Jump to content


Photo

Laptop with Win10 barely running...everything is laborious


  • This topic is locked This topic is locked
25 replies to this topic

#1 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 25 July 2016 - 09:31 AM

Hi Guys,

 

I am working on a laptop for my next door neighbor trying to make it usable again.  The laptop itself has some physical damage to the upper right hand corner of the casing.  Please see the attached pictures.

 

The exposed wire, I learned, is the internal antenna (wireless).  Which is why the internal wifi function does not operate, so he has a little wifi dongle in a USB port.  Anyway, I dont think that this is part of the problem.  The real problem with the laptop is the slow, slow, incredibly slow speed with which it does anything.  I started this little project yesterday and i wanted to run all of the required scans.  But the one that usually takes the longest is the ESET online scanner so I ran that first.  It is now into 21 hours of scanning and at about 90% completed.  It has not found any infected files yet, but I can't even be sure it is still scanning or just hung up.  Everything takes a dramatic length of time to function.  When i tap the WINDOWS key, it opens the start menu after about 2-3 minutes. 

 

I will get the scans run, however, at this point I am debating whether or not to dump the ESET Scan and maybe run Malwarebytes and the other less intrusive scans to at least get an idea of what is going on. 

 

Any advice would be a great help at the beginning of this challenge.

 

Thank you

 

JoeFixes


JoeFixes
(But only if its Broke)

#2 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 25 July 2016 - 10:10 AM

Here are the pictures referenced above.
 
Pictures removed.
JoeFixes
(But only if its Broke)

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 26 July 2016 - 11:05 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

I think you should stop the E-set scan and run these tool. I will review your logs and advise.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 26 July 2016 - 11:26 AM

Hi Nasdaq,

 

I had been running MBAM for the last 22 hours.  It found 3 objects but it seemed to get hung up and wouldn't progress.  I restarted the laptop, re-downloaded it from the link you sent me and updated the database.  I made sure to check for rootkits.  It is scanning again now and it does detect 3 objects right away, but i suspect i am in for another long day of scanning.  I will let it run until the morning if it needs to go that long.  After MBAM completes I will run the other scans.  Thank you for your help in advance.

 

JoeFixes


JoeFixes
(But only if its Broke)

#5 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 27 July 2016 - 09:05 AM

Hi Nasdaq,,

 

Okay...MBAM has now been running again with no advancement for 21 hours.  It has scanned 57,533 files and doesnt seem to be advancing at all.  I am going to stop the scan and try to run the other scans and see what success I have.

 

JoeFixes


JoeFixes
(But only if its Broke)

#6 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 27 July 2016 - 10:09 AM

Hi Nasdaq,

 

I had better luck with ADWCleaner and FARBAR.  Below are the logs from those two and the ADDITION.TXT is attached.  Maybe this will help other things run.  I will also try to run MBAM again now.

 

# AdwCleaner v5.201 - Logfile created 27/07/2016 at 11:36:22
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-27.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Fran - CAITI
# Running from : C:\Users\Fran\Desktop\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\BoostSoftware
[-] Folder Deleted : C:\ProgramData\slimware utilities inc
[#] Folder Deleted : C:\ProgramData\Application Data\BoostSoftware
[#] Folder Deleted : C:\ProgramData\Application Data\slimware utilities inc
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
[-] Folder Deleted : C:\Users\Public\Documents\Downloaded Installers
[-] Folder Deleted : C:\Program Files (x86)\Amazon\Amazon1ButtonApp
[-] Folder Deleted : C:\Users\CForgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[-] Folder Deleted : C:\Users\Fran\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Fran\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\Fran\AppData\Local\Downloaded Installers
[-] Folder Deleted : C:\Users\Fran\AppData\Local\DirectionsAce_fv
[-] Folder Deleted : C:\Users\Fran\AppData\LocalLow\iac
[#] Folder Deleted : C:\Users\Fran\AppData\LocalLow\IAC
[-] Folder Deleted : C:\Users\Fran\AppData\LocalLow\DirectionsAce_fv
[+] Folder Deleted : C:\Users\Fran\AppData\Roaming\Linkey
[-] Folder Deleted : C:\Users\Fran\AppData\Roaming\1H1Q1V1N1N1S1R
[-] Folder Deleted : C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar
[-] Folder Deleted : C:\Program Files\slimcleaner plus
[-] Folder Deleted : C:\Program Files\slimservice

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : SlimCleaner Plus (Scheduled Scan - Fran)
[-] Task Deleted : SlimCleaner Plus (Scheduled Scan - Fran)

