• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

  • Due to the complexity and risks involved our formally trained malware staff will be the only ones allowed to help with malware removal advice. Thank you.

Computer Very Slow, Odd Symptoms.....

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hello...
I'm copy and pasting the below from a previously posted topic on a different website.........was directed here, and I'm hoping you guys can help me figure this out.. Since I first posted this, it seems that my computer is to some degree selfCorrecting (if that is possible).. Still some issues going on, but some strange things like when I have a page open over my main AOL page, when clicking off the overlying page, AOL homePage goes logs off as well.... Also, several things having to do with inaccurate "MouseClicks"........things popping up that I did not click on, but that were nearby the cursor.. Hoping this makes sense.. Below is my original posting.. Hoping you guys can help!

For some reason, everything was running super slow this morning, as in, when I would even click the mouse, there was a 5 ot 10 second delay before anything would happen.. Also, when clicking on something nothing happened, but when I hit enter after a click it would execute just fine.. These are symptoms I've never seen before.. I've run an MBam scan with no infections reported, and my Kaspersky AV ran earlier this morning and it was clean.. Have run System Restore twice, and in both instances it said "was unable to complete system restore, etc....." Further said that my drive might be corrupted if System Restore failed..
Now I am truly at my wits end.. That is when I usually call on you guys, who have bailed me out over the years many times.. I'm hoping you can do it once again!
My connection, along with the above is "iffy" currently, so I'm rolling the dice in going this route.. I might lose connection at any time, but it always comes back strangely enough.. Thinking I might have a DSL problem on that front.. For now, the earlier problem is first and foremost.. As I said, just showed up this morning..
Thanks in advance for any help!
Skyclad
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
Hello Skyclad

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.


Please note Farbar Recovery Scan Tool has two versions. Please visit How to tell if you are running a 32-bit or 64-bit version of Windows to see which version you need for your system.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on
    icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hello Seedy 21 and thanks for your assistance!
Please find below a copy and paste of the items you requested..I am only now seeing your post, so will be more attentive in the future..I have a 64 bit machine, as you can see..
Thanks again,,
S

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Mike (administrator) on HOME (01-09-2016 22:02:14)
Running from C:\Users\Mike\Downloads
Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-08] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-20] (Google Inc.)
HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2\AOL.EXE [73584 2015-12-15] (AOL Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-17] (Microsoft Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{30240170-2754-43C0-8F1E-C67D1234ECC7}: [DhcpNameServer] 10.0.0.1


Internet Explorer:
==================
HKU\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hbcams.com/
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-4197961188-714576266-808560349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)


FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\olk2c82k.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-26] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-17]


