39% complete.��������������������������Verification 40% complete.��������������������������Verification 41% complete.��������������������������Verification 41% complete.��������������������������Verification 42% complete.��������������������������Verification 42% complete.��������������������������Verification 43% complete.��������������������������Verification 44% complete.��������������������������Verification 44% complete.��������������������������Verification 45% complete.��������������������������Verification 46% complete.��������������������������Verification 46% complete.��������������������������Verification 47% complete.��������������������������Verification 47% complete.��������������������������Verification 48% complete.��������������������������Verification 49% complete.��������������������������Verification 49% complete.��������������������������Verification 50% complete.��������������������������Verification 50% complete.��������������������������Verification 51% complete.��������������������������Verification 52% complete.��������������������������Verification 52% complete.��������������������������Verification 53% complete.��������������������������Verification 53% complete.��������������������������Verification 54% complete.��������������������������Verification 55% complete.��������������������������Verification 55% complete.��������������������������Verification 56% complete.��������������������������Verification 57% complete.��������������������������Verification 57% complete.��������������������������Verification 58% complete.��������������������������Verification 58% complete.��������������������������Verification 59% complete.��������������������������Verification 60% complete.��������������������������Verification 60% complete.��������������������������Verification 61% complete.��������������������������Verification 61% complete.��������������������������Verification 62% complete.��������������������������Verification 63% complete.��������������������������Verification 63% complete.��������������������������Verification 64% complete.��������������������������Verification 65% complete.��������������������������Verification 65% complete.��������������������������Verification 66% complete.��������������������������Verification 66% complete.��������������������������Verification 67% complete.��������������������������Verification 68% complete.��������������������������Verification 68% complete.��������������������������Verification 69% complete.��������������������������Verification 69% complete.��������������������������Verification 70% complete.��������������������������Verification 71% complete.��������������������������Verification 71% complete.��������������������������Verification 72% complete.��������������������������Verification 72% complete.��������������������������Verification 73% complete.��������������������������Verification 74% complete.��������������������������Verification 74% complete.��������������������������Verification 75% complete.��������������������������Verification 76% complete.��������������������������Verification 76% complete.��������������������������Verification 77% complete.��������������������������Verification 77% complete.��������������������������Verification 78% complete.��������������������������Verification 79% complete.��������������������������Verification 79% complete.��������������������������Verification 80% complete.��������������������������Verification 80% complete.��������������������������Verification 81% complete.��������������������������Verification 82% complete.��������������������������Verification 82% complete.��������������������������Verification 83% complete.��������������������������Verification 84% complete.��������������������������Verification 84% complete.��������������������������Verification 85% complete.��������������������������Verification 85% complete.��������������������������Verification 86% complete.��������������������������Verification 87% complete.��������������������������Verification 87% complete.��������������������������Verification 88% complete.��������������������������Verification 88% complete.��������������������������Verification 89% complete.��������������������������Verification 90% complete.��������������������������Verification 90% complete.��������������������������Verification 91% complete.��������������������������Verification 92% complete.��������������������������Verification 92% complete.��������������������������Verification 93% complete.��������������������������Verification 93% complete.��������������������������Verification 94% complete.��������������������������Verification 95% complete.��������������������������Verification 95% complete.��������������������������Verification 96% complete.��������������������������Verification 96% complete.��������������������������Verification 97% complete.��������������������������Verification 98% complete.��������������������������Verification 98% complete.��������������������������Verification 99% complete.��������������������������Verification 99% complete.��������������������������Verification 100% complete. Windows Resource Protection did not find any integrity violations. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 12582912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92092153 B Java, Flash, Steam htmlcache => 1544 B Windows/system/drivers => 159470545 B Edge => 0 B Chrome => 637053989 B Firefox => 17168064 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 440934 B Mike => 11353286 B HP_OWNER => 0 B RecycleBin => 2156657 B EmptyTemp: => 889.1 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 09:20:24 ==== Quote