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectionsAce_fvbar Uninstall Internet Explorer
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\BoostSoftware
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper
[-] Key Deleted : [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-452661799-1546631272-1242689987-1004\Software\BrowseStudio
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{46e535a4-ab34-4aa9-a80a-949332f1b028}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-452661799-1546631272-1242689987-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5363 bytes] - [27/07/2016 11:36:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [6018 bytes] - [27/07/2016 11:27:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5509 bytes] ##########
 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-07-2016
Ran by Fran (administrator) on CAITI (27-07-2016 12:04:13)
Running from C:\Users\Fran\Desktop
Loaded Profiles: Fran (Available Profiles: CForgit & Fran)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-05-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-05-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3955888 2015-09-02] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [384120 2016-05-20] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\Run: [Dropbox Update] => C:\Users\Fran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize /boot
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  No File
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2016-01-25]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.)
Startup: C:\Users\CForgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22c49f0b-bced-4ff0-a280-ac214dd8e24e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7f4fee04-9c69-4c25-9050-1d04116f10ae}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{f85c2353-e0d3-4acb-b175-a8a05943cb13}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://web.mail.comcast.net/#1
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> {7A1AF240-A2EE-4B02-B2B7-513500CAB0C5} URL = hxxp://search.whiteskyservices.com/?wstoken=74E4D48B-5197-4E48-BDE2-30322C57F40B&dtid=1&pid=21&src=sgsearch&v=1.14.1210.3&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> {810A9A1D-403E-447A-BACE-37D9C611BAA5} URL =
SearchScopes: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> {D5AD5BBD-80FE-4215-A684-852B2276F443} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-08] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-08] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\625bt7sv.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
S3 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [164968 2016-04-03] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354936 2016-05-20] (Intel Corporation)
S3 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit)
S3 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (Mediatek Inc.)
S3 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-12-04] (Mediatek Inc.)
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-05-20] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256688 2015-09-02] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [16880 2016-04-03] (OSR Open Systems Resources, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-03] (REALiX™)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [46856 2016-04-03] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [300304 2016-04-03] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-26] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185896 2016-05-20] (Intel Corporation)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2225808 2015-02-16] (MediaTek Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3515664 2016-05-20] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [936192 2016-05-20] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3870464 2015-10-01] (Realtek Semiconductor Corporation                           )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2016-05-20] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-05-20] (Synaptics Incorporated)
S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [67248 2015-09-02] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160624.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160624.021\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 11:57 - 2016-07-27 12:03 - 00037047 _____ C:\Users\Fran\Desktop\Addition.txt
2016-07-27 11:48 - 2016-07-27 12:04 - 00017415 _____ C:\Users\Fran\Desktop\FRST.txt
2016-07-27 11:48 - 2016-07-27 12:04 - 00000000 ____D C:\FRST
2016-07-27 11:44 - 2016-07-27 11:48 - 02394112 _____ (Farbar) C:\Users\Fran\Desktop\FRST64.exe
2016-07-27 11:39 - 2016-07-27 11:39 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-27 11:26 - 2016-07-27 11:36 - 00000000 ____D C:\AdwCleaner
2016-07-27 11:24 - 2016-07-27 11:24 - 03712064 _____ C:\Users\Fran\Desktop\adwcleaner_5.201.exe
2016-07-25 14:43 - 2016-07-26 13:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-25 14:43 - 2016-07-25 14:43 - 00001189 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-25 14:43 - 2016-07-25 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-25 14:43 - 2016-07-25 14:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-25 14:43 - 2016-07-25 14:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-25 14:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-07-25 14:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-25 14:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-25 13:00 - 2016-07-25 13:02 - 02736812 _____ C:\WINDOWS\Minidump\072516-31984-01.dmp
2016-07-24 14:44 - 2016-07-24 15:18 - 00000000 ____D C:\Users\Fran\AppData\Local\Mozilla
2016-07-24 14:44 - 2016-07-24 15:13 - 00000000 ____D C:\Users\Fran\AppData\Roaming\Mozilla
2016-07-24 14:44 - 2016-07-24 14:44 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-24 14:44 - 2016-07-24 14:44 - 00001224 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-24 14:44 - 2016-07-24 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-24 14:27 - 2016-07-24 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-24 13:05 - 2016-07-24 13:05 - 00898560 _____ C:\Users\Fran\Desktop\RGSA.exe
2016-07-24 13:00 - 2016-07-24 13:00 - 00000000 ____D C:\Users\Fran\AppData\Local\ESET
2016-07-24 12:59 - 2016-07-24 12:59 - 06759552 _____ (ESET spol. s r.o.) C:\Users\Fran\Downloads\esetonlinescanner_enu.exe
2016-07-24 12:53 - 2016-07-25 14:42 - 22851472 _____ (Malwarebytes ) C:\Users\Fran\Desktop\mbam-setup-2.2.1.1043.exe
2016-07-24 12:43 - 2016-07-24 12:43 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-07-22 16:23 - 2016-07-22 16:23 - 00000000 ____D C:\Users\CForgit\AppData\Local\NetworkTiles
2016-07-22 13:00 - 2016-07-22 13:00 - 00000000 ____D C:\Users\CForgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-22 12:53 - 2016-07-27 11:58 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1001UA.job
2016-07-22 12:53 - 2016-07-24 12:58 - 00000886 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1001Core.job
2016-07-22 12:53 - 2016-07-22 13:01 - 00000000 ____D C:\Users\CForgit\AppData\Local\Dropbox
2016-07-22 12:53 - 2016-07-22 12:53 - 00004060 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1001UA
2016-07-22 12:53 - 2016-07-22 12:53 - 00003684 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1001Core
2016-07-22 12:11 - 2016-07-22 12:11 - 00002408 _____ C:\Users\CForgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-22 12:11 - 2016-07-22 12:11 - 00000000 ____D C:\Users\CForgit\AppData\Roaming\Sun
2016-07-22 12:11 - 2016-07-22 12:11 - 00000000 ____D C:\Users\CForgit\AppData\LocalLow\Sun
2016-07-22 12:11 - 2016-07-22 12:11 - 00000000 ____D C:\Users\CForgit\.oracle_jre_usage
2016-07-22 12:08 - 2016-07-24 12:45 - 00000000 ____D C:\WINDOWS\pss
2016-07-22 12:02 - 2016-07-23 09:49 - 00000000 ____D C:\Users\CForgit\AppData\Local\MicrosoftEdge
2016-07-22 12:00 - 2016-07-22 12:00 - 00000000 ____D C:\Users\CForgit\AppData\Local\Publishers
2016-07-22 12:00 - 2016-07-22 12:00 - 00000000 ____D C:\Users\CForgit\AppData\Local\ActiveSync
2016-07-22 11:59 - 2016-07-22 11:59 - 00000000 __SHD C:\Users\CForgit\IntelGraphicsProfiles
2016-07-22 11:59 - 2016-07-22 11:59 - 00000000 ____D C:\Users\CForgit\AppData\Roaming\ProductData
2016-07-22 11:59 - 2016-07-22 11:59 - 00000000 ____D C:\Users\CForgit\AppData\Local\Comms
2016-07-22 11:58 - 2016-07-22 11:58 - 00000020 ___SH C:\Users\CForgit\ntuser.ini
2016-07-22 11:58 - 2016-07-22 11:58 - 00000000 ____D C:\Users\CForgit\AppData\Roaming\IObit
2016-07-22 11:58 - 2016-07-22 11:58 - 00000000 ____D C:\Users\CForgit\AppData\Local\TileDataLayer
2016-07-17 13:35 - 2016-07-25 13:00 - 805122165 _____ C:\WINDOWS\MEMORY.DMP
2016-07-17 13:35 - 2016-07-17 13:36 - 00282820 _____ C:\WINDOWS\Minidump\071716-1015421-01.dmp
2016-07-17 11:27 - 2016-07-17 11:29 - 00282820 _____ C:\WINDOWS\Minidump\071716-1124265-01.dmp
2016-07-14 16:01 - 2016-07-14 16:01 - 00000000 ___HD C:\OneDriveTemp
2016-07-12 16:15 - 2016-07-02 00:37 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-07-12 16:15 - 2016-07-02 00:37 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 15:25 - 2016-07-01 00:49 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-12 15:25 - 2016-07-01 00:34 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-07-12 15:25 - 2016-07-01 00:25 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-07-12 15:25 - 2016-07-01 00:25 - 01987936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-07-12 15:25 - 2016-07-01 00:25 - 00648256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-07-12 15:25 - 2016-06-30 23:56 - 22379520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-07-12 15:25 - 2016-06-30 23:47 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-12 15:25 - 2016-06-30 23:47 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-07-12 15:25 - 2016-06-30 23:42 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-07-12 15:25 - 2016-06-30 23:41 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-12 15:25 - 2016-06-30 23:41 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-07-12 15:25 - 2016-06-30 23:39 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-07-12 15:25 - 2016-06-30 23:37 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-07-12 15:25 - 2016-06-30 23:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-07-12 15:25 - 2016-06-30 23:31 - 19347968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-12 15:25 - 2016-06-30 23:30 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-12 15:25 - 2016-06-30 23:29 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-07-12 15:25 - 2016-06-30 23:29 - 03589632 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-07-12 15:25 - 2016-06-30 23:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-07-12 15:25 - 2016-06-30 23:26 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-07-12 