Chrome:
=======
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]
CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Google Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]
CHR Extension: (Chrome Media Router) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
StartMenuInternet: Google Chrome.AULL7JPKOAZNRFMN4VMN37U7VU - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-17] (Puran Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-17] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-17] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-09-01 22:02 - 2016-09-01 22:02 - 00013611 _____ C:\Users\Mike\Downloads\FRST.txt
2016-09-01 22:01 - 2016-09-01 22:02 - 00000000 ____D C:\FRST
2016-09-01 21:59 - 2016-09-01 21:59 - 02397696 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2016-09-01 11:35 - 2016-09-01 11:35 - 00000000 ____D C:\Users\Mike\Desktop\Smoked Beef Ribs Recipe_files
2016-09-01 11:34 - 2016-09-01 11:35 - 00074692 _____ C:\Users\Mike\Desktop\Smoked Beef Ribs Recipe.html
2016-09-01 08:38 - 2016-09-01 08:38 - 00588822 _____ C:\Users\Mike\Desktop\Pork Steaks for Labor Day.html
2016-09-01 08:38 - 2016-09-01 08:38 - 00000000 ____D C:\Users\Mike\Desktop\Pork Steaks for Labor Day_files
2016-08-30 12:24 - 2016-08-30 12:24 - 00055454 _____ C:\Users\Mike\Desktop\Oxygen Sensors & Emissions - Facts & Repair Advice.html
2016-08-30 12:24 - 2016-08-30 12:24 - 00000000 ____D C:\Users\Mike\Desktop\Oxygen Sensors & Emissions - Facts & Repair Advice_files
2016-08-28 13:42 - 2016-08-28 13:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\772463C4.sys
2016-08-28 09:40 - 2016-08-28 09:40 - 00138630 _____ C:\Users\Mike\Desktop\congestive heart - Search Results.html
2016-08-28 09:40 - 2016-08-28 09:40 - 00000000 ____D C:\Users\Mike\Desktop\congestive heart - Search Results_files
2016-08-26 11:38 - 2016-08-26 11:38 - 00296320 _____ C:\Windows\Minidump\082616-18096-01.dmp
2016-08-25 20:57 - 2016-08-25 20:58 - 00000000 ____D C:\Users\Mike\Desktop\111
2016-08-25 01:58 - 2016-08-25 02:28 - 00000000 ____D C:\Users\Mike\Desktop\TikkaBDay15
2016-08-16 13:25 - 2016-07-08 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-16 13:25 - 2016-07-08 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-13 11:10 - 2016-08-13 11:10 - 00000000 ____D C:\Users\Mike\Desktop\Boxley
2016-08-10 05:42 - 2016-07-08 10:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 05:42 - 2016-07-08 10:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 05:42 - 2016-07-08 10:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 05:42 - 2016-07-08 10:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 05:42 - 2016-07-08 10:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 05:42 - 2016-07-08 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 05:42 - 2016-07-08 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 05:42 - 2016-07-08 10:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 05:42 - 2016-07-08 09:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 05:42 - 2016-07-08 09:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 05:42 - 2016-07-08 09:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 05:42 - 2016-07-08 09:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 05:42 - 2016-07-08 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 05:42 - 2016-07-08 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 05:41 - 2016-08-02 09:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 05:41 - 2016-08-02 09:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 05:41 - 2016-08-02 01:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 05:41 - 2016-08-02 01:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 05:41 - 2016-08-02 01:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 05:41 - 2016-08-02 01:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 05:41 - 2016-08-02 01:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 05:41 - 2016-08-02 01:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 05:41 - 2016-08-02 01:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 05:41 - 2016-08-02 01:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 05:41 - 2016-08-02 01:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 05:41 - 2016-08-02 01:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 05:41 - 2016-08-02 01:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 05:41 - 2016-08-02 01:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 05:41 - 2016-08-02 01:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 05:41 - 2016-08-02 01:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 05:41 - 2016-08-02 01:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 05:41 - 2016-08-02 01:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 05:41 - 2016-08-02 01:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 05:41 - 2016-08-02 01:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 05:41 - 2016-08-02 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 05:41 - 2016-08-02 01:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 05:41 - 2016-08-02 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 05:41 - 2016-08-02 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 05:41 - 2016-08-02 00:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 05:41 - 2016-08-02 00:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 05:41 - 2016-08-02 00:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 05:41 - 2016-08-02 00:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 05:41 - 2016-08-02 00:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 05:41 - 2016-08-02 00:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 05:41 - 2016-08-02 00:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 05:41 - 2016-08-02 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 05:41 - 2016-08-02 00:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 05:41 - 2016-08-02 00:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 05:41 - 2016-08-02 00:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 05:41 - 2016-08-02 00:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 05:41 - 2016-08-02 00:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 05:41 - 2016-08-02 00:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 05:41 - 2016-08-02 00:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 05:41 - 2016-08-02 00:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 05:41 - 2016-08-02 00:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 05:41 - 2016-08-02 00:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 05:41 - 2016-08-02 00:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 05:41 - 2016-08-02 00:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 05:41 - 2016-08-02 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 05:41 - 2016-08-02 00:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 05:41 - 2016-08-02 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 05:41 - 2016-08-02 00:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 05:41 - 2016-08-02 00:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 05:41 - 2016-08-02 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 05:41 - 2016-08-02 00:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 05:41 - 2016-08-02 00:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 05:41 - 2016-08-02 00:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 05:41 - 2016-08-02 00:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 05:41 - 2016-08-02 00:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 05:41 - 2016-08-02 00:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 05:41 - 2016-08-02 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 05:41 - 2016-08-02 00:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 05:41 - 2016-08-02 00:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 05:41 - 2016-08-02 00:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 05:41 - 2016-08-02 00:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 05:41 - 2016-08-02 00:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 05:41 - 2016-08-01 23:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 05:41 - 2016-08-01 23:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 05:41 - 2016-08-01 23:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 05:41 - 2016-08-01 23:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 05:41 - 2016-07-08 10:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-03 15:06 - 2016-08-03 15:06 - 01303642 _____ C:\Users\Mike\Desktop\2015-2020 Construction Schedule Map.pdf
2016-08-03 08:20 - 2016-08-03 12:33 - 00000000 ____D C:\Users\Mike\Desktop\SheriPics16