seedy21 Posted September 9, 2016 Posted September 9, 2016 Hi Skyclad Yes this is the log we was after. Please run the following :- Emsisoft Emergency Kit Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\). After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop. The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates. When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning. When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan. When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad. Please save the log in Notepad on your desktop and post the contents in your next reply. When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 10, 2016 Author Posted September 10, 2016 Hello seedy21... Please find below a copy and paste of the results found from the Emsisoft Emergency Kit.. Thanks for your continues help on this! S Emsisoft Emergency Kit - Version 11.9 Last update: 9/10/2016 11:23:38 AM User account: Home\Mike Computer name: HOME OS version: Windows 7x64 Service Pack 1 Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 9/10/2016 11:37:45 AM Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\VIEWPOINT detected: Application.Win32.ViewBar (A) Value: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL detected: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL detected: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL.1 detected: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL.1 detected: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY detected: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY detected: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY.1 detected: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY.1 detected: Application.AdReg (A) Key: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\AOL TOOLBAR detected: Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\AOL TOOLBAR detected: Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VIEWPOINTMEDIAPLAYER detected: Application.InstallAd (A) Scanned 115836 Found 14 Scan end: 9/10/2016 11:55:42 AM Scan time: 0:17:57 Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VIEWPOINTMEDIAPLAYER Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\AOL TOOLBAR Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\AOL TOOLBAR Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY.1 Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL.1 Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL Application.AdReg (A) Value: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Setting.DisableTaskMgr (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\VIEWPOINT Application.Win32.ViewBar (A) Quarantined 10 Quote
Skyclad Posted September 11, 2016 Author Posted September 11, 2016 Hello seedy21.. Just a quick note, as I've noticed that many if not all, of the problems with my computer seems to have normalized.. I'd hesitant to say that it's all fixed and back to normal, but most of the stuff it was doing that was out of the ordinary is now no longer happening....:) I just wanted to let you know the latest development here.. Thanks again for your continued support..! Please advise how to proceed when you get the chance, given the new info above... S Quote
seedy21 Posted September 12, 2016 Posted September 12, 2016 Hi Skyclad, Good news, lets get a second option. https://sites.google.com/site/cannedfixes/eset-online-scanner/ESETOnline.png Scan with ESET Online Scanner This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Please visit ESET Online Scanner website. Click there Run ESET Online Scanner. If using Internet Explorer: Accept the Terms of Use and click Start. Allow the running of add-on. If using Mozilla Firefox or Google Chrome: Download esetsmartinstaller_enu.exe that you'll be given link to. Double click esetsmartinstaller_enu.exe. Allow the Terms of Use and click Start. To perform the scan: Make sure that Remove found threats is unchecked. Scan archives is checked. In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked. Click Start The program will begin to download it's virus database. The speed may vary depending on your Internet connection. When completed, the program will begin to scan. This may take several hours. Please, be patient. Do not do anything on your machine as it may interrupt the scan. When the scan is done, click Finish. A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad. Please include this logfile in your next reply. Don't forget to re-enable previously switched-off protection software! Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 14, 2016 Author Posted September 14, 2016 Hello Seedy21.. I have downloaded the Eset Online Scanner via IE to desktop, but when I open it I am not seeing the options you are talking about.. What I'm seeing is the following options (in part).. Enable detection of potentially unwanted applications Disable detection of potentially unwanted applications (and under advanced settings) Enable detection of potentially unsafe applications Enable detection of suspicious applications Etc..... Please respond back about the above and let me know what steps I should take next, or if this is somehow the wrong tool, etc.. Thanks again! S PS Just disregard what I said about my computer "normalizing", as some very weird stuff is still going on.........mainly having to do with my email and various mouse issues... Quote