15:25 - 2016-06-30 23:26 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-07-12 15:25 - 2016-06-30 23:26 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-12 15:25 - 2016-06-30 23:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-07-12 15:25 - 2016-06-30 23:25 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-07-12 15:25 - 2016-06-30 23:25 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-07-12 15:25 - 2016-06-30 23:24 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-07-12 15:25 - 2016-06-30 23:22 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-07-12 15:25 - 2016-06-30 23:20 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-12 15:25 - 2016-06-30 23:18 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-07-12 15:25 - 2016-06-30 23:18 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-12 15:25 - 2016-06-30 23:14 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-07-12 15:24 - 2016-07-01 01:30 - 00284352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-07-12 15:24 - 2016-07-01 00:49 - 00337336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-07-12 15:24 - 2016-07-01 00:35 - 01554152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-07-12 15:24 - 2016-07-01 00:35 - 01552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-07-12 15:24 - 2016-07-01 00:35 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-07-12 15:24 - 2016-07-01 00:35 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-07-12 15:24 - 2016-07-01 00:35 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-07-12 15:24 - 2016-07-01 00:35 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-07-12 15:24 - 2016-07-01 00:35 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-07-12 15:24 - 2016-07-01 00:34 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-12 15:24 - 2016-07-01 00:34 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-07-12 15:24 - 2016-07-01 00:33 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-07-12 15:24 - 2016-07-01 00:33 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-07-12 15:24 - 2016-07-01 00:33 - 00730352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-07-12 15:24 - 2016-07-01 00:33 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-07-12 15:24 - 2016-07-01 00:33 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-07-12 15:24 - 2016-07-01 00:33 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-07-12 15:24 - 2016-07-01 00:32 - 01603224 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-07-12 15:24 - 2016-07-01 00:32 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-07-12 15:24 - 2016-07-01 00:32 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-07-12 15:24 - 2016-07-01 00:31 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-07-12 15:24 - 2016-07-01 00:31 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-07-12 15:24 - 2016-07-01 00:31 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-07-12 15:24 - 2016-07-01 00:25 - 02145032 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-07-12 15:24 - 2016-07-01 00:25 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-07-12 15:24 - 2016-07-01 00:25 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-07-12 15:24 - 2016-07-01 00:24 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-07-12 15:24 - 2016-07-01 00:23 - 01349640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-07-12 15:24 - 2016-07-01 00:21 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-12 15:24 - 2016-07-01 00:21 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-07-12 15:24 - 2016-07-01 00:20 - 00503600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-07-12 15:24 - 2016-07-01 00:20 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-07-12 15:24 - 2016-07-01 00:20 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-07-12 15:24 - 2016-07-01 00:19 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-07-12 15:24 - 2016-07-01 00:11 - 01522160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-07-12 15:24 - 2016-07-01 00:00 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-07-12 15:24 - 2016-06-30 23:58 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-07-12 15:24 - 2016-06-30 23:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-07-12 15:24 - 2016-06-30 23:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2016-07-12 15:24 - 2016-06-30 23:56 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-07-12 15:24 - 2016-06-30 23:53 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-07-12 15:24 - 2016-06-30 23:53 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-07-12 15:24 - 2016-06-30 23:53 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-07-12 15:24 - 2016-06-30 23:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-07-12 15:24 - 2016-06-30 23:52 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10_1.dll
2016-07-12 15:24 - 2016-06-30 23:50 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-07-12 15:24 - 2016-06-30 23:50 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-12 15:24 - 2016-06-30 23:50 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FingerprintEnrollment.dll
2016-07-12 15:24 - 2016-06-30 23:50 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2016-07-12 15:24 - 2016-06-30 23:49 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-12 15:24 - 2016-06-30 23:49 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Maps.dll
2016-07-12 15:24 - 2016-06-30 23:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-12 15:24 - 2016-06-30 23:49 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-07-12 15:24 - 2016-06-30 23:48 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-07-12 15:24 - 2016-06-30 23:48 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-07-12 15:24 - 2016-06-30 23:48 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-07-12 15:24 - 2016-06-30 23:48 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WmpDui.dll
2016-07-12 15:24 - 2016-06-30 23:48 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-07-12 15:24 - 2016-06-30 23:47 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-07-12 15:24 - 2016-06-30 23:47 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-07-12 15:24 - 2016-06-30 23:47 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-07-12 15:24 - 2016-06-30 23:47 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-07-12 15:24 - 2016-06-30 23:47 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2016-07-12 15:24 - 2016-06-30 23:47 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-07-12 15:24 - 2016-06-30 23:47 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-07-12 15:24 - 2016-06-30 23:46 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2016-07-12 15:24 - 2016-06-30 23:46 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-07-12 15:24 - 2016-06-30 23:46 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-07-12 15:24 - 2016-06-30 23:46 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-07-12 15:24 - 2016-06-30 23:46 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2016-07-12 15:24 - 2016-06-30 23:46 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-07-12 15:24 - 2016-06-30 23:46 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-07-12 15:24 - 2016-06-30 23:46 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2016-07-12 15:24 - 2016-06-30 23:45 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-07-12 15:24 - 2016-06-30 23:44 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-07-12 15:24 - 2016-06-30 23:44 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-07-12 15:24 - 2016-06-30 23:44 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-07-12 15:24 - 2016-06-30 23:44 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2016-07-12 15:24 - 2016-06-30 23:44 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-07-12 15:24 - 2016-06-30 23:44 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-07-12 15:24 - 2016-06-30 23:44 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanConn.dll
2016-07-12 15:24 - 2016-06-30 23:43 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 02012672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 01434112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 01240064 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 00697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-07-12 15:24 - 2016-06-30 23:42 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-12 15:24 - 2016-06-30 23:41 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-07-12 15:24 - 2016-06-30 23:41 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-07-12 15:24 - 2016-06-30 23:41 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-07-12 15:24 - 2016-06-30 23:41 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-07-12 15:24 - 2016-06-30 23:41 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-07-12 15:24 - 2016-06-30 23:41 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-07-12 15:24 - 2016-06-30 23:41 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-12 15:24 - 2016-06-30 23:41 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-07-12 15:24 - 2016-06-30 23:41 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2016-07-12 15:24 - 2016-06-30 23:41 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-07-12 15:24 - 2016-06-30 23:41 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-07-12 15:24 - 2016-06-30 23:40 - 02731008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-07-12 15:24 - 2016-06-30 23:40 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-07-12 15:24 - 2016-06-30 23:40 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-07-12 15:24 - 2016-06-30 23:40 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-07-12 15:24 - 2016-06-30 23:40 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-12 15:24 - 2016-06-30 23:40 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-07-12 15:24 - 2016-06-30 23:40 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-07-12 15:24 - 2016-06-30 23:40 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-07-12 15:24 - 2016-06-30 23:39 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-07-12 15:24 - 2016-06-30 23:39 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-07-12 15:24 - 2016-06-30 23:39 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-07-12 15:24 - 2016-06-30 23:39 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-07-12 15:24 - 2016-06-30 23:38 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-07-12 15:24 - 2016-06-30 23:38 - 01671168 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-07-12 15:24 - 2016-06-30 23:38 - 01063936 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-07-12 15:24 - 2016-06-30 23:38 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-07-12 15:24 - 2016-06-30 23:38 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IconCodecService.dll