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-09-01 22:01 - 2009-07-13 23:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-01 22:01 - 2009-07-13 23:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-01 21:59 - 2016-07-28 16:54 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27.job
2016-09-01 21:07 - 2013-12-17 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-01 17:38 - 2015-09-22 16:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-01 16:59 - 2016-07-28 16:54 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61.job
2016-09-01 12:30 - 2016-07-20 19:24 - 00000000 ____D C:\Users\Mike\Desktop\Cartoons
2016-09-01 08:39 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\SmokingMeatJeffFile
2016-09-01 01:50 - 2014-01-02 15:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-30 20:58 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-30 20:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-08-30 20:50 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-30 12:31 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\TravelStuff
2016-08-29 18:31 - 2013-12-17 22:33 - 00000000 ____D C:\Users\Mike\Documents\DogStuff
2016-08-28 16:40 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\Turmeric
2016-08-28 15:05 - 2016-06-23 12:10 - 00000000 ____D C:\Users\Mike\Desktop\Summer16
2016-08-28 13:17 - 2013-12-26 13:54 - 00000000 ____D C:\Program Files\Puran Defrag
2016-08-28 09:55 - 2016-06-29 09:23 - 00000000 ____D C:\Users\Mike\Documents\MercolaDr
2016-08-27 14:26 - 2015-06-08 11:15 - 00000000 ____D C:\Users\Mike\Documents\Political 15
2016-08-27 08:50 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\Weil
2016-08-26 11:38 - 2014-05-17 08:33 - 578179329 _____ C:\Windows\MEMORY.DMP
2016-08-26 11:38 - 2014-05-17 08:33 - 00000000 ____D C:\Windows\Minidump
2016-08-26 02:46 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\TeslaStuff
2016-08-24 23:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-08-20 17:19 - 2016-02-28 15:34 - 00000000 ____D C:\Users\Mike\Desktop\ScanStuff
2016-08-17 14:49 - 2014-01-27 10:31 - 00000000 ____D C:\Users\Mike\Desktop\Desktop1
2016-08-17 14:26 - 2015-09-08 19:18 - 00000000 ____D C:\Users\Mike\Desktop\Pics
2016-08-17 01:53 - 2016-07-11 22:26 - 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-17 01:53 - 2015-12-03 11:10 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-17 01:52 - 2016-04-29 06:12 - 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-15 16:28 - 2014-10-14 18:37 - 00000000 ____D C:\Users\Mike\Desktop\RecipesWord
2016-08-13 18:21 - 2013-12-17 22:33 - 00000000 ____D C:\Users\Mike\Documents\CaliStuff
2016-08-13 13:42 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\TweedArticles
2016-08-13 13:25 - 2016-07-07 09:45 - 00000000 ____D C:\Users\Mike\Documents\RetirementStuff
2016-08-13 09:20 - 2013-12-17 22:52 - 00000000 ____D C:\Users\Mike\Documents\Political
2016-08-11 03:33 - 2009-07-13 23:45 - 00295216 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 03:15 - 2013-12-17 13:03 - 00000000 ____D C:\Windows\system32\MRT
2016-08-11 03:03 - 2013-12-17 13:03 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 13:41 - 2016-02-20 12:54 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA.job
2016-08-10 13:41 - 2016-02-20 12:54 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core.job
2016-08-10 13:40 - 2013-12-18 08:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-10 08:42 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\Wikipedia
2016-08-09 15:43 - 2015-08-23 13:12 - 00000000 ____D C:\Users\Mike\Desktop\Recipes16
2016-08-08 15:01 - 2016-02-20 12:59 - 00002363 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 15:01 - 2016-02-20 12:59 - 00002355 _____ C:\Users\Mike\Desktop\Google Chrome.lnk
2016-08-06 17:27 - 2013-12-17 22:34 - 00000000 ____D C:\Users\Mike\Documents\IndiaStuff
2016-08-04 12:00 - 2013-12-17 22:53 - 00000000 ____D C:\Users\Mike\Documents\RumiStuff
2016-08-04 09:30 - 2013-12-17 22:52 - 00000000 ____D C:\Users\Mike\Documents\PepperStuff
2016-08-03 12:19 - 2013-12-17 14:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-08-03 12:18 - 2014-12-24 16:53 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task


