oldtrig

Members
  • Content count

    1,168
  • Joined

  • Last visited

  • Time Online

    421d 19h 6m 22s

About oldtrig

  • Rank
    Member
  • Birthday 08/22/1947

Profile Information

  • Gender
    Male
  • OS
    Windows 10

Profile Fields

  • Country

Recent Profile Visitors

3,640 profile views
  1. Not sure I how I posted this from an older post but it sure looks like I did. Age thing :) anyway all is good Broni. :)
  2. [RESOLVED] Dell Laptop

    running perfect Broni ;; THANKS
  3. Farbar Service Scanner Version: 27-01-2016 Ran by grant (administrator) on 25-06-2017 at 15:14:46 Running from "C:\Users\grant\Desktop" Microsoft Windows 10 Pro (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\WINDOWS\system32\nsisvc.dll => File is digitally signed C:\WINDOWS\system32\Drivers\nsiproxy.sys => File is digitally signed C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed C:\WINDOWS\system32\Drivers\tdx.sys => File is digitally signed C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\mpssvc.dll => File is digitally signed C:\WINDOWS\system32\bfe.dll => File is digitally signed C:\WINDOWS\system32\Drivers\mpsdrv.sys => File is digitally signed C:\WINDOWS\system32\SDRSVC.dll => File is digitally signed C:\WINDOWS\system32\vssvc.exe => File is digitally signed C:\WINDOWS\system32\wscsvc.dll => File is digitally signed C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed C:\WINDOWS\system32\wuaueng.dll => File is digitally signed C:\WINDOWS\system32\qmgr.dll => File is digitally signed C:\WINDOWS\system32\es.dll => File is digitally signed C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed C:\WINDOWS\system32\iphlpsvc.dll => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed **** End of log ****
  4. Results of screen317's Security Check version 1.014 --- 12/23/15 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 22 Java 7 Update 51 Java version 32-bit out of Date! Adobe Flash Player 26.0.0.131 Mozilla Firefox (54.0) Google Chrome (59.0.3071.109) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe Windows Defender MSASCuiL.exe Windows Defender MpCmdRun.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log``````````````````````
  5. [RESOLVED] Dell Laptop

    Fix result of Farbar Recovery Scan Tool (x86) Version: 25-06-2017 01 Ran by grant (25-06-2017 14:14:58) Run:1 Running from C:\Users\grant\Desktop Loaded Profiles: grant (Available Profiles: grant) Boot Mode: Normal ============================================== fixlist content: ***************** GroupPolicy: Restriction ? <==== ATTENTION BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll => No File Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File U3 aspnet_state; no ImagePath 2013-11-16 13:50 - 2015-06-27 18:18 - 0137592 _____ () C:\Users\grant\AppData\Local\av.log 2015-03-02 21:34 - 2015-03-02 21:46 - 0004608 _____ () C:\Users\grant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-14 13:27 - 2017-06-25 13:12 - 0000000 _____ () C:\Users\grant\AppData\Local\WavXMapDrive.bat 2017-06-24 22:59 - 2016-11-11 02:59 - 1586736 _____ (Microsoft Corporation) C:\Users\grant\AppData\Local\Temp\dllnt_dump.dll Task: {07263212-1D72-4926-8E92-B5BB8CB1BCB6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {12CD152C-F789-42F8-86A8-1856A6BA475A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {80C0F89D-542A-421F-B55B-1857202DA43E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {8B9E1515-CE01-4408-BBC2-8F3EAA1B7B99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {8D0962F9-A450-403F-A5D5-391BB2575BC3} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {91C357D3-E92F-43FB-ADB3-9D61FC90642D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9B6494E8-2688-4B4D-9EB7-46125EE7429A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {A5139527-9CDB-4A56-8412-A7440864BCE3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {BD600205-0076-4980-B631-9F437D62A590} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {D94E2EAC-0DD5-4941-A11C-F9019BE77F70} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {E17762D4-39BA-42AD-B069-0CA0CDC97BEF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {FB408C90-335D-4AC2-A720-DB4738AD152E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION ***************** C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => key removed successfully. HKLM\Software\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => key removed successfully. HKLM\Software\Classes\PROTOCOLS\Handler\tmpx => key removed successfully. HKLM\Software\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => key removed successfully. HKLM\System\CurrentControlSet\Services\aspnet_state => key removed successfully. aspnet_state => service removed successfully. C:\Users\grant\AppData\Local\WavXMapDrive.bat => moved successfully C:\Users\grant\AppData\Local\Temp\dllnt_dump.dll => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07263212-1D72-4926-8E92-B5BB8CB1BCB6} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07263212-1D72-4926-8E92-B5BB8CB1BCB6} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12CD152C-F789-42F8-86A8-1856A6BA475A} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12CD152C-F789-42F8-86A8-1856A6BA475A} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80C0F89D-542A-421F-B55B-1857202DA43E} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C0F89D-542A-421F-B55B-1857202DA43E} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B9E1515-CE01-4408-BBC2-8F3EAA1B7B99} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B9E1515-CE01-4408-BBC2-8F3EAA1B7B99} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D0962F9-A450-403F-A5D5-391BB2575BC3} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D0962F9-A450-403F-A5D5-391BB2575BC3} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B6494E8-2688-4B4D-9EB7-46125EE7429A} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B6494E8-2688-4B4D-9EB7-46125EE7429A} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5139527-9CDB-4A56-8412-A7440864BCE3} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5139527-9CDB-4A56-8412-A7440864BCE3} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD600205-0076-4980-B631-9F437D62A590} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD600205-0076-4980-B631-9F437D62A590} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D94E2EAC-0DD5-4941-A11C-F9019BE77F70} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D94E2EAC-0DD5-4941-A11C-F9019BE77F70} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB408C90-335D-4AC2-A720-DB4738AD152E} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB408C90-335D-4AC2-A720-DB4738AD152E} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully. The system needed a reboot. ==== End of Fixlog 14:15:00 ====
  6. [RESOLVED] Dell Laptop