2016-07-12 15:24 - 2016-06-30 23:37 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-07-12 15:24 - 2016-06-30 23:37 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-07-12 15:24 - 2016-06-30 23:36 - 03415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-07-12 15:24 - 2016-06-30 23:36 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2016-07-12 15:24 - 2016-06-30 23:36 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-07-12 15:24 - 2016-06-30 23:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2016-07-12 15:24 - 2016-06-30 23:34 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-07-12 15:24 - 2016-06-30 23:34 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-07-12 15:24 - 2016-06-30 23:34 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-07-12 15:24 - 2016-06-30 23:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-07-12 15:24 - 2016-06-30 23:33 - 06675968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-07-12 15:24 - 2016-06-30 23:33 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2016-07-12 15:24 - 2016-06-30 23:33 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-12 15:24 - 2016-06-30 23:33 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
2016-07-12 15:24 - 2016-06-30 23:32 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-07-12 15:24 - 2016-06-30 23:32 - 02563584 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-07-12 15:24 - 2016-06-30 23:32 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-12 15:24 - 2016-06-30 23:31 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-07-12 15:24 - 2016-06-30 23:31 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
2016-07-12 15:24 - 2016-06-30 23:30 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-07-12 15:24 - 2016-06-30 23:30 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-07-12 15:24 - 2016-06-30 23:30 - 00849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-07-12 15:24 - 2016-06-30 23:30 - 00546816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-07-12 15:24 - 2016-06-30 23:30 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2016-07-12 15:24 - 2016-06-30 23:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-07-12 15:24 - 2016-06-30 23:30 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3ui.dll
2016-07-12 15:24 - 2016-06-30 23:30 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-07-12 15:24 - 2016-06-30 23:29 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-07-12 15:24 - 2016-06-30 23:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-07-12 15:24 - 2016-06-30 23:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-07-12 15:24 - 2016-06-30 23:29 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-07-12 15:24 - 2016-06-30 23:29 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2016-07-12 15:24 - 2016-06-30 23:29 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2016-07-12 15:24 - 2016-06-30 23:28 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-07-12 15:24 - 2016-06-30 23:28 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2016-07-12 15:24 - 2016-06-30 23:28 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 01729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-07-12 15:24 - 2016-06-30 23:27 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-07-12 15:24 - 2016-06-30 23:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-07-12 15:24 - 2016-06-30 23:26 - 03026944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-12 15:24 - 2016-06-30 23:26 - 01755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2016-07-12 15:24 - 2016-06-30 23:26 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2016-07-12 15:24 - 2016-06-30 23:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2016-07-12 15:24 - 2016-06-30 23:26 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-07-12 15:24 - 2016-06-30 23:26 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2016-07-12 15:24 - 2016-06-30 23:25 - 02745856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-07-12 15:24 - 2016-06-30 23:25 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-07-12 15:24 - 2016-06-30 23:25 - 01121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-12 15:24 - 2016-06-30 23:25 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-07-12 15:24 - 2016-06-30 23:25 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-12 15:24 - 2016-06-30 23:25 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-07-12 15:24 - 2016-06-30 23:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-07-12 15:24 - 2016-06-30 23:24 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-07-12 15:24 - 2016-06-30 23:24 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-07-12 15:24 - 2016-06-30 23:24 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-07-12 15:24 - 2016-06-30 23:24 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-07-12 15:24 - 2016-06-30 23:24 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-07-12 15:24 - 2016-06-30 23:24 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-07-12 15:24 - 2016-06-30 23:23 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-07-12 15:24 - 2016-06-30 23:23 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-07-12 15:24 - 2016-06-30 23:23 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-07-12 15:24 - 2016-06-30 23:23 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-07-12 15:24 - 2016-06-30 23:22 - 00965120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-07-12 15:24 - 2016-06-30 23:22 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-07-12 15:24 - 2016-06-30 23:21 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2016-07-12 15:24 - 2016-06-30 23:19 - 01987072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-07-12 15:24 - 2016-06-30 23:16 - 02771968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-07-12 15:24 - 2016-06-30 23:16 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-07-12 15:24 - 2016-06-30 23:15 - 04413440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-07-12 15:24 - 2016-06-30 23:15 - 02217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2016-07-12 15:24 - 2016-06-30 23:15 - 02102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2016-07-12 15:24 - 2016-06-30 23:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2016-07-12 15:24 - 2016-06-30 23:13 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-07-12 15:24 - 2016-06-30 23:13 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-07-12 15:24 - 2016-06-30 23:12 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-07-12 15:24 - 2016-06-30 23:09 - 02632192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-07-12 15:24 - 2016-06-30 23:08 - 01976832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2016-07-12 15:24 - 2016-06-30 23:08 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-07-12 15:23 - 2016-07-01 01:30 - 00587456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-12 15:23 - 2016-07-01 00:50 - 00037232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-07-12 15:23 - 2016-07-01 00:49 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-07-12 15:23 - 2016-07-01 00:48 - 01238584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2016-07-12 15:23 - 2016-07-01 00:45 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-07-12 15:23 - 2016-07-01 00:43 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-07-12 15:23 - 2016-07-01 00:43 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-07-12 15:23 - 2016-07-01 00:39 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-07-12 15:23 - 2016-07-01 00:38 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-07-12 15:23 - 2016-07-01 00:38 - 01083656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2016-07-12 15:23 - 2016-07-01 00:38 - 00256192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-07-12 15:23 - 2016-07-01 00:38 - 00032552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-07-12 15:23 - 2016-07-01 00:35 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-07-12 15:23 - 2016-07-01 00:35 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-07-12 15:23 - 2016-07-01 00:33 - 00566104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-07-12 15:23 - 2016-07-01 00:32 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-07-12 15:23 - 2016-07-01 00:32 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-07-12 15:23 - 2016-07-01 00:32 - 00106928 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2016-07-12 15:23 - 2016-07-01 00:32 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2016-07-12 15:23 - 2016-07-01 00:23 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-07-12 15:23 - 2016-07-01 00:23 - 00925576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-07-12 15:23 - 2016-07-01 00:23 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-07-12 15:23 - 2016-07-01 00:23 - 00451936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-07-12 15:23 - 2016-07-01 00:21 - 28851224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2016-07-12 15:23 - 2016-07-01 00:21 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-07-12 15:23 - 2016-07-01 00:20 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-07-12 15:23 - 2016-07-01 00:20 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-07-12 15:23 - 2016-07-01 00:19 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-07-12 15:23 - 2016-07-01 00:19 - 01355336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2016-07-12 15:23 - 2016-07-01 00:19 - 00569752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-07-12 15:23 - 2016-07-01 00:18 - 00064584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2016-07-12 15:23 - 2016-07-01 00:17 - 01536600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-07-12 15:23 - 2016-07-01 00:12 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-07-12 15:23 - 2016-07-01 00:12 - 01866104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-07-12 15:23 - 2016-07-01 00:11 - 00521152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-07-12 15:23 - 2016-07-01 00:10 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-07-12 15:23 - 2016-07-01 00:07 - 28083144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2016-07-12 15:23 - 2016-07-01 00:03 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-07-12 15:23 - 2016-06-30 23:59 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-07-12 15:23 - 2016-06-30 23:58 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2016-07-12 15:23 - 2016-06-30 23:55 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-07-12 15:23 - 2016-06-30 23:55 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-07-12 15:23 - 2016-06-30 23:54 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-07-12 15:23 - 2016-06-30 23:54 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-07-12 15:23 - 2016-06-30 23:53 - 01567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
20