seedy21 Posted September 14, 2016 Posted September 14, 2016 Hi Skyclad, Sure let me clear this up... Double click esetsmartinstaller_enu.exe. Allow the Terms of Use and click Start. Make sure that Enable detection of potentially unwanted applications is checked. Under Advanced Settings, Make sure Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archivesand Enable Anti-Stealth Technology is checked. Click Scan The program will begin to download it's virus database. The speed may vary depending on your Internet connection. When completed, the program will begin to scan. This may take several hours. Please, be patient. Do not do anything on your machine as it may interrupt the scan. When the scan is done, click Finish. A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad. Please include this logfile in your next reply. Don't forget to re-enable previously switched-off protection software! Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 16, 2016 Author Posted September 16, 2016 Hello seedy21... I'm still having some issues on this end, despite your further explaination.. I do not have esetmartininstaller_enu.exe installed on my desktop yet, and I cannot seem to find a functional link that I can click on to get me to where I can download the above, from your latest or previous posts.. No doubt I've missed something.. So, if you would, please send me a link to download the above, or direct instructions of how to do so.. After that I'll proceed per your directions... Sorry for the continued miscommunication on my part....:/ Thanks again, S Quote
seedy21 Posted September 17, 2016 Posted September 17, 2016 Hi Skyclad, What internet browser do you use? I will re-post how to do this once I know the above information. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 18, 2016 Author Posted September 18, 2016 I mainly use Google Chrome as a browser.. Hoping this helps, and sorry for the continued disconnect on this end....:/ Again, thanks for all your help..! Quote
seedy21 Posted September 19, 2016 Posted September 19, 2016 https://sites.google.com/site/cannedfixes/eset-online-scanner/ESETOnline.png Scan with ESET Online Scanner This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Please visit ESET Online Scanner website. Click Scan Now . This should download esetsmartinstaller_enu.exe. You should see the downloaded file at the bottom of your screen, Click the file, this will start it up. Allow the Terms of Use and click Start. Make sure that Enable detection of potentially unwanted applications is checked. Under Advanced Settings, Make sure Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives and Enable Anti-Stealth Technology is checked. Click Scan The program will begin to download it's virus database. The speed may vary depending on your Internet connection. When completed, the program will begin to scan. This may take several hours. Please, be patient. Do not do anything on your machine as it may interrupt the scan. When the scan is done, click Finish. A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad. Please include this logfile in your next reply. Don't forget to re-enable previously switched-off protection software! Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 20, 2016 Author Posted September 20, 2016 Hello seedy21.. Well, that was interesting! I ran the scan per your instructions.. Everything appeared to be going well, and at about 80 percent done, it showed 2 infected files.. The scanning continued, so I went to the front room for awhile to kill some time while it completed.. When I came back clearly there was something different going on.. There were long horizontal black bars blacking out the numbers of files scanned, area scanned, etc.. The only thing that showed through the black bars was the numeral 2 under infected files.. I waited like 30 minutes to make sure things were not progressing, which they weren't at that point.. I eventually clicked "stop" and the following showed up..... EOS_v2 has stopped working "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." So.......please advise on how to proceed from here.. I've re-enabled my AntiVirus, so at least didn't forget to do that....:) Thanks again for all your help.. Awaiting your instructions... S Quote
Skyclad Posted September 22, 2016 Author Posted September 22, 2016 Hi seedy21.. I'm wondering if I should try the scan again.. If you feel that would possibly be a good move, please let me know.. Just trying to think of things to do on this end to possibly expedite all of this, despite the scan problem I had earlier.. Thanks again! S Quote
seedy21 Posted September 22, 2016 Posted September 22, 2016 Hi Skyclad, Sorry for the delay, Life has gotten in a way again :) I would like you to run a Full Scan with Kaspersky Anti-virus. Open Kaspersky Anti-Virus 2016. Click Scan. http://support.kaspersky.co.uk/images/kav2016_12133_01124-274274.png In the Scan window, go to the tab Full Scan or Quick Scan. In the right frame, click the Run scan button. http://support.kaspersky.co.uk/images/kav2016_12133_02124-274275.png Let me know what results you get back . Thanks Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Skyclad Posted September 23, 2016 Author Posted September 23, 2016 Hi seedy21... I ran a scan per your request and not surprisingly (since I have a scan schedule every day) it came up clean.. I was unsure how to copy the entire page and send, but the following is what was shown.. Thanks again for your help, and awaiting further instruction/ideas on this if more options are available.... S PS The computer has been better of late, but the last time I said that it began doing odd things again.. I'm still wondering what Eset found, in regard to the 2 files it showed were infected.... Quote
Skyclad Posted September 23, 2016 Author Posted September 23, 2016 Sorry........forgot to paste results... They are as follows.. S 23.09.2016 05.00.44;Full Scan;No threats detected;0;0;0;Yesterday, 9/22/2016 10:17 PM;1 hour, 12 minutes;Today, 9/23/2016 6:13 AM Quote
seedy21 Posted September 23, 2016 Posted September 23, 2016 Hi Skyclad, Thanks for the update. I think ESet scan will be looking in one of our tools Quarantine folder. Can you try and run Eset Online Scanner again for me? Thanks Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.