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2017 01 Ran by grant (25-06-2017 13:22:29) Running from C:\Users\grant\Desktop Microsoft Windows 10 Pro Version 1607 (X86) (2016-12-20 15:36:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1466395940-1531427780-2725057850-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1466395940-1531427780-2725057850-503 - Limited - Disabled) grant (S-1-5-21-1466395940-1531427780-2725057850-1002 - Administrator - Enabled) => C:\Users\grant Guest (S-1-5-21-1466395940-1531427780-2725057850-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1466395940-1531427780-2725057850-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{90B7F915-6343-43CE-9DA7-E79E5BAC6673}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden Bomgar Display Driver (HKLM\...\{E166EA80-47A4-4DFE-B1D5-0EFA517DDDD3}) (Version: 2.0.518 - Bomgar Corporation) Bomgar Representative Console 14.2.3 [remote.sacsinc.com] (HKLM\...\Bomgar Representative Console [remote.sacsinc.com]) (Version: 14.2.3 - Bomgar Corporation) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 12.55.04 - Broadcom Corporation) Charter TV Player (HKLM\...\{fe4e0e1c-6db8-4a70-9272-235cf34aa2c1}) (Version: 5.11 - Charter) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Comcast Desktop Software (v1.2.0.9) (HKLM\...\{CEF7211D-CE3A-44C4-B321-D84A2099AE94}) (Version: 23 - Comcast) CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.) Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell) Dell System Detect (HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\d24084d039586cae) (Version: 8.5.0.4 - Dell) Dell System Manager (HKLM\...\{C8B8C745-D288-41B4-9512-01E397F77449}) (Version: 1.5.00000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.) Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.) EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.26.2.WIN.FullTilt.COM - ) Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 59.0.3071.109 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.18.110.1 - Intel Security) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation) iTunes (HKLM\...\{2F95FFC4-8624-43AB-8256-AA223555C9B7}) (Version: 12.6.0.100 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation) Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Monogram Wizard Plus V2.5 R15v (HKLM\...\{BD43BF87-2BED-4D95-8187-3E54A05FCAD3}) (Version: 2.05.0013 - needleheads) Mozilla Firefox 54.0 (x86 en-US) (HKLM\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NirSoft ProduKey (HKLM\...\NirSoft ProduKey) (Version: - ) NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden O2Micro OZ776 SCR Driver (HKLM\...\InstallShield_{95EF5536-580A-4E57-8EF3-B6ACBFBFAF96}) (Version: 1.1.4.209GS - O2Micro) O2Micro OZ776 SCR Driver (Version: 1.1.4.209GS - O2Micro) Hidden PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden RogueKiller version 12.11.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.3.0 - Adlice Software) Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) ScreenConnect Client (4d974ed2ea81fb52) (HKLM\...\{2C4C512D-8538-461F-883E-5F838D81E212}) (Version: 6.1.12292.6236 - ScreenConnect Software) Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden The Weather Channel App (HKLM\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel) Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden Weather Message Net (HKLM\...\Weather Message Net) (Version: 3.9.1 - Weather Message Software LLC) Weather Message Net Update (HKLM\...\Weather Message Net Update) (Version: 4.0 - Weather Message Software LLC) WeatherWarn (HKLM\...\WeatherWarn) (Version: 3.9 - Weather Message Software LLC) Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0) (HKLM\...\D3F88C3864C8C031A7C5D5E63A76571EC1B047DF) (Version: 05/13/2009 8.4.2.0 - AuthenTec Inc.) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1466395940-1531427780-2725057850-1002_Classes\CLSID\{4EA6BBD4-E775-4b7e-80FD-3651749850B0}\localserver32 -> C:\Users\grant\AppData\Local\Charter\Charter TV Player\CaptureServer.exe (Cisco) CustomCLSID: HKU\S-1-5-21-1466395940-1531427780-2725057850-1002_Classes\CLSID\{A8152EA9-8603-4217-9B22-06E801AE1D9C}\localserver32 -> C:\Users\grant\AppData\Local\Charter\Charter TV Player\PCShowServerPMWrapper.exe (Cisco) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07263212-1D72-4926-8E92-B5BB8CB1BCB6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {0CDE26F7-8A7A-4A07-B918-5A6056E9A3AA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {12CD152C-F789-42F8-86A8-1856A6BA475A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {13153F04-7900-4340-A0E4-8C980ECFE952} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {17BA7366-C26C-4354-87EA-5FAA92F5AA6E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {275CE079-C7D6-44E9-9AC5-3F6C2DE022CD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3DD530C0-62A5-4F3B-A28A-39A0E8C68278} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {42203CEE-C88E-44C5-8432-75134446D04B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {43829B0D-118A-49B5-8EA7-ACC38E475B97} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {459FDA0D-E97D-47EA-98BB-7EB169A8E7B8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {51D01B51-D7E4-4FE9-A1B2-297017B02835} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {55F370F3-74BE-4DEC-805D-6A3AFC298BFC} - System32\Tasks\{E427B050-407E-4248-8181-158819BB262E} => pcalua.exe -a "C:\Program Files\ComcastUI\Desktop Software\bin\kui.exe" -d "C:\Program Files\ComcastUI\Desktop Software\bin\" Task: {5CAC7907-7904-498A-B9D9-8745E8A33478} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {64D799E1-35DC-4667-8493-BE6A577E84E3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {684414C8-2A1A-44E7-B35B-BB4D1897AA1A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {6D1D40BB-3879-41E3-ABCC-1EAA85BB5BDB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {785EF1C1-9109-4A93-B6C9-4C42109C0325} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {80C0F89D-542A-421F-B55B-1857202DA43E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {83C3D901-D829-445B-A4FB-5C3780AE0BE8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {8B9E1515-CE01-4408-BBC2-8F3EAA1B7B99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {8C4331E0-057D-4115-A70F-7E5388911920} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8D0962F9-A450-403F-A5D5-391BB2575BC3} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {91C357D3-E92F-43FB-ADB3-9D61FC90642D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {99663379-A828-4D00-ADB3-BBC5EC19674D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9B6494E8-2688-4B4D-9EB7-46125EE7429A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9BC2B665-C594-47C2-9B5D-AFD95DFDCD69} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {9EE9514C-DCCE-494C-8BEE-2EAA82CC5272} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {A43B4CF7-6F20-479F-B129-B818EBACE636} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {A5139527-9CDB-4A56-8412-A7440864BCE3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {A9E3A937-859E-478E-A4FF-6BFB21300D6B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {B8BF3325-2E14-47E2-91F5-69B297F9AFC4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BD600205-0076-4980-B631-9F437D62A590} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {CADDA745-FD80-40B4-8175-2D10055F0D41} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CF639DFF-748C-4023-A688-70DC321B9965} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {D190F0D7-4A34-4A0F-965E-31CD2A31AD50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-24] (Adobe Systems Incorporated) Task: {D94E2EAC-0DD5-4941-A11C-F9019BE77F70} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {E17762D4-39BA-42AD-B069-0CA0CDC97BEF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {E8AC7A24-D72B-4DDC-9663-C2DA54C0A157} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EC1CAE89-A521-4409-AD93-3FFEF045DC38} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {F0372DFD-387B-452C-920E-DE8ADD359F2B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FB408C90-335D-4AC2-A720-DB4738AD152E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 03:25 - 2016-07-16 03:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-05-10 06:04 - 2017-04-27 19:56 - 02048488 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-03-16 16:09 - 2017-03-16 16:09 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-06-25 12:49 - 2017-05-25 14:11 - 01728968 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2010-01-19 13:44 - 2010-01-19 13:44 - 00249856 _____ () C:\WINDOWS\SYSTEM32\wxvault.dll 2017-03-15 10:58 - 2017-03-04 01:04 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 10:58 - 2017-03-04 00:58 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-12-20 11:47 - 2016-12-20 11:47 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-10 06:03 - 2017-04-27 18:52 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-05-10 06:03 - 2017-04-27 18:52 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-10 06:03 - 2017-04-27 18:55 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-06-24 22:20 - 2017-06-24 22:22 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2017-06-24 22:20 - 2017-06-24 22:22 - 00170496 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-24 22:20 - 2017-06-24 22:22 - 31268864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkyWrap.dll 2017-06-24 22:20 - 2017-06-24 22:22 - 01722880 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\skypert.dll 2016-07-16 03:25 - 2016-07-16 03:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 11:00 - 2017-03-04 01:24 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:04 - 2017-06-24 22:44 - 00000840 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 71.10.216.2 - 71.10.216.