JoeFixes
(But only if its Broke)

#7 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 27 July 2016 - 10:12 AM

I apologize.  I cannot upload the file.  It says i only have 9kb available to uploa and the file i need to attach is 37kb.  Is it possible to clear my history to allow more space to upload?

 

Thank you

 

JoeFixes


JoeFixes
(But only if its Broke)

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 28 July 2016 - 05:45 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  No File
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> {7A1AF240-A2EE-4B02-B2B7-513500CAB0C5} URL = hxxp://search.whiteskyservices.com/?wstoken=74E4D48B-5197-4E48-BDE2-30322C57F40B&dtid=1&pid=21&src=sgsearch&v=1.14.1210.3&searchparam={SearchTerms}
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160624.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160624.021\EX64.SYS [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===



I cannot upload the file. It says i only have 9kb available to uploa and the file i need to attach is 37kb.
The pictures attached are taking a lot of space.
I have removed the links but the files are still there.

Paste the Addition.txt file in your next reply.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 28 July 2016 - 10:16 AM

Nasdaq,

 

The laptop has locked up on my three times while applying the fix.  I tried to load into safemode but cannot do that either.  I am trying a fourth time but if you had any thoughts that might help I am all ears!

 

JoeFixes

 

P.S.  It still says I only have 9KB available to upload.  If you would like i could either email it to you or upload it to my website.

 

 


Edited by JoeFixes, 28 July 2016 - 10:59 AM.

JoeFixes
(But only if its Broke)

#10 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 28 July 2016 - 12:36 PM

Nasdaq,

 

I had better luck on the fourth attempt.  Although the laptop still locks up and I had to reboot several times.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Fran (2016-07-28 12:59:21) Run:3
Running from C:\Users\Fran\Desktop
Loaded Profiles: Fran (Available Profiles: CForgit & Fran)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  No File
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> {7A1AF240-A2EE-4B02-B2B7-513500CAB0C5} URL = hxxp://search.whiteskyservices.com/?wstoken=74E4D48B-5197-4E48-BDE2-30322C57F40B&dtid=1&pid=21&src=sgsearch&v=1.14.1210.3&searchparam={SearchTerms}
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKU\S-1-5-21-452661799-1546631272-1242689987-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160624.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160624.021\EX64.SYS [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DBARFileBackuped => key not found.
HKCR\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DBARFileNotBackuped => key not found.
HKCR\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A1AF240-A2EE-4B02-B2B7-513500CAB0C5} => key not found.
HKCR\CLSID\{7A1AF240-A2EE-4B02-B2B7-513500CAB0C5} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
SlimService => service not found.
NAVENG => service not found.
NAVEX15 => service not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7409952 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 730532 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => -650 B
CForgit => 0 B
Fran => 14208114 B

RecycleBin => 387110679 B
EmptyTemp: => 390.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:00:44 ====

 

still cannot upload a file though.

 

Thank you

 

JoeFixes


JoeFixes
(But only if its Broke)

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 29 July 2016 - 05:22 AM

still cannot upload a file though.

I rather see the logs posted. It's easier if I need to return to them.

The fix did not go as expected. Lets try this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 29 July 2016 - 09:03 AM

Hi Nasdaq,

 

I've had some problems.  The laptop seems to lock up pretty quickly into my attempts to run Zoek.  I may be restarting prematurely though.  I wait about an hour and nothing has moved so it is hard to say.  I have run the ZOEK fix three times now and at the beginning of each time i get an error message that says "DaS21 has stopped working".    I don't know if DaS21 is ZOEK or not....but i am letting it run this time for the afternoon to see if it just needs time to resolve itself. 

 

I will be back if I have something more to report or if I get a report.

 

Thank you

JoeFixes


JoeFixes
(But only if its Broke)

#13 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 29 July 2016 - 10:54 AM

Nasdaq,

 

I've had some success!  I just needed to wait.

 

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Fran on Fri 07/29/2016 at 10:49:11.47.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Fran\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-07-29-133648.log    396 bytes

==== System Restore Info ======================

7/29/2016 10:51:58 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Amazon deleted successfully
C:\PROGRA~2\Cisco deleted successfully
C:\PROGRA~2\COMMON~1\supportdotcom deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Common Files\Intel deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Mediatek deleted successfully
C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} deleted successfully
C:\Users\CForgit\AppData\Local\ActiveSync deleted successfully
C:\Users\CForgit\AppData\Local\NetworkTiles deleted successfully
C:\Users\CForgit\AppData\Local\VirtualStore deleted successfully
C:\Users\Fran\AppData\Local\ActiveSync deleted successfully
C:\Users\Fran\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Fran\AppData\Local\EmieSiteList deleted successfully
C:\Users\Fran\AppData\Local\EmieUserList deleted successfully
C:\Users\Fran\AppData\Local\NetworkTiles deleted successfully
C:\Users\Fran\AppData\Local\softthinks deleted successfully
C:\Users\Fran\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-452661799-1546631272-1242689987-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5AD5BBD-80FE-4215-A684-852B2276F443} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\625bt7sv.default\prefs.js:

Added to C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\625bt7sv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Amazon not found
C:\PROGRA~2\Cisco not found
C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} not found
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Fran\AppData\LocalLow\MapsGalaxy_39EI deleted
"C:\WINDOWS\Installer\b36bc.msi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\625bt7sv.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://web.mail.comcast.net/#1"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Start Page"="https://web.mail.comcast.net/#1"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\SearchScopes\{810A9A1D-403E-447A-BACE-37D9C611BAA5} - http://www.bing.com/...=IE11TR&pc=DCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.co...g}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes\{810A9A1D-403E-447A-BACE-37D9C611BAA5} - http://www.bing.com/...=IE11TR&pc=DCJB
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes "DefaultScope"="{5BA56BE9-2501-4773-B199-95BC1374988D}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IESR02
HKCU\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} - http://www.google.co...1I7GGHP_enUS608
HKCU\SearchScopes\{810A9A1D-403E-447A-BACE-37D9C611BAA5} - No_Url_Value

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A7E1C35830B16C940AB5F18E5E5E78D6 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{853C1E7A-1B03-49C6-A05B-1FE8E5E5876D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SlimCleaner Plus deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A7E1C35830B16C940AB5F18E5E5E78D6 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\CForgit\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\CForgit\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Fran\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Fran\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\CForgit\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\CForgit\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Fran\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Fran\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FLXMQ84Q will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Fran\AppData\Local\Mozilla\Firefox\Profiles\625bt7sv.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=26 folders=19 152798657 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Fran\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Fran\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FLXMQ84Q" not deleted

==== EOF on Fri 07/29/2016 at 12:06:13.13 ======================
 

 

What do you think now?