==================== Files in the root of some directories =======


2013-12-24 15:36 - 2013-12-24 15:36 - 0000136 _____ () C:\Users\Mike\AppData\Roaming\mbam.context.scan
2013-12-23 09:43 - 2013-12-23 15:27 - 0004608 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-30 14:44 - 2014-10-30 14:45 - 0000202 _____ () C:\ProgramData\hpzinstall.log


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-08-26 00:25


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Mike (01-09-2016 22:02:57)
Running from C:\Users\Mike\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-12-17 17:27:37)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-4197961188-714576266-808560349-500 - Administrator - Disabled)
Guest (S-1-5-21-4197961188-714576266-808560349-501 - Limited - Disabled)
HP_OWNER (S-1-5-21-4197961188-714576266-808560349-1001 - Administrator - Enabled) => C:\Users\HP_OWNER
Mike (S-1-5-21-4197961188-714576266-808560349-1000 - Administrator - Enabled) => C:\Users\Mike


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Google Chrome (HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Puran Defrag 7.6 (HKLM\...\Puran Defrag_is1) (Version: - Puran Software)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {07A0926D-3B93-4542-A293-9D93B3E1751C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {1700E63A-3168-43C9-9B93-434C08944EFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2790EBF7-9F22-4842-BCF2-591079FAAB66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3347AF7C-D9EC-4547-AE6C-89435CD71CDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {8B47A7D7-D2F2-4E50-96A4-7F7B232C171C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {97D0ACD3-7B8B-4AA9-B335-660342A4CCF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {A6F662DE-561D-4DA5-8C9B-AF7EDE21550A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B0BAD826-55FF-4D0D-BA85-3A7C89BCE42B} - System32\Tasks\{623394EB-E332-4EE6-87FC-185678DA9EE3} => pcalua.exe -a "C:\ProgramData\AOL Downloads\SUD4624\waol-0.4346.19.1.exe" -d C:\Users\Mike\Desktop
Task: {C25D5070-BB51-4587-B189-2AE097F66BE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll
2015-12-07 13:21 - 2015-12-07 13:21 - 45365248 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\libcef.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\zlib.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libcef.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libglesv2.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libegl.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\Components\Tier2Svc.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\Components\DataSvcs.dll
2016-08-08 15:01 - 2016-08-02 19:24 - 01771336 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 15:01 - 2016-08-02 19:23 - 00094024 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-08 15:01 - 2016-08-02 18:54 - 17602240 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 21:34 - 2015-09-22 16:49 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-4197961188-714576266-808560349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)