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bomgar Representative Console [remote.sacsinc.com].lnk => C:\Windows\pss\Bomgar Representative Console [remote.sacsinc.com].lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: WeatherWarn => C:\Program Files\WxMesgNet\WeatherWarn.exe HKLM\...\StartupApproved\Run: => "USCService" HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\StartupApproved\Run: => "msnmsgr" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{ABCCCF4B-B89E-4036-AB1A-EAD32A448751}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{AA913CDD-2F1D-40DE-8F38-1D34AE7F1C62}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{0D516752-5BB4-4939-87E9-ADF10FF38802}C:\users\grant\desktop\wxmesgtest\weatherwarnserver.exe] => (Allow) C:\users\grant\desktop\wxmesgtest\weatherwarnserver.exe FirewallRules: [TCP Query User{E1621F3A-E41F-4C7D-89A8-A0FEE9AD7C4F}C:\users\grant\desktop\wxmesgtest\weatherwarnserver.exe] => (Allow) C:\users\grant\desktop\wxmesgtest\weatherwarnserver.exe FirewallRules: [UDP Query User{C9904884-D1F4-4D51-A7E7-F1EB9F336DE5}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [TCP Query User{A7959D19-0715-4BC5-97A3-7A4476F3BDAD}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [UDP Query User{104C8E44-E6D2-4CBF-8AEA-B2BBDB28FB42}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [TCP Query User{58BC73B0-E6B0-4BA0-9817-619DE8A5685C}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{9911AA26-595D-4D76-85BD-E6616E61B578}C:\program files\wxmesgnet\wxemwin.exe] => (Allow) C:\program files\wxmesgnet\wxemwin.exe FirewallRules: [TCP Query User{9E2368B7-9510-410A-BBA1-B375DDE39D57}C:\program files\wxmesgnet\wxemwin.exe] => (Allow) C:\program files\wxmesgnet\wxemwin.exe FirewallRules: [UDP Query User{344C054A-C0FD-4EFE-8094-10EE147F54F2}C:\program files\wxmesgnet\wxmesgserver.exe] => (Allow) C:\program files\wxmesgnet\wxmesgserver.exe FirewallRules: [TCP Query User{7979E846-32E4-4CEA-8B5A-1FA8D3B4E315}C:\program files\wxmesgnet\wxmesgserver.exe] => (Allow) C:\program files\wxmesgnet\wxmesgserver.exe FirewallRules: [UDP Query User{46E67AD5-F4EE-4699-9A56-10133A056C75}C:\program files\wxmesgnet\wxemwin.exe] => (Allow) C:\program files\wxmesgnet\wxemwin.exe FirewallRules: [TCP Query User{4C705742-E44D-4A48-B2F5-E7FCCFD790B9}C:\program files\wxmesgnet\wxemwin.exe] => (Allow) C:\program files\wxmesgnet\wxemwin.exe FirewallRules: [UDP Query User{ADCD5EF4-9DFD-42E0-859C-503BE9CA5208}C:\program files\wxmesgnet\wxmesgserver.exe] => (Allow) C:\program files\wxmesgnet\wxmesgserver.exe FirewallRules: [TCP Query User{321B1D18-1735-4F45-8C1B-A49E7E005CC9}C:\program files\wxmesgnet\wxmesgserver.exe] => (Allow) C:\program files\wxmesgnet\wxmesgserver.exe FirewallRules: [{4857F988-7C3B-48EE-B5A9-EFA0B1966DB5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{506B6B61-55B0-4C92-BFA9-FDF14D951A76}] => (Allow) LPort=61117 FirewallRules: [{8EB80D6C-800C-42C9-B0BF-A01DA97D703C}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe FirewallRules: [{CDED2A29-4F93-48C5-95AF-43CD977FD759}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{08FEB38A-2E2D-44E0-86C1-9BB6FC0A7181}] => (Allow) LPort=1900 FirewallRules: [{CF22DC10-22B0-42F3-9E37-B5CF11835C66}] => (Allow) LPort=2869 FirewallRules: [{3B928051-E670-41D3-AE89-769B7E53A938}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1A761EEC-3194-4E95-AD5B-7B531C0942F0}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{9C360F62-984D-4426-8739-B4648D1145D2}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{AFFBCCD6-1A04-4060-B6CD-616AC937742E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{ED79ED30-524F-4506-8391-3654FE7F07F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5086BC1B-3E83-4C87-94A9-BF2D314407E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2559BCD0-4F4F-4D0E-9920-60FE37BF98D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{632F7895-A080-4BFD-B637-2F19FB7927F8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{6D1277DF-77F0-4C29-84A1-7DEA5A789542}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 11-05-2017 21:10:13 Installed iTunes 24-06-2017 22:52:17 before cleanup 25-06-2017 00:03:22 JRT Pre-Junkware Removal 25-06-2017 07:22:15 before driver updates 25-06-2017 09:52:00 before product key program 25-06-2017 13:14:39 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Optiarc DVD+-RW AD-7717H Description: CD-ROM Drive Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 3 - 3B46 Description: Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 3 - 3B46 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/25/2017 01:14:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (06/25/2017 01:12:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: sttray.exe, version: 1.0.6286.0, time stamp: 0x4bf63f9a Faulting module name: sttray.exe, version: 1.0.6286.0, time stamp: 0x4bf63f9a Exception code: 0xc0000005 Fault offset: 0x000077eb Faulting process id: 0x1a38 Faulting application start time: 0x01d2edde8cf015c7 Faulting application path: C:\Program Files\IDT\WDM\sttray.exe Faulting module path: C:\Program Files\IDT\WDM\sttray.exe Report Id: acee98a5-6ec2-4492-83dc-4ee22e5c5724 Faulting package full name: Faulting package-relative application ID: Error: (06/25/2017 01:10:45 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to the Storage interface failed Error: (06/25/2017 01:09:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DARK-PC) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/25/2017 01:09:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DARK-PC) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/25/2017 01:00:06 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\fingerprint sensor\drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/25/2017 12:13:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: sttray.exe, version: 1.0.6286.0, time stamp: 0x4bf63f9a Faulting module name: sttray.exe, version: 1.0.6286.0, time stamp: 0x4bf63f9a Exception code: 0xc0000005 Fault offset: 0x000077eb Faulting process id: 0x1104 Faulting application start time: 0x01d2edd661d5aa84 Faulting application path: C:\Program Files\IDT\WDM\sttray.exe Faulting module path: C:\Program Files\IDT\WDM\sttray.exe Report Id: c79958fe-d323-451a-a796-7aebba2210c6 Faulting package full name: Faulting package-relative application ID: Error: (06/25/2017 11:40:11 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to the Storage interface failed Error: (06/25/2017 10:24:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\fingerprint sensor\drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/25/2017 10:13:15 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\fingerprint sensor\drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (06/25/2017 01:11:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/25/2017 01:10:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/25/2017 01:10:46 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The tcsd_win32.exe service depends on the following service: TBS. This service might not be installed. Error: (06/25/2017 01:10:44 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY) Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898. Error: (06/25/2017 01:09:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\System32\bcmihvsrv.dll Error: (06/25/2017 01:09:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\System32\bcmihvsrv.dll Error: (06/25/2017 01:09:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\System32\bcmihvsrv.dll Error: (06/25/2017 01:09:46 PM) (Source: DCOM) (EventID: 10010) (User: DARK-PC) Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (06/25/2017 01:09:46 PM) (Source: DCOM) (EventID: 10010) (User: DARK-PC) Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (06/25/2017 01:09:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The osppsvc service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-06-25 10:30:59.715 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-24 15:56:57.291 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-11 10:43:06.574 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-10 10:52:07.001 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-09 10:43:07.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-09 04:53:35.759 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-08 04:54:33.406 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-06 10:43:05.651 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-05 10:44:05.522 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 10:43:03.599 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz Percentage of memory in use: 51% Total physical RAM: 2933.85 MB Available physical RAM: 1412.55 MB Total Virtual: 5877.85 MB Available Virtual: 4147.57 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:220.7 GB) (Free:125.99 GB) NTFS Drive d: (USB DRIVE) (Removable) (Total:14.44 GB) (Free:13.7 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 77E3ED41) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=220.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.5 GB) (Disk ID: 235DFDDE) Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C) ==================== End of Addition.txt ============================
  7. [RESOLVED] Dell Laptop