 

JoeFixes


JoeFixes
(But only if its Broke)

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 30 July 2016 - 05:43 AM

What are the remaining issues?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 30 July 2016 - 07:58 AM

The laptop is still very slow.  It behaves as if it locks up, but then if you let it sit it frees up eventually.  I have not been able to shut it down normally since I started this little project.  No matter which browser I use I am not able to close it.  I fear there may be some HDD issues...at first when I could not get anything done on it I ran CHKDSK from a command window and it showed errors.  When I tried to open the defrag utility that comes with windows...it wouldn't open.  I will try to run MBAM again to see if I am able to...but if you think the malware issue has been neutralized the remaining issues could all be hardware related.  Any additional counseling is greatly appreciated.

 

JoeFixes


JoeFixes
(But only if its Broke)

#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 30 July 2016 - 11:59 AM

Please paste the content of the Addition.txt file in your reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 30 July 2016 - 01:48 PM

Thank you Nasdaq,

 

So btw...I successfully ran MBAM and it completed finding 29 files to remove..but it was locked up when I saw this so I was not able to remove those files.  I searched for the log and cannot seem to find it.  Below is the ADDITION.TXT file (big as it is) and also the log I did find from MBAM.

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by Fran (2016-07-27 12:05:14)
Running from C:\Users\Fran\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-10 13:28:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-452661799-1546631272-1242689987-500 - Administrator - Disabled)
CForgit (S-1-5-21-452661799-1546631272-1242689987-1001 - Administrator - Enabled) => C:\Users\CForgit
DefaultAccount (S-1-5-21-452661799-1546631272-1242689987-503 - Limited - Disabled)
Fran (S-1-5-21-452661799-1546631272-1242689987-1004 - Administrator - Enabled) => C:\Users\Fran
Guest (S-1-5-21-452661799-1546631272-1242689987-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-452661799-1546631272-1242689987-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dropbox (HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.107 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4380 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.126 - MediatekWiFi)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4841.1002 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
ShopAtHome.com Toolbar (HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\ShopAtHome.com Toolbar) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION
Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&EA61) (Version:  - Silicon Laboratories)
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.4 - Slimware Utilities Holdings, Inc.)
SlimCleaner Plus (Version: 2.5.4 - Slimware Utilities Holdings, Inc.) Hidden
XFINITY Connect for Outlook (HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\FDA4072314474B1789C48753750737FBD9A9B87F) (Version: 1.1.1.1 - National Security Operations)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Fran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-452661799-1546631272-1242689987-1004_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Fran\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12D4DB9E-DEC5-4868-9EC9-24EA252D6D80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2726A8AB-D032-47F9-AAEE-2834EC34E9E1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {39CC4A65-C1C4-4FFF-B836-5091647DFDBB} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {4F81C6BA-1321-4788-B8B0-21081C6B7DFA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1004Core => C:\Users\Fran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {56FC6AB6-144C-4794-800B-669138BF4223} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {5D258EC5-2D79-455E-9C65-A1B4D11F449D} - System32\Tasks\{AA2C6297-82E7-4D53-BBC0-B7FA5F61A09E} => pcalua.exe -a "C:\Users\Fran\AppData\Roaming\1H1Q1V1N1N1S1R\Solitaire Packages\uninstaller.exe" -c /Uninstall /NM="Solitaire Packages" /AN="1H1Q1V1N1N1S1R" /MBN="Solitaire Packages"
Task: {66C44964-A755-420B-B50A-B61D473EE580} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1001UA => C:\Users\CForgit\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-07-22] (Dropbox, Inc.)
Task: {7453ADAD-F46D-476A-9FBB-E1D56F955C8F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {749DDA17-1E80-40F3-BD3F-54FBDFA0F971} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {75DC5A79-2C50-4C2D-AA34-62EE80C77DD8} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)
Task: {77B08C28-03CA-45EB-AF13-74E7FB989716} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {77E2E1B2-061D-4B5A-B997-8E0572278A16} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1004UA => C:\Users\Fran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {78FD3431-91C5-4C31-AEAF-D9822F2C9252} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {84358086-2929-477F-A209-A964BE7CA905} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-02] (Synaptics Incorporated)
Task: {9C9A2F10-1E0D-49F9-8DCE-9E78B9FC0BD6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ACED6342-8D61-4ED5-A2AD-E73CDCF5FC2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-13] (Google Inc.)
Task: {B45634E7-A962-42EC-A7CB-D17BF9F5CE3B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1001Core => C:\Users\CForgit\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-07-22] (Dropbox, Inc.)
Task: {B4EB725C-F804-4D3D-85A6-F732E1187A48} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {B505A2DE-ED34-484E-8C42-8EB9EB31FC1F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B8A32C25-CC13-4773-A710-6A24F78E9C52} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {BE0DA462-B074-455D-B328-5F98D6657C6D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D25C717D-F237-4A43-B12E-85648CFC5C40} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-12] (Microsoft Corporation)
Task: {DA7076B1-4053-4B7B-9210-3F6699FCDC86} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E451414E-033B-4909-9AAD-468EC36806E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {EAB1C5EF-58D6-4547-B65A-AB9789BF5138} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EACBB63D-3359-4BC6-8D4A-6B9663BED2F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-13] (Google Inc.)
Task: {F5B34EB7-E5E9-414D-9994-20948030CD61} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-05-20] (Realtek Semiconductor)
Task: {F83F9054-D116-4787-A89B-B9ACDD1F438B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1001Core.job => C:\Users\CForgit\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1001UA.job => C:\Users\CForgit\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1004Core.job => C:\Users\Fran\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-452661799-1546631272-1242689987-1004UA.job => C:\Users\Fran\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-27 11:09 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-12 15:22 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 15:22 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-24 12:12 - 2016-05-24 12:12 - 00959168 _____ () C:\Users\Fran\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-07-27 11:11 - 2016-05-24 12:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 05:33 - 2016-04-19 05:34 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-17 15:33 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 15:24 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 15:22 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 15:22 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 15:22 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 15:22 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-20 09:13 - 2016-05-20 09:13 - 00384120 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-07-12 15:22 - 2016-06-30 23:22 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-05-20 08:48 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-04-19 05:33 - 2016-04-19 05:34 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 05:33 - 2016-04-19 05:34 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-05 13:17 - 2015-12-18 19:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-05-02 03:51 - 2012-11-26 01:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 12:07 - 2014-02-18 14:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-452661799-1546631272-1242689987-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Fran\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bluelava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_rgb.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Mediatek Wireless Utility.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\StartupApproved\Run: => "Advanced SystemCare 9"
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-452661799-1546631272-1242689987-1004\...\StartupApproved\Run: => "SlimCleaner Plus"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{67D8EE84-4120-4858-A6AE-488AF0EE79C8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{2FDBE90B-A51A-4425-BB5D-0D1DBB623B07}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{82E5401F-E566-42C3-87BE-F402BE29882F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{0DAC13A8-B8A1-46D0-B766-B137C12244CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{4BD4D6D9-1C75-4EE0-9704-867B10F40550}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{659A826E-B7F8-465F-A36D-A48D2AD777B0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{3518B043-841B-4BFF-AEAD-BA449635CF7B}] => (Allow) C:\Users\Fran\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9F4DCBE0-4BD8-4A8E-ACF0-A5CB209ADE9F}] => (Allow) C:\Users\Fran\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8B5E6102-7ED0-455D-B256-793840C65FA5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6C3728BC-6270-4768-8513-989F3F81A77D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3F580DE0-7B0A-4CE4-B48E-D835D3688CE1}] => (Allow) C:\Users\CForgit\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BDAA0DC5-9593-4E75-927E-BEB3366EA469}] => (Allow) C:\Users\CForgit\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{17D816E4-8297-4A0B-8EFF-C0DE70730E6B}] => (Allow) C:\Users\CForgit\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{34161F7A-4D8F-4AD6-9488-7C52AFA1C2EB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F6AFADA2-D278-46C7-8BE4-56AA7F68142F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{47F3F044-D4B3-48FD-99E6-7AB4341FC090}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
FirewallRules: [TCP Query User{D8848889-CFBA-4F45-8F91-23FE92B89D87}C:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A97D3C9F-5E89-4C7B-9095-FD0F023D4EE8}C:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{78F9B119-BF1D-4DB5-8191-DE03C4BD4143}C:\users\cforgit\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cforgit\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{05651C91-B755-4CBA-A9A7-B2A917A16FA3}C:\users\cforgit\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cforgit\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7765A61E-7519-4388-AF6F-6FB690878BF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED119BA3-4571-42D4-8EB4-DAEEF0972E9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Airplane Mode Switch
Description: Airplane Mode Switch
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Dell Inc
Service: DellRbtn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2016 11:45:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/27/2016 11:45:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/27/2016 11:18:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x160c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (07/27/2016 11:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/27/2016 11:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/26/2016 01:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x1128
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (07/26/2016 01:24:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/26/2016 01:24:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/26/2016 01:21:30 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
Error context: DeviceIoControl(\\?\Volume{9cdeb980-1102-41bd-9614-4769358a660e} - 00000000000001D8,0x0053c010,0000024023A0A610,0,0000024023A0B640,4096,[0]).