==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C3E8EF01-3391-440D-8E60-7DFA4FFB6252}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{99BF0AA0-61CC-4402-91DD-688187EF1C2C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{507D92DA-D18F-456B-8580-CF4D7D3D4C34}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{6F25575C-4239-41E2-AF88-A8E4837B1FE8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{9ECD1C4E-7353-4D91-AE28-3F5E0B6F6894}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe
FirewallRules: [{4E7E02DE-3224-4EEB-B741-CD4BCE906F97}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe
FirewallRules: [{934581BF-C000-4943-A1A9-8D708C0DAC5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{3617D4CB-7140-499B-8EF7-6114519D869E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{F500CF40-7A91-41A3-AF7B-C3C6A51D14AC}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{43A258A9-3E67-4B57-971F-C5F555144649}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{80476B99-EE1F-4C04-A3EF-3BD08D4FB9DF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{489929A1-B33D-450F-9710-BBC963D0F529}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{06DFBD27-BEA0-49DF-9B1C-DB89A93EB606}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{8B5C5F96-14EA-4F12-9D95-8B28902D0B10}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{54A0577E-3E4F-4E17-A785-666F27081CBF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{D10B1CEC-C576-4E4A-A262-C61C93C61591}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{48B5CAF3-443C-435D-B13D-92C41E118353}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{02E4057D-CA37-4B4A-AFDA-1209DE386279}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{8AF77200-EAEE-46C8-886A-9584425FB642}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{88D1214E-2B23-4A42-AD05-5F9BB4E4824C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{D080DA85-6382-47D7-AB8E-BD03A8676BA5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe
FirewallRules: [{84AB735B-D1AA-41CF-A172-F1CDF3B02D67}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe
FirewallRules: [{EABF4886-EBCB-439E-BCC4-51D532737B94}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{8A159DB4-5EB9-4714-AF31-A1E0E954D74F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{79A1C0C6-DEA7-45B5-831B-B01DB292203D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{47F41458-5C50-4009-BC73-121478D3BF8D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{DC881B37-D9F3-4E8B-B374-E8F09B6F17D4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{3CCB0AFC-552C-47BF-921C-21E84C782125}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{13C79176-45D2-49E0-A01A-047B42F2A1CD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{0DD3A617-96B7-481D-AE9B-C4120FC44844}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{883D8B11-2CDA-4848-8E6A-FDA27359ACD5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{A6A724BC-3293-4F09-BAC8-1980D2D9FEAA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{3F4722D1-3B44-4D4A-897A-4399C7F87769}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe
FirewallRules: [{E9658CBE-25EC-4ECD-A959-F1498392F780}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe
FirewallRules: [{8E051556-1681-4B46-BF41-11651985A308}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe
FirewallRules: [{686645B1-A3D8-4D97-8E46-64585B91A100}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe
FirewallRules: [{887AFAF5-9173-4281-BFE1-92FE5FAF4090}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{DECA53EA-D174-47CE-9CAB-A82A113B469D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe


==================== Restore Points =========================


26-08-2016 11:34:31 Restore Operation
30-08-2016 20:09:41 Windows Update


==================== Faulty Device Manager Devices =============


Name: WAN Miniport (ATW) #2
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.




==================== Event log errors: =========================


Application errors:
==================
Error: (09/01/2016 01:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).


Error: (09/01/2016 01:11:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.




Operation:
Gathering Writer Data


Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {252364e2-f728-4aef-8c56-0006c696231c}


Error: (08/31/2016 06:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).


Error: (08/31/2016 01:11:06 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.




Operation:
Gathering Writer Data


Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {252364e2-f728-4aef-8c56-0006c696231c}


Error: (08/30/2016 11:00:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).


Error: (08/30/2016 10:00:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).


Error: (08/30/2016 04:00:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).


Error: (08/30/2016 01:11:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.




Operation:
Gathering Writer Data


Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b2ce60e4-b781-4ad6-8c5b-8aa37a1eff00}


Error: (08/29/2016 09:00:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).


Error: (08/29/2016 01:11:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.




Operation:
Gathering Writer Data


Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b2ce60e4-b781-4ad6-8c5b-8aa37a1eff00}




System errors:
=============
Error: (08/30/2016 08:49:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.


Error: (08/30/2016 05:25:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.


Error: (08/26/2016 12:57:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.


Error: (08/26/2016 11:38:21 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80073ab4f0, 0xfffffa80073ab7d0, 0xfffff8000318be40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082616-18096-01.


Error: (08/26/2016 11:35:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.


Error: (08/26/2016 09:23:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.


Error: (08/24/2016 08:56:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:54:30 PM on ‎8/‎24/‎2016 was unexpected.


Error: (08/17/2016 01:55:41 AM) (Source: KLIF) (EventID: 0) (User: )
Description: Event-ID 0


Error: (08/16/2016 09:24:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.


Error: (08/14/2016 10:45:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.




CodeIntegrity:
===================================
Date: 2014-10-15 00:27:41.501
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-15 00:27:41.501
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-15 00:27:41.501
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-15 00:27:41.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-15 00:27:41.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-15 00:27:41.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-15 00:27:41.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-15 00:27:41.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-15 00:27:41.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


Date: 2014-10-13 00:22:23.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.




==================== Memory info ===========================


Processor: AMD Phenom(tm) 8650 Triple-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 5630.49 MB
Available physical RAM: 2889.18 MB
Total Virtual: 11259.17 MB
Available Virtual: 7525.59 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:465.66 GB) (Free:368.16 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 94549454)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================





Hello Skyclad

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.


Please note Farbar Recovery Scan Tool has two versions. Please visit How to tell if you are running a 32-bit or 64-bit version of Windows to see which version you need for your system.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on
    icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
HI Skyclad

Step 1


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.