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2017 01 Ran by grant (administrator) on DARK-PC (25-06-2017 13:21:19) Running from C:\Users\grant\Desktop Loaded Profiles: grant (Available Profiles: grant) Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Dell) C:\Users\grant\AppData\Local\Apps\2.0\NDQNL8AN.40L\C2G1N822.QJ6\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [571736 2014-03-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-05-26] (IDT, Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-02] (Dell Inc.) HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.) HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation) HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions) HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] () HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft) HKLM\...\Run: [ddoctorv2] => C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [202560 2008-04-24] (SupportSoft, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-03-22] (Apple Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] () HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-15] (Google Inc.) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\Run: [PCShowServerCHARTER] => C:\Users\grant\AppData\Local\Charter\Charter TV Player\PCShowServerPMWrapper.exe [1718792 2015-05-10] (Cisco) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\Run: [DellSystemDetect] => C:\Users\grant\AppData\Local\Apps\2.0\NDQNL8AN.40L\C2G1N822.QJ6\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe [313264 2017-06-25] (Dell) Lsa: [Authentication Packages] wvauth msv1_0 Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-01-06] ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2011-01-06] ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 71.10.216.2 71.10.216.1 192.168.1.1 Tcpip\..\Interfaces\{a97b4ce2-dfd9-41e9-8f5b-708fcf154e02}: [DhcpNameServer] 71.10.216.2 71.10.216.1 192.168.1.1 Tcpip\..\Interfaces\{f2fbc485-dbf0-49aa-99ee-421365dd128f}: [DhcpNameServer] 71.10.216.2 71.10.216.1 Internet Explorer: ================== HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1 SearchScopes: HKLM -> {7928AB17-664C-4A57-9C66-9B7973A1B08A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security) BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll => No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-29] (Oracle Corporation) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-29] (Oracle Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) Toolbar: HKU\S-1-5-21-1466395940-1531427780-2725057850-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File FireFox: ======== FF ProfilePath: C:\Users\grant\AppData\Roaming\Mozilla\Firefox\Profiles\rqp60xc1.default-1498336098987 [2017-06-25] FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\rqp60xc1.default-1498336098987 -> Google FF Homepage: Mozilla\Firefox\Profiles\rqp60xc1.default-1498336098987 -> hxxp://www.google.com/ FF Extension: (uBlock Origin) - C:\Users\grant\AppData\Roaming\Mozilla\Firefox\Profiles\rqp60xc1.default-1498336098987\Extensions\uBlock0@raymondhill.net.xpi [2017-06-25] FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-24] () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-29] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default [2017-06-25] CHR Extension: (Google Drive) - C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (Google Docs Offline) - C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26] CHR Extension: (Chrome Media Router) - C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-25] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2010-05-26] (Andrea Electronics Corporation) [File not signed] R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [76120 2014-03-27] (Alps Electric Co., Ltd.) R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-05-10] (AuthenTec, Inc.) R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [114688 2009-11-04] (Broadcom Corporation) [File not signed] R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes) S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions) S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions) S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-12-20] (Microsoft Corporation) R2 sprtsvc_ddoctorv2; C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.) S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-26] (IDT, Inc.) [File not signed] S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed] R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1002472 2017-05-26] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [17992 2017-05-26] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [74816 2017-05-26] (McAfee, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271488 2017-04-27] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84920 2017-04-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\WINDOWS\system32\DRIVERS\accelern.sys [44144 2012-05-23] (ST Microelectronics) R3 BCM42RLY; C:\WINDOWS\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation) R1 bgdspdrv; C:\WINDOWS\system32\DRIVERS\bgdspdrv.sys [34896 2012-05-21] (Bomgar Corporation) S3 Blfp; C:\WINDOWS\system32\DRIVERS\basp.sys [85504 2009-10-15] (Broadcom Corporation) S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software) [File not signed] R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-05-25] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [162208 2017-06-25] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [97208 2017-06-25] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39840 2017-06-25] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-25] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [74656 2017-06-25] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] () R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) S2 risdpcie; C:\WINDOWS\system32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC) R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics) R2 WavxDMgr; C:\WINDOWS\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.) [File not signed] S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-25 13:21 - 2017-06-25 13:22 - 00018379 _____ C:\Users\grant\Desktop\FRST.txt 2017-06-25 13:21 - 2017-06-25 13:21 - 00000000 ____D C:\Users\grant\Desktop\FRST-OlderVersion 2017-06-25 13:17 - 2017-06-25 13:17 - 00000631 _____ C:\Users\grant\Desktop\JRT.txt 2017-06-25 13:14 - 2017-06-24 22:41 - 01663672 _____ (Malwarebytes) C:\Users\grant\Desktop\JRT.exe 2017-06-25 13:07 - 2017-06-24 22:40 - 04110280 _____ C:\Users\grant\Desktop\adwcleaner_6.047.exe 2017-06-25 13:05 - 2017-06-25 13:09 - 00000000 ____D C:\AdwCleaner 2017-06-25 12:49 - 2017-06-25 13:11 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-25 12:49 - 2017-06-25 13:11 - 00097208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-06-25 12:49 - 2017-06-25 13:11 - 00074656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-06-25 12:49 - 2017-06-25 13:11 - 00039840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-06-25 12:49 - 2017-06-25 12:49 - 00162208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-06-25 12:49 - 2017-06-25 12:49 - 00002099 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-06-25 12:49 - 2017-06-25 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-25 12:49 - 2017-06-25 12:49 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-25 12:49 - 2017-05-25 11:58 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys 2017-06-25 12:47 - 2017-06-25 12:47 - 00001041 _____ C:\Users\grant\Desktop\ttttt.txt 2017-06-25 10:42 - 2017-04-21 16:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2017-06-25 10:42 - 2017-04-21 16:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll 2017-06-25 10:42 - 2017-03-15 13:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2017-06-25 10:42 - 2017-03-15 13:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2017-06-25 10:34 - 2017-06-25 13:19 - 00000000 ____D C:\Users\grant\AppData\LocalLow\Mozilla 2017-06-25 10:10 - 2017-06-25 10:10 - 00000000 ____D C:\Users\grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ProduKey 2017-06-25 10:10 - 2017-06-25 10:10 - 00000000 ____D C:\Program Files\NirSoft 2017-06-25 07:41 - 2017-06-25 07:41 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2 2017-06-25 07:37 - 2017-06-25 07:37 - 13536952 _____ (Dell Inc.) C:\Users\grant\Downloads\Chipset_Driver_RCHTX_WN_2.00.10.34_A11.EXE 2017-06-25 07:37 - 2017-06-25 07:37 - 00000000 ____D C:\Users\grant\AppData\Local\Dell 2017-06-25 07:37 - 2017-06-25 07:37 - 00000000 ____D C:\Program Files\STMicroelectronics 2017-06-25 07:37 - 2012-05-23 10:22 - 00081520 _____ (ST Microelectronics) C:\WINDOWS\system32\accelernco01.dll 2017-06-25 07:37 - 2012-05-23 10:22 - 00044144 _____ (ST Microelectronics) C:\WINDOWS\system32\Drivers\accelern.sys 2017-06-25 07:37 - 2011-07-15 21:30 - 00017904 _____ (ST Microelectronics) C:\WINDOWS\system32\Drivers\stdcfltn.sys 2017-06-25 07:08 - 2017-06-25 08:41 - 00000000 ____D C:\ProgramData\PCDr 2017-06-25 07:08 - 2017-06-25 07:08 - 00002304 _____ C:\Users\Public\Desktop\SupportAssist.lnk 2017-06-25 07:08 - 2017-06-25 07:08 - 00000000 ____D C:\Users\grant\AppData\LocalLow\PCDr 2017-06-25 07:08 - 2017-06-25 07:08 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2017-06-25 07:07 - 2017-06-25 07:08 - 00000000 ____D C:\Program Files\Dell Support Center 2017-06-25 07:05 - 2017-06-25 07:05 - 00000000 ____D C:\Users\grant\AppData\Roaming\PCDr 2017-06-25 07:03 - 2017-06-25 07:03 - 00519600 _____ () C:\Users\grant\Downloads\DellSystemDetectLauncher.exe 2017-06-25 07:03 - 2017-06-25 07:03 - 00000000 ____D C:\Users\grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2017-06-25 07:03 - 2017-06-25 07:03 - 00000000 ____D C:\Users\grant\AppData\Local\Deployment 2017-06-25 06:48 - 2017-06-25 06:50 - 00004588 _____ C:\Users\grant\Desktop\Rkill.txt 2017-06-25 06:34 - 2017-06-25 13:21 - 01780224 _____ (Farbar) C:\Users\grant\Desktop\FRST.exe 2017-06-25 06:34 - 2017-06-25 13:21 - 00000000 ____D C:\FRST 2017-06-25 06:15 - 2017-06-25 06:15 - 00000506 _____ C:\DelFix.txt 2017-06-25 06:14 - 2017-06-25 13:12 - 00000000 ____D C:\Users\grant\AppData\Local\CrashDumps 2017-06-25 00:08 - 2017-06-03 04:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-06-25 00:08 - 2017-06-03 04:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-06-25 00:08 - 2017-06-03 04:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-06-25 00:07 - 2017-06-03 05:15 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2017-06-25 00:07 - 2017-06-03 05:03 - 00094560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-06-25 00:07 - 2017-06-03 04:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-06-25 00:07 - 2017-06-03 04:53 - 00454496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-06-25 