Operation:
   Committing shadow copies

Context:
   Execution Context: System Provider

Error: (07/26/2016 11:13:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CAITI)
Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (07/27/2016 11:42:12 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (07/27/2016 11:41:15 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x4600000002e322.  The name of the file is "<unable to determine file name>".

Error: (07/27/2016 11:41:14 AM) (Source: volsnap) (EventID: 16) (User: )
Description: The shadow copies of volume C: were aborted because volume \\?\Volume{3abff1f2-d113-4582-8058-8c4ff1f6dd6a}, which contains shadow copy storage for this shadow copy, was force dismounted.

Error: (07/27/2016 11:38:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (07/27/2016 11:38:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SlimService service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/27/2016 11:37:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_114c59 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/27/2016 11:37:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_114c59 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/27/2016 11:37:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_114c59 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/27/2016 11:37:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_114c59 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/27/2016 11:37:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
  Date: 2016-07-13 07:57:33.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-12 20:12:43.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-12 17:10:34.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-12 16:08:17.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-19 09:32:08.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-18 15:30:44.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-17 19:19:27.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-14 23:45:49.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 07:16:42.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 03:35:42.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 33%
Total physical RAM: 6024.96 MB
Available physical RAM: 4031.46 MB
Total Virtual: 6984.96 MB
Available Virtual: 5026.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.53 GB) (Free:866.24 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive x: () (Fixed) (Total:0.49 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: ED5EAF24)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/30/2016 11:03 AM, SYSTEM, CAITI, Manual, Rootkit Database, 2016.2.8.1, 2016.5.27.1,
Update, 7/30/2016 11:03 AM, SYSTEM, CAITI, Manual, Domain Database, 2016.2.16.8, 2016.7.30.1,
Update, 7/30/2016 11:03 AM, SYSTEM, CAITI, Manual, Remediation Database, 2016.2.12.1, 2016.7.23.1,
Update, 7/30/2016 11:03 AM, SYSTEM, CAITI, Manual, IP Database, 2016.2.8.1, 2016.7.29.1,
Update, 7/30/2016 11:03 AM, SYSTEM, CAITI, Manual, Malware Database, 2016.2.16.6, 2016.7.30.10,

(end)

 

 

Just as an aside....I originally tried making this post with IE but it wouldnt let me paste what was copied to the clipboard.  I used Mozilla and I was able to paste the items above.

 

 

JoeFixes


JoeFixes
(But only if its Broke)

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 31 July 2016 - 06:20 AM

It's time to do some repairs.

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    .. 02.01 File Permissions C:\
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    07 - Repair Internet Explorer
    08 - Repair MDAC/MS Jet
    10 - Remove Policies Set By Infections
    13 - Repair Winsock & DNS Cache
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    22 - Repair Windows Snipping tool
    25 - Repair Print Spooler
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    28.01 - Repair Windows 8/10 Apps Store
    28.02 - Repair Windows 8/10 Apps Store (Completely Reset Apps Store)
    29 - Repair Windows 8/10 Component Store
    30 - Repair Windows 8/10 COM+ Unmarshalers
    32 - Restore UAC (User Account Control) Settings
    33 - Repair Performance Counters
    
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    p.s.
    Not sure if you can create a restore point. Ignore if it's the case.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 01 August 2016 - 03:19 PM

Nasdaq,

 

Having all kinds of trouble running this program.  The prescan found problems.  I tried a couple of times after and it simply locks up and i cant get anything done.  I skipped ahead to the repairs section and it is running now.  I think if I leave it alone it might complete.  What I have found is that the computer appears to lock up but it is only trying to work through a roadblock and then it frees up again.  I will let you know in the morning how this one goes.  I am hoping it at least completes.