Press the
+ R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    Code:
    start
    CloseProcesses:
    Task: {1700E63A-3168-43C9-9B93-434C08944EFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {8B47A7D7-D2F2-4E50-96A4-7F7B232C171C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    CMD: sfc /scannow
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


Step 2

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  1. After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  2. The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  3. When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  4. When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  5. When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  6. Please save the log in Notepad on your desktop and post the contents in your next reply.
  7. When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
 
Last edited by a moderator:

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hello seedy21, and thanks for your continued help...!
I've gotten down to the step where I click on the Farbar tool as an Administrator and that option isn't available when I right click on it on my task bar (there is no icon for this on desktop).. The options when I right click is..... close window, pin this program to task bar, and Farbar Recovery Tool.. I realize I might be a bit over cautions here and should proceed, but actions such as that in the past have proven problematic.. I wanted to check back with you before going further with this.. Please excuse inexperience here, but want to proceed correctly..
Please advise on this.. Will likely have more questions after this one as well to avoid any possible error..
Thanks for your help and patience here....!
S
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
Hi SkyClad

The issue your having is because FRST isn't installed on your desktop, its in your downloads folder.

I would go into your Downloads folder > Right click on FRST > Copy
Then go to your Desktop > Right click on a blank part on your Desktop > Paste

Then you will be able to follow the following :-


  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.


Please post it to your reply.


Step 2

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).


  1. After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  2. The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  3. When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  4. When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  5. When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  6. Please save the log in Notepad on your desktop and post the contents in your next reply.
  7. When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hi seedy21..
Well, I've performed some of the steps you have suggested, and I do have some further questions (sorry)..
First of all, I want to give you a list of all the files on my desktop that I've saved there, as there is some discrepency showing up compared to what you are saying will be showing up....
The files are:
Addition
FRST
Fixlog

I do not see fixlist.txt anywhere, including in the downloads file, despite remembering that I created a file in this name previously.. Have no idea where it is though..
So, before going further (once again) I want to be absolutely sure how to proceed.. I have downloaded the EmisoftEmergencyKit to desktop in addition to the above files listed.. I wanted to get further instruction from you about this issue of the fixlist.txt not appearing anywhere.. Do I need to start over? Please advise....
Thanks again,
S
PS If you decide I need to start over, please include ALL of the instructions from the beginning.. I do not want to omit a step by overlooking it while looking at previous posts you have sent.. Thx..!
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
Hi skyclad

Can you please copy and paste the content in fixlog ?

Thanks
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Absolutely! I hope this is what you are needing! Thanks again for the assistance...
S

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Mike (06-09-2016 09:09:37) Run:1
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER)
Boot Mode: Normal
==============================================


fixlist content:
*****************
start
CloseProcesses:
Task: {1700E63A-3168-43C9-9B93-434C08944EFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {8B47A7D7-D2F2-4E50-96A4-7F7B232C171C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
CMD: sfc /scannow
EmptyTemp:
end
*****************


Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1700E63A-3168-43C9-9B93-434C08944EFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1700E63A-3168-43C9-9B93-434C08944EFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B47A7D7-D2F2-4E50-96A4-7F7B232C171C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B47A7D7-D2F2-4E50-96A4-7F7B232C171C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully


========= sfc /scannow =========






Beginning system scan. This process will take some time.






Beginning verification phase of system scan.


Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 11% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 15% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 20% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 47% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 52% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 79% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 90% complete.Verification 90% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 95% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.




Windows Resource Protection did not find any integrity violations.




========= End of CMD: =========




=========== EmptyTemp: ==========


BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92092153 B
Java, Flash, Steam htmlcache => 1544 B
Windows/system/drivers => 159470545 B
Edge => 0 B
Chrome => 637053989 B
Firefox => 17168064 B
Opera => 0 B


Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 440934 B
Mike => 11353286 B
HP_OWNER => 0 B


RecycleBin => 2156657 B
EmptyTemp: => 889.1 MB temporary data Removed.


================================




The system needed a reboot.


==== End of Fixlog 09:20:24 ====
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
Hi Skyclad

Yes this is the log we was after. Please run the following :-

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).