00:07 - 2017-06-03 04:43 - 01964384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-06-25 00:07 - 2017-06-03 04:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-06-25 00:07 - 2017-06-03 04:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll 2017-06-25 00:07 - 2017-06-03 04:31 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-06-25 00:07 - 2017-06-03 04:30 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-06-25 00:07 - 2017-06-03 04:29 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-06-25 00:07 - 2017-06-03 04:25 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-06-25 00:07 - 2017-06-03 04:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2017-06-25 00:07 - 2017-06-03 04:06 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-06-25 00:07 - 2017-06-03 04:05 - 01236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-06-25 00:07 - 2017-06-03 04:04 - 01889792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-06-25 00:07 - 2017-06-03 04:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-06-25 00:07 - 2016-09-06 23:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2017-06-25 00:06 - 2017-06-03 05:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2017-06-25 00:06 - 2017-06-03 05:50 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2017-06-25 00:06 - 2017-06-03 05:13 - 05996384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-06-25 00:06 - 2017-06-03 05:13 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-06-25 00:06 - 2017-06-03 05:03 - 00950112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-06-25 00:06 - 2017-06-03 04:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-06-25 00:06 - 2017-06-03 04:55 - 01896288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-06-25 00:06 - 2017-06-03 04:55 - 00342368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-06-25 00:06 - 2017-06-03 04:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2017-06-25 00:06 - 2017-06-03 04:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2017-06-25 00:06 - 2017-06-03 04:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-06-25 00:06 - 2017-06-03 04:48 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-06-25 00:06 - 2017-06-03 04:44 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-06-25 00:06 - 2017-06-03 04:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-06-25 00:06 - 2017-06-03 04:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-06-25 00:06 - 2017-06-03 04:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2017-06-25 00:06 - 2017-06-03 04:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll 2017-06-25 00:06 - 2017-06-03 04:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll 2017-06-25 00:06 - 2017-06-03 04:25 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2017-06-25 00:06 - 2017-06-03 04:25 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2017-06-25 00:06 - 2017-06-03 04:25 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2017-06-25 00:06 - 2017-06-03 04:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-06-25 00:06 - 2017-06-03 04:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2017-06-25 00:06 - 2017-06-03 04:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll 2017-06-25 00:06 - 2017-06-03 04:22 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll 2017-06-25 00:06 - 2017-06-03 04:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-06-25 00:06 - 2017-06-03 04:20 - 00668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-06-25 00:06 - 2017-06-03 04:16 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2017-06-25 00:06 - 2017-06-03 04:16 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-06-25 00:06 - 2017-06-03 04:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-06-25 00:06 - 2017-06-03 04:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-06-25 00:06 - 2017-06-03 04:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-06-25 00:06 - 2017-06-03 04:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-06-25 00:06 - 2017-06-03 04:05 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-06-25 00:06 - 2017-06-03 04:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll 2017-06-25 00:06 - 2017-06-03 04:05 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2017-06-25 00:06 - 2017-06-03 04:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-06-25 00:06 - 2017-06-03 04:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-06-25 00:06 - 2017-06-03 04:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-06-25 00:06 - 2017-06-02 02:35 - 00080078 _____ C:\WINDOWS\system32\normidna.nls 2017-06-25 00:06 - 2017-05-25 01:56 - 00034144 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe 2017-06-25 00:06 - 2017-03-04 01:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-06-25 00:06 - 2017-03-04 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 01336160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 00514400 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 00455000 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 00284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 00254816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-06-25 00:05 - 2017-06-03 05:50 - 00083296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-06-25 00:05 - 2017-06-03 05:50 - 00030560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-06-25 00:05 - 2017-06-03 05:22 - 00231776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-06-25 00:05 - 2017-06-03 04:58 - 00154976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-06-25 00:05 - 2017-06-03 04:54 - 00290656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-06-25 00:05 - 2017-06-03 04:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2017-06-25 00:05 - 2017-06-03 04:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-06-25 00:05 - 2017-06-03 04:32 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-06-25 00:05 - 2017-06-03 04:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2017-06-25 00:05 - 2017-06-03 04:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2017-06-25 00:05 - 2017-06-03 04:04 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-06-25 00:02 - 2017-06-25 00:02 - 00003922 _____ C:\Users\grant\Desktop\rk_5DCB.tmp.txt 2017-06-24 22:59 - 2017-06-25 00:02 - 00000000 ____D C:\ProgramData\RogueKiller 2017-06-24 22:59 - 2017-06-24 22:59 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-06-24 22:59 - 2017-06-24 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-06-24 22:59 - 2017-06-24 22:59 - 00000000 ____D C:\Program Files\RogueKiller 2017-06-24 15:28 - 2017-06-24 15:28 - 00000000 ____D C:\Users\grant\Desktop\Old Firefox Data ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-25 13:15 - 2016-02-03 18:57 - 02977466 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-25 13:12 - 2013-02-14 13:27 - 00000000 _____ C:\Users\grant\AppData\Local\WavXMapDrive.bat 2017-06-25 13:10 - 2016-12-20 10:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-25 13:10 - 2016-07-15 21:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-06-25 12:49 - 2015-08-16 15:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-25 12:46 - 2016-07-16 03:28 - 00000000 ____D C:\WINDOWS\INF 2017-06-25 12:16 - 2013-08-26 17:28 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-06-25 12:16 - 2013-08-26 17:28 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-06-25 11:40 - 2014-01-11 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-06-25 10:44 - 2016-07-16 03:19 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-25 10:36 - 2016-06-22 11:54 - 00000000 ____D C:\Users\grant\AppData\Local\tkdata 2017-06-25 10:34 - 2015-11-09 16:42 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-06-25 08:41 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-25 08:41 - 2015-08-01 10:39 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-25 08:23 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\rescache 2017-06-25 07:44 - 2016-12-20 09:55 - 00383184 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-06-25 07:44 - 2016-06-22 11:52 - 00000000 ____D C:\Program Files\McAfee 2017-06-25 07:44 - 2016-06-22 11:44 - 00000000 ____D C:\Program Files\TrueKey 2017-06-25 07:44 - 2011-01-06 17:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-25 07:41 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-06-25 07:41 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-06-25 07:37 - 2011-01-06 17:03 - 00000000 ____D C:\Program Files\DIFX 2017-06-25 07:37 - 2011-01-06 17:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2017-06-25 07:15 - 2011-01-24 15:12 - 00000000 ____D C:\Temp 2017-06-25 07:08 - 2011-01-06 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-06-25 07:07 - 2011-01-06 17:00 - 00000000 ____D C:\Program Files\Dell 2017-06-25 07:05 - 2011-01-06 17:07 - 00000000 ____D C:\ProgramData\Dell 2017-06-25 06:15 - 2013-08-21 20:32 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-25 06:12 - 2016-06-22 11:54 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2017-06-25 06:12 - 2016-06-22 11:54 - 00001230 _____ C:\Users\Public\Desktop\True Key.lnk 2017-06-25 00:19 - 2013-02-19 17:34 - 130903960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-25 00:19 - 2011-01-06 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-24 22:57 - 2011-01-06 17:17 - 00000000 ____D C:\ProgramData\Sonic 2017-06-24 22:31 - 2016-07-16 03:29 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-24 16:13 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-24 15:56 - 2016-12-20 09:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-24 15:36 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-06-24 15:36 - 2013-02-20 20:27 - 00000000 ____D C:\Users\grant\AppData\Local\Adobe 2017-06-24 15:35 - 2015-08-01 10:43 - 00002408 _____ C:\Users\grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-06-24 15:35 - 2015-08-01 10:43 - 00000000 ___RD C:\Users\grant\OneDrive 2017-06-24 15:32 - 2011-01-24 13:13 - 00456360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-06-03 01:36 - 2016-07-16 03:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2017-06-03 01:36 - 2016-07-16 03:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2013-11-16 13:50 - 2015-06-27 18:18 - 0137592 _____ () C:\Users\grant\AppData\Local\av.log 2015-03-02 21:34 - 2015-03-02 21:46 - 0004608 _____ () C:\Users\grant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-14 13:27 - 2017-06-25 13:12 - 0000000 _____ () C:\Users\grant\AppData\Local\WavXMapDrive.bat Some files in TEMP: ==================== 2017-06-24 22:59 - 2016-11-11 02:59 - 1586736 _____ (Microsoft Corporation) C:\Users\grant\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-24 15:56 ==================== End of FRST.txt ============================
  8. [RESOLVED] Dell Laptop