 

JoeFixes


JoeFixes
(But only if its Broke)

#20 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 02 August 2016 - 08:55 AM

Hi Nasdaq,

 

Okay well this is certainly frustrating.  I let the Windows Repair Fix run overnight and I do believe it completed.  The laptop rebooted and this morning I awoke to the log in screen.  Upon login though no logs were visible.  I cannot find the log it may have created.  Anything that has to be done must be done right when the computer restarts....if you wait....the response time is way too long.  Again i suspect it could be a bad HDD.  On Sunday I ran Defraggler and tried to defrag the hard drive but after 26 hours I abandoned it at 0%.

 

Thoughts?

 

 

JoeFixes


JoeFixes
(But only if its Broke)

#21 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 02 August 2016 - 11:14 AM

Found out the HD Manufactrer and see if there is a diagnostic tool on the web site.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#22 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 03 August 2016 - 07:23 PM

Nasdaq,

 

An update and some help please.  The HDD is a seagate and I downloaded SeaTools for Windows.  During the scan it found errors on the hard drive and of course it locked up after finding the errors and I could not continue.  I created a boot disc to run sea tools for DOS.  The problem I am running into now Is I cannot figure out how to program the CMOS settings to boot off the external disc drive which is connected by USB.  Do i want LEGACY boot or UEFI Boot.  The CMOS /boot settings seem rather difficult to navigate.  Any thoughts?

 

 

JoeFixes


JoeFixes
(But only if its Broke)

#23 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 03 August 2016 - 09:08 PM

Nasdaq,

 

On a positive note, I was able to complete a scan by MalwareBytes.  The log is below:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/3/2016
Scan Time: 9:40 PM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.03.12
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Fran

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342444
Time Elapsed: 32 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{218066E9-70B3-4AD6-B5FD-A5487DA8F88A}, Quarantined, [90287dc9306a06309c7898fe1ee4b64a],
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7D061E62-D180-46D5-8281-895DE2D605EF}, Quarantined, [942433136d2d2610f428d0c63cc660a0],
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8103CBE9-A5B6-4F83-97F5-2A70B88EA96C}, Quarantined, [5e5a56f0396186b09786cacce31fcd33],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\DirectionsAce_fv, Quarantined, [5464f056554593a3d80ea72f00021de3],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{035165CA-9629-40B1-A3B8-FA59B5C2687A}, Quarantined, [5662301615857abca357614ac142d828],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2CE67452-864E-4917-9ABB-7372F50DB167}, Quarantined, [56620a3c603ab086ee0c5655d42f9e62],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E4445AE-8BFF-43DE-965B-0F7DDEB0AB9F}, Quarantined, [27911a2c3e5c30068a70eebdca39867a],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{67AE04CA-3C63-4F7C-B790-705C7A1A1C77}, Quarantined, [c1f73f0785151a1cf3073477fe0519e7],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, Quarantined, [cfe9ce785b3f74c2f4068229669dae52],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92A491C8-92B9-493B-91C8-CF6DE0C6759B}, Quarantined, [c0f83c0a6f2bf4424baf486349ba19e7],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF75B5A2-8403-4F70-88A6-488E3BEA0D7B}, Quarantined, [bafed96dafebee48c733a00ba65d867a],
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1001\SOFTWARE\DirectionsAce_fv, Quarantined, [d6e272d45347f145a93b9541bb476898],
PUP.Optional.InstallCore, HKU\S-1-5-21-452661799-1546631272-1242689987-1001\SOFTWARE\InstallCore, Quarantined, [4375c482782292a48cc6f3b41fe4c838],
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1001\SOFTWARE\MapsGalaxy_39, Quarantined, [892fe1656634a19584df1e8d0ef53cc4],
PUP.Optional.WeDownLoadManager, HKU\S-1-5-21-452661799-1546631272-1242689987-1001\SOFTWARE\WeDlMngr, Quarantined, [5860fd4932680d29440a1aa236cd837d],
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1001\SOFTWARE\APPDATALOW\SOFTWARE\DirectionsAce_fv, Quarantined, [d1e702448614989e499afed8f70be917],
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1001\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [c1f70046d1c956e00ae313974ab97c84],
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1004\SOFTWARE\DirectionsAce_fv, Quarantined, [b10730160892ca6c33b1e7ef10f2ae52],
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1004\SOFTWARE\APPDATALOW\SOFTWARE\DirectionsAce_fv, Quarantined, [5167af973862e84e13d04d89f909cb35],

Registry Values: 10
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [5167f452efab73c3eb08c3d4b74c6b95]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{035165ca-9629-40b1-a3b8-fa59b5c2687a}|AppPath, C:\Program Files (x86)\DirectionsAce_fv\bar\1.bin, Quarantined, [5662301615857abca357614ac142d828]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2ce67452-864e-4917-9abb-7372f50db167}|AppPath, C:\Program Files (x86)\DirectionsAce_fv\bar\1.bin, Quarantined, [56620a3c603ab086ee0c5655d42f9e62]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2e4445ae-8bff-43de-965b-0f7ddeb0ab9f}|AppPath, C:\Program Files (x86)\DirectionsAce_fv\bar\1.bin, Quarantined, [27911a2c3e5c30068a70eebdca39867a]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{67ae04ca-3c63-4f7c-b790-705c7a1a1c77}|AppPath, C:\Program Files (x86)\DirectionsAce_fv\bar\1.bin, Quarantined, [c1f73f0785151a1cf3073477fe0519e7]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868a-1b3d-4e35-a561-fa964a96cd3b}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [cfe9ce785b3f74c2f4068229669dae52]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92a491c8-92b9-493b-91c8-cf6de0c6759b}|AppPath, C:\Program Files (x86)\DirectionsAce_fv\bar\1.bin, Quarantined, [c0f83c0a6f2bf4424baf486349ba19e7]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}|AppPath, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [bafed96dafebee48c733a00ba65d867a]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|CrExtPfv.exe, 0, Quarantined, [71471036bbdf62d4f69d31a63ac9ad53]
PUP.Optional.MindSpark, HKU\S-1-5-21-452661799-1546631272-1242689987-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|CrExtPfv.exe, 11000, Quarantined, [95233412a9f150e6a4ec9542e0233ac6]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Thank you

 

Joe


JoeFixes
(But only if its Broke)

#24 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 04 August 2016 - 06:28 AM


CMOS and BIOS is not my forte.
Have a look at these articles.

https://technet.micr...y/hh825112.aspx

http://www.computerh...es/ch000192.htm

Hope it helps.

===

If you can run these tool it will examine your BIOS and MBR.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast....erek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Now that you could execute MBAM, did you try any other tools I suggested?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#25 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 06 August 2016 - 09:52 AM

Nasdaq,

 

Thank you for all of your help with this PC.  In the end I think the hard drive was the cause of most of the problems.  I ordered (and received) a new hard drive and reinstalled the operating system.  Things seem to be good now.  Thank you very much and I think we can close out this topic.

 

JoeFixes


JoeFixes
(But only if its Broke)

#26 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,267 posts

Posted 07 August 2016 - 06:28 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button