  1. After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  2. The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  3. When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  4. When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  5. When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  6. Please save the log in Notepad on your desktop and post the contents in your next reply.
  7. When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hello seedy21...
Please find below a copy and paste of the results found from the Emsisoft Emergency Kit.. Thanks for your continues help on this!
S

Emsisoft Emergency Kit - Version 11.9
Last update: 9/10/2016 11:23:38 AM
User account: Home\Mike
Computer name: HOME
OS version: Windows 7x64 Service Pack 1


Scan settings:


Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files


Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off


Scan start: 9/10/2016 11:37:45 AM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\VIEWPOINT detected: Application.Win32.ViewBar (A)
Value: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY.1 detected: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\AOL TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\AOL TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VIEWPOINTMEDIAPLAYER detected: Application.InstallAd (A)


Scanned 115836
Found 14


Scan end: 9/10/2016 11:55:42 AM
Scan time: 0:17:57


Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VIEWPOINTMEDIAPLAYER Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\AOL TOOLBAR Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\AOL TOOLBAR Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL Application.AdReg (A)
Value: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\VIEWPOINT Application.Win32.ViewBar (A)


Quarantined 10
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hello seedy21..
Just a quick note, as I've noticed that many if not all, of the problems with my computer seems to have normalized.. I'd hesitant to say that it's all fixed and back to normal, but most of the stuff it was doing that was out of the ordinary is now no longer happening....:) I just wanted to let you know the latest development here..
Thanks again for your continued support..! Please advise how to proceed when you get the chance, given the new info above...
S
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
Hi Skyclad,

Good news, lets get a second option.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hello Seedy21..
I have downloaded the Eset Online Scanner via IE to desktop, but when I open it I am not seeing the options you are talking about.. What I'm seeing is the following options (in part)..

Enable detection of potentially unwanted applications
Disable detection of potentially unwanted applications

(and under advanced settings)

Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Etc.....

Please respond back about the above and let me know what steps I should take next, or if this is somehow the wrong tool, etc..
Thanks again!
S
PS Just disregard what I said about my computer "normalizing", as some very weird stuff is still going on.........mainly having to do with my email and various mouse issues...
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
Hi Skyclad,

Sure let me clear this up...


  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

  • Make sure that Enable detection of potentially unwanted applications is checked.
  • Under Advanced Settings, Make sure Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archivesand Enable Anti-Stealth Technology is checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hello seedy21...
I'm still having some issues on this end, despite your further explaination.. I do not have esetmartininstaller_enu.exe installed on my desktop yet, and I cannot seem to find a functional link that I can click on to get me to where I can download the above, from your latest or previous posts.. No doubt I've missed something.. So, if you would, please send me a link to download the above, or direct instructions of how to do so.. After that I'll proceed per your directions... Sorry for the continued miscommunication on my part....:/
Thanks again,
S
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
Hi Skyclad,

What internet browser do you use?

I will re-post how to do this once I know the above information.
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
I mainly use Google Chrome as a browser.. Hoping this helps, and sorry for the continued disconnect on this end....:/
Again, thanks for all your help..!
 

seedy21

Super Moderator & Security Team
Joined
Jul 5, 2010
Location
Halifax UK
PC Experience
Pc Guru
Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click Scan Now .

This should download esetsmartinstaller_enu.exe.


  • You should see the downloaded file at the bottom of your screen, Click the file, this will start it up.
  • Allow the Terms of Use and click Start.

  • Make sure that Enable detection of potentially unwanted applications is checked.
  • Under Advanced Settings, Make sure Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives and Enable Anti-Stealth Technology is checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
PC Experience
Some Experience
Hello seedy21..
Well, that was interesting! I ran the scan per your instructions.. Everything appeared to be going well, and at about 80 percent done, it showed 2 infected files.. The scanning continued, so I went to the front room for awhile to kill some time while it completed.. When I came back clearly there was something different going on.. There were long horizontal black bars blacking out the numbers of files scanned, area scanned, etc.. The only thing that showed through the black bars was the numeral 2 under infected files.. I waited like 30 minutes to make sure things were not progressing, which they weren't at that point.. I eventually clicked "stop" and the following showed up.....

EOS_v2 has stopped working "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

So.......please advise on how to proceed from here.. I've re-enabled my AntiVirus, so at least didn't forget to do that....:)
Thanks again for all your help.. Awaiting your instructions...
S
 
Top Bottom