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Pro x86 Ran by grant (Administrator) on Sun 06/25/2017 at 13:14:35.92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\WINDOWS\System32\Tasks\PCDEventLauncherTask (Task) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 06/25/2017 at 13:17:33.46 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. [RESOLVED] Dell Laptop

    # AdwCleaner v6.047 - Logfile created 25/06/2017 at 13:09:42 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-23.1 [Server] # Operating System : Windows 10 Pro (X86) # Username : grant - DARK-PC # Running from : C:\Users\grant\Desktop\adwcleaner_6.047.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [-] [C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [972 Bytes] - [25/06/2017 13:09:42] C:\AdwCleaner\AdwCleaner[S0].txt - [1525 Bytes] - [25/06/2017 13:09:18] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1117 Bytes] ##########
  10. [RESOLVED] Dell Laptop

    Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/25/17 Scan Time: 12:51 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2230 License: Trial -System Information- OS: Windows 10 CPU: x86 File System: NTFS User: DARK-PC\grant -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 340648 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 7 min, 40 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  11. [RESOLVED] Dell Laptop

    RogueKiller V12.11.3.0 [Jun 19 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 32 bits version Started in : Normal mode User : grant [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 06/24/2017 22:59:57 (Duration : 00:59:13) Switches : -refid ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 2 ¤¤¤ [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-1466395940-1531427780-2725057850-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9250410AS +++++ --- User --- [MBR] eaa0fce570070d42f769c7d0fade7c3f [BSP] 2443d7138d44605c205800f5c869ff21 : HP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 12442 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25563136 | Size: 225992 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++ --- User --- [MBR] 5b3ed819e79bf5661c3dabc423ecd7d6 [BSP] 335da733900015fb0be4195b46ec303d : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 14798 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  12. [RESOLVED] Dell Laptop

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2017 01 Ran by grant (25-06-2017 06:35:52) Running from C:\Users\grant\Desktop Microsoft Windows 10 Pro Version 1607 (X86) (2016-12-20 15:36:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1466395940-1531427780-2725057850-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1466395940-1531427780-2725057850-503 - Limited - Disabled) grant (S-1-5-21-1466395940-1531427780-2725057850-1002 - Administrator - Enabled) => C:\Users\grant Guest (S-1-5-21-1466395940-1531427780-2725057850-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1466395940-1531427780-2725057850-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{90B7F915-6343-43CE-9DA7-E79E5BAC6673}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden Bomgar Display Driver (HKLM\...\{E166EA80-47A4-4DFE-B1D5-0EFA517DDDD3}) (Version: 2.0.518 - Bomgar Corporation) Bomgar Representative Console 14.2.3 [remote.sacsinc.com] (HKLM\...\Bomgar Representative Console [remote.sacsinc.com]) (Version: 14.2.3 - Bomgar Corporation) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 12.55.04 - Broadcom Corporation) Charter TV Player (HKLM\...\{fe4e0e1c-6db8-4a70-9272-235cf34aa2c1}) (Version: 5.11 - Charter) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Comcast Desktop Software (v1.2.0.9) (HKLM\...\{CEF7211D-CE3A-44C4-B321-D84A2099AE94}) (Version: 23 - Comcast) CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.) Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.) Dell System Manager (HKLM\...\{C8B8C745-D288-41B4-9512-01E397F77449}) (Version: 1.5.00000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.) Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.) EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.26.2.WIN.FullTilt.COM - ) Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.18.110.1 - Intel Security) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation) iTunes (HKLM\...\{2F95FFC4-8624-43AB-8256-AA223555C9B7}) (Version: 12.6.0.100 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation) Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Monogram Wizard Plus V2.5 R15v (HKLM\...\{BD43BF87-2BED-4D95-8187-3E54A05FCAD3}) (Version: 2.05.0013 - needleheads) Mozilla Firefox 47.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden O2Micro OZ776 SCR Driver (HKLM\...\InstallShield_{95EF5536-580A-4E57-8EF3-B6ACBFBFAF96}) (Version: 1.1.4.209GS - O2Micro) O2Micro OZ776 SCR Driver (Version: 1.1.4.209GS - O2Micro) Hidden PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden RogueKiller version 12.11.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.3.0 - Adlice Software) Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) ScreenConnect Client (4d974ed2ea81fb52) (HKLM\...\{2C4C512D-8538-461F-883E-5F838D81E212}) (Version: 6.1.12292.6236 - ScreenConnect Software) Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden The Weather Channel App (HKLM\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel) Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden Weather Message Net (HKLM\...\Weather Message Net) (Version: 3.9.1 - Weather Message Software LLC) Weather Message Net Update (HKLM\...\Weather Message Net Update) (Version: 4.0 - Weather Message Software LLC) WeatherWarn (HKLM\...\WeatherWarn) (Version: 3.9 - Weather Message Software LLC) Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0) (HKLM\...\D3F88C3864C8C031A7C5D5E63A76571EC1B047DF) (Version: 05/13/2009 8.4.2.0 - AuthenTec Inc.) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1466395940-1531427780-2725057850-1002_Classes\CLSID\{4EA6BBD4-E775-4b7e-80FD-3651749850B0}\localserver32 -> C:\Users\grant\AppData\Local\Charter\Charter TV Player\CaptureServer.exe (Cisco) CustomCLSID: HKU\S-1-5-21-1466395940-1531427780-2725057850-1002_Classes\CLSID\{A8152EA9-8603-4217-9B22-06E801AE1D9C}\localserver32 -> C:\Users\grant\AppData\Local\Charter\Charter TV Player\PCShowServerPMWrapper.exe (Cisco) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07263212-1D72-4926-8E92-B5BB8CB1BCB6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {0CDE26F7-8A7A-4A07-B918-5A6056E9A3AA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {12CD152C-F789-42F8-86A8-1856A6BA475A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {13153F04-7900-4340-A0E4-8C980ECFE952} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {17BA7366-C26C-4354-87EA-5FAA92F5AA6E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {275CE079-C7D6-44E9-9AC5-3F6C2DE022CD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3DD530C0-62A5-4F3B-A28A-39A0E8C68278} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {42203CEE-C88E-44C5-8432-75134446D04B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {43829B0D-118A-49B5-8EA7-ACC38E475B97} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {459FDA0D-E97D-47EA-98BB-7EB169A8E7B8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {51D01B51-D7E4-4FE9-A1B2-297017B02835} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {55F370F3-74BE-4DEC-805D-6A3AFC298BFC} - System32\Tasks\{E427B050-407E-4248-8181-158819BB262E} => pcalua.exe -a "C:\Program Files\ComcastUI\Desktop Software\bin\kui.exe" -d "C:\Program Files\ComcastUI\Desktop Software\bin\" Task: {5CAC7907-7904-498A-B9D9-8745E8A33478} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {64D799E1-35DC-4667-8493-BE6A577E84E3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {684414C8-2A1A-44E7-B35B-BB4D1897AA1A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {6D1D40BB-3879-41E3-ABCC-1EAA85BB5BDB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {785EF1C1-9109-4A93-B6C9-4C42109C0325} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {80C0F89D-542A-421F-B55B-1857202DA43E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {83C3D901-D829-445B-A4FB-5C3780AE0BE8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {8B9E1515-CE01-4408-BBC2-8F3EAA1B7B99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {8C4331E0-057D-4115-A70F-7E5388911920} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8D0962F9-A450-403F-A5D5-391BB2575BC3} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {91C357D3-E92F-43FB-ADB3-9D61FC90642D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {99663379-A828-4D00-ADB3-BBC5EC19674D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9B6494E8-2688-4B4D-9EB7-46125EE7429A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9BC2B665-C594-47C2-9B5D-AFD95DFDCD69} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {9EE9514C-DCCE-494C-8BEE-2EAA82CC5272} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {A43B4CF7-6F20-479F-B129-B818EBACE636} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {A5139527-9CDB-4A56-8412-A7440864BCE3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {A9E3A937-859E-478E-A4FF-6BFB21300D6B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {B8BF3325-2E14-47E2-91F5-69B297F9AFC4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BD600205-0076-4980-B631-9F437D62A590} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {CADDA745-FD80-40B4-8175-2D10055F0D41} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CF639DFF-748C-4023-A688-70DC321B9965} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {D190F0D7-4A34-4A0F-965E-31CD2A31AD50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-24] (Adobe Systems Incorporated) Task: {D94E2EAC-0DD5-4941-A11C-F9019BE77F70} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {E17762D4-39BA-42AD-B069-0CA0CDC97BEF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {E8AC7A24-D72B-4DDC-9663-C2DA54C0A157} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EC1CAE89-A521-4409-AD93-3FFEF045DC38} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {F0372DFD-387B-452C-920E-DE8ADD359F2B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FB408C90-335D-4AC2-A720-DB4738AD152E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-03-16 16:09 - 2017-03-16 16:09 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-07-16 03:25 - 2016-07-16 03:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-05-10 06:04 - 2017-04-27 19:56 - 02048488 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2010-01-19 13:44 - 2010-01-19 13:44 - 00249856 _____ () C:\WINDOWS\SYSTEM32\wxvault.dll 2016-07-16 03:25 - 2016-07-16 03:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 11:00 - 2017-03-04 01:24 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 10:58 - 2017-03-04 01:04 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 10:58 - 2017-03-04 00:58 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-12-20 11:47 - 2016-12-20 11:47 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-10 06:03 - 2017-04-27 18:52 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-05-10 06:03 - 2017-04-27 18:52 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-10 06:03 - 2017-04-27 18:55 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-06-24 22:20 - 2017-06-24 22:22 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2017-06-24 22:20 - 2017-06-24 22:22 - 00170496 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-24 22:20 - 2017-06-24 22:22 - 31268864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkyWrap.dll 2017-06-24 22:20 - 2017-06-24 22:22 - 01722880 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\skypert.dll 2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2010-09-03 02:28 - 2010-09-03 02:28 - 00518640 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll 2017-03-27 12:21 - 2017-03-27 12:21 - 00080184 _____ () C:\Program Files\iTunes\zlib1.dll 2017-03-27 12:21 - 2017-03-27 12:21 - 01041720 _____ () C:\Program Files\iTunes\libxml2.dll 2015-05-10 14:24 - 2015-05-10 14:24 - 01471480 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\NDSPCShowServer.exe 2015-05-10 14:24 - 2015-05-10 14:24 - 12583920 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\PCShowServer.dll 2015-05-10 14:25 - 2015-05-10 14:25 - 00338928 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\ndsLogStore.dll 2015-05-10 14:24 - 2015-05-10 14:24 - 03410416 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\DrmSingleton.dll 2015-05-10 14:24 - 2015-05-10 14:24 - 02182136 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\DiscoveryManager.dll 2015-05-10 14:24 - 2015-05-10 14:24 - 24985064 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libcef.dll 2015-05-10 14:24 - 2015-05-10 14:24 - 00742384 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libglesv2.dll 2015-05-10 14:24 - 2015-05-10 14:24 - 00136168 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libegl.dll 2015-05-10 14:24 - 2015-05-10 14:24 - 02137584 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\PlayerCore.dll 2015-05-10 14:25 - 2015-05-10 14:25 - 00688640 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libgstreamer-0.10.dll 2015-05-10 14:25 - 2015-05-10 14:25 - 00205304 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libgstbase-0.10.dll 2015-05-10 14:25 - 2015-05-10 14:25 - 00059912 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libgstinterfaces-0.10.dll 2015-05-10 14:25 - 2015-05-10 14:25 - 00043512 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libgstvideo-0.10.dll 2015-05-10 14:25 - 2015-05-10 14:25 - 00044536 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libgstapp-0.10.dll 2015-05-10 14:25 - 2015-05-10 14:25 - 01402864 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\libxml2-2.dll 2015-05-10 14:25 - 2015-05-10 14:25 - 00091616 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\z.dll 2015-05-10 14:24 - 2015-05-10 14:24 - 11356144 _____ () C:\Users\grant\AppData\Local\Charter\Charter TV Player\gsttspplugin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:04 - 2017-06-24 22:44 - 00000840 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 71.10.216.2 - 71.10.216.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bomgar Representative Console [remote.sacsinc.com].lnk => C:\Windows\pss\Bomgar Representative Console [remote.sacsinc.com].lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: WeatherWarn => C:\Program Files\WxMesgNet\WeatherWarn.exe HKLM\...\StartupApproved\Run: => "USCService" HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\StartupApproved\Run: => "msnmsgr" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{ABCCCF4B-B89E-4036-AB1A-EAD32A448751}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{AA913CDD-2F1D-40DE-8F38-1D34AE7F1C62}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{0D516752-5BB4-4939-87E9-ADF10FF38802}C:\users\grant\desktop\wxmesgtest\weatherwarnserver.exe] => (Allow) C:\users\grant\desktop\wxmesgtest\weatherwarnserver.exe FirewallRules: [TCP Query User{E1621F3A-E41F-4C7D-89A8-A0FEE9AD7C4F}C:\users\grant\desktop\wxmesgtest\weatherwarnserver.exe] => (Allow) C:\users\grant\desktop\wxmesgtest\weatherwarnserver.exe FirewallRules: [UDP Query User{C9904884-D1F4-4D51-A7E7-F1EB9F336DE5}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [TCP Query User{A7959D19-0715-4BC5-97A3-7A4476F3BDAD}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [UDP Query User{104C8E44-E6D2-4CBF-8AEA-B2BBDB28FB42}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [TCP Query User{58BC73B0-E6B0-4BA0-9817-619DE8A5685C}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{9911AA26-595D-4D76-85BD-E6616E61B578}C:\program files\wxmesgnet\wxemwin.exe] => (Allow) C:\program files\wxmesgnet\wxemwin.exe FirewallRules: [TCP Query User{9E2368B7-9510-410A-BBA1-B375DDE39D57}C:\program files\wxmesgnet\wxemwin.exe] => (Allow) C:\program files\wxmesgnet\wxemwin.exe FirewallRules: [UDP Query User{344C054A-C0FD-4EFE-8094-10EE147F54F2}C:\program files\wxmesgnet\wxmesgserver.exe] => (Allow) C:\program files\wxmesgnet\wxmesgserver.exe FirewallRules: [TCP Query User{7979E846-32E4-4CEA-8B5A-1FA8D3B4E315}C:\program files\wxmesgnet\wxmesgserver.exe] => (Allow) C:\program files\wxmesgnet\wxmesgserver.exe FirewallRules: [UDP Query User{46E67AD5-F4EE-4699-9A56-10133A056C75}C:\program files\wxmesgnet\wxemwin.exe] => (Allow) C:\program files\wxmesgnet\wxemwin.exe FirewallRules: [TCP Query User{4C705742-E44D-4A48-B2F5-E7FCCFD790B9}C:\program files\wxmesgnet\wxemwin.exe] => (Allow) C:\program files\wxmesgnet\wxemwin.exe FirewallRules: [UDP Query User{ADCD5EF4-9DFD-42E0-859C-503BE9CA5208}C:\program files\wxmesgnet\wxmesgserver.exe] => (Allow) C:\program files\wxmesgnet\wxmesgserver.exe FirewallRules: [TCP Query User{321B1D18-1735-4F45-8C1B-A49E7E005CC9}C:\program files\wxmesgnet\wxmesgserver.exe] => (Allow) C:\program files\wxmesgnet\wxmesgserver.exe FirewallRules: [{4857F988-7C3B-48EE-B5A9-EFA0B1966DB5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{506B6B61-55B0-4C92-BFA9-FDF14D951A76}] => (Allow) LPort=61117 FirewallRules: [{8EB80D6C-800C-42C9-B0BF-A01DA97D703C}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe FirewallRules: [{CDED2A29-4F93-48C5-95AF-43CD977FD759}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{08FEB38A-2E2D-44E0-86C1-9BB6FC0A7181}] => (Allow) LPort=1900 FirewallRules: [{CF22DC10-22B0-42F3-9E37-B5CF11835C66}] => (Allow) LPort=2869 FirewallRules: [{3B928051-E670-41D3-AE89-769B7E53A938}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1A761EEC-3194-4E95-AD5B-7B531C0942F0}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{9C360F62-984D-4426-8739-B4648D1145D2}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{AFFBCCD6-1A04-4060-B6CD-616AC937742E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{ED79ED30-524F-4506-8391-3654FE7F07F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5086BC1B-3E83-4C87-94A9-BF2D314407E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2559BCD0-4F4F-4D0E-9920-60FE37BF98D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{632F7895-A080-4BFD-B637-2F19FB7927F8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{E4C52392-63A2-4CA8-9412-9060001B5290}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-04-2017 05:45:17 Windows Update 01-05-2017 10:50:48 Scheduled Checkpoint 05-05-2017 05:45:36 Windows Update 10-05-2017 06:05:46 Windows Update 11-05-2017 21:10:13 Installed iTunes 24-06-2017 22:52:17 before cleanup 25-06-2017 00:03:22 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 3 - 3B46 Description: Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 3 - 3B46 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/25/2017 06:18:56 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\fingerprint sensor\drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/25/2017 06:15:23 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL W3SVC. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (06/25/2017 06:15:19 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (06/25/2017 06:15:19 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (06/25/2017 06:15:19 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (06/25/2017 06:13:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: sttray.exe, version: 1.0.6286.0, time stamp: 0x4bf63f9a Faulting module name: sttray.exe, version: 1.0.6286.0, time stamp: 0x4bf63f9a Exception code: 0xc0000005 Fault offset: 0x000077eb Faulting process id: 0x2020 Faulting application start time: 0x01d2eda4220979d4 Faulting application path: C:\Program Files\IDT\WDM\sttray.exe Faulting module path: C:\Program Files\IDT\WDM\sttray.exe Report Id: 36f36187-7030-4fc7-9fb2-00024f2e506c Faulting package full name: Faulting package-relative application ID: Error: (06/25/2017 12:20:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15656 Error: (06/25/2017 12:20:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15656 Error: (06/25/2017 12:20:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/25/2017 12:07:05 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\fingerprint sensor\drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (06/25/2017 06:13:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/24/2017 10:56:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/24/2017 10:56:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/24/2017 10:56:27 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The tcsd_win32.exe service depends on the following service: TBS. This service might not be installed. Error: (06/24/2017 10:53:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The service did not start due to a logon failure. Error: (06/24/2017 10:53:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (06/24/2017 10:53:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\System32\bcmihvsrv.dll Error: (06/24/2017 10:53:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\System32\bcmihvsrv.dll Error: (06/24/2017 10:53:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\System32\bcmihvsrv.dll Error: (06/24/2017 10:53:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2017-06-24 15:56:57.291 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-11 10:43:06.574 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-10 10:52:07.001 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-09 10:43:07.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-09 04:53:35.759 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-08 04:54:33.406 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-06 10:43:05.651 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-05 10:44:05.522 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 10:43:03.599 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-03 10:43:02.964 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz Percentage of memory in use: 65% Total physical RAM: 2933.85 MB Available physical RAM: 998.86 MB Total Virtual: 5877.85 MB Available Virtual: 3861.9 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:220.7 GB) (Free:126.35 GB) NTFS Drive d: (USB DRIVE) (Removable) (Total:14.44 GB) (Free:13.77 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 77E3ED41) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=220.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.5 GB) (Disk ID: 235DFDDE) Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C) ==================== End of Addition.txt ============================
  13. Broni, I have ran the programs you always have me run on my sons dell laptop but wanted you to look at it anyway. It is running good again as jrt and adwcleaner found some things. I only wanted to use this laptop yesterday to log into his router to change some setting and it was so messed up I could not even do that. He does not use it much but it would be nice if I knew for certain all was good;. I did notice they are paying bills using this laptop so I guess for sure we need to check it. Here is the logs Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2017 01 Ran by grant (administrator) on DARK-PC (25-06-2017 06:34:37) Running from C:\Users\grant\Desktop Loaded Profiles: grant (Available Profiles: grant) Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTF27B.tmp (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Cisco) C:\Users\grant\AppData\Local\Charter\Charter TV Player\PCShowServerPMWrapper.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Intel Corporation) C:\Windows\System32\igfxext.exe () C:\Users\grant\AppData\Local\Charter\Charter TV Player\NDSPCShowServer.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [571736 2014-03-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-05-26] (IDT, Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-02] (Dell Inc.) HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.) HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation) HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions) HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] () HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft) HKLM\...\Run: [ddoctorv2] => C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [202560 2008-04-24] (SupportSoft, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-03-22] (Apple Inc.) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-15] (Google Inc.) HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\...\Run: [PCShowServerCHARTER] => C:\Users\grant\AppData\Local\Charter\Charter TV Player\PCShowServerPMWrapper.exe [1718792 2015-05-10] (Cisco) Lsa: [Authentication Packages] wvauth msv1_0 Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-01-06] ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2011-01-06] ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) GroupPolicy: Restriction ? <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 71.10.216.2 71.10.216.1 192.168.1.1 Tcpip\..\Interfaces\{a97b4ce2-dfd9-41e9-8f5b-708fcf154e02}: [DhcpNameServer] 71.10.216.2 71.10.216.1 192.168.1.1 Tcpip\..\Interfaces\{f2fbc485-dbf0-49aa-99ee-421365dd128f}: [DhcpNameServer] 71.10.216.2 71.10.216.1 Internet Explorer: ================== HKU\S-1-5-21-1466395940-1531427780-2725057850-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1 SearchScopes: HKLM -> {7928AB17-664C-4A57-9C66-9B7973A1B08A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security) BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll => No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-29] (Oracle Corporation) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-29] (Oracle Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) Toolbar: HKU\S-1-5-21-1466395940-1531427780-2725057850-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File FireFox: ======== FF ProfilePath: C:\Users\grant\AppData\Roaming\Mozilla\Firefox\Profiles\rqp60xc1.default-1498336098987 [2017-06-25] FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\rqp60xc1.default-1498336098987 -> Google FF Homepage: Mozilla\Firefox\Profiles\rqp60xc1.default-1498336098987 -> hxxp://www.google.com/ FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-24] () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-29] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default [2017-06-25] CHR Extension: (Google Drive) - C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (Google Docs Offline) - C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26] CHR Extension: (Chrome Media Router) - C:\Users\grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-24] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0267981498389114mcinstcleanup; C:\WINDOWS\TEMP\026798~1.EXE [1027864 2016-11-28] (McAfee, Inc.) R2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2010-05-26] (Andrea Electronics Corporation) [File not signed] R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [76120 2014-03-27] (Alps Electric Co., Ltd.) R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-05-10] (AuthenTec, Inc.) R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [114688 2009-11-04] (Broadcom Corporation) [File not signed] R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions) S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions) S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-12-20] (Microsoft Corporation) R2 sprtsvc_ddoctorv2; C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.) S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-26] (IDT, Inc.) [File not signed] S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed] R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1002472 2017-05-26] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [17992 2017-05-26] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [74816 2017-05-26] (McAfee, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271488 2017-04-27] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84920 2017-04-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM42RLY; C:\WINDOWS\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation) R1 bgdspdrv; C:\WINDOWS\system32\DRIVERS\bgdspdrv.sys [34896 2012-05-21] (Bomgar Corporation) S3 Blfp; C:\WINDOWS\system32\DRIVERS\basp.sys [85504 2009-10-15] (Broadcom Corporation) S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software) [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R1 MpKslc56a184d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2255461C-9A16-4332-860C-79338B011743}\MpKslc56a184d.sys [39168 2017-06-24] (Microsoft Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] () R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) S2 risdpcie; C:\WINDOWS\system32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC) R2 WavxDMgr; C:\WINDOWS\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.) [File not signed] S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-25 06:34 - 2017-06-25 06:35 - 00018135 _____ C:\Users\grant\Desktop\FRST.txt 2017-06-25 06:34 - 2017-06-25 06:34 - 01779712 _____ (Farbar) C:\Users\grant\Desktop\FRST.exe 2017-06-25 06:34 - 2017-06-25 06:34 - 00000000 ____D C:\FRST 2017-06-25 06:17 - 2017-06-25 06:18 - 02440704 _____ (Farbar) C:\Users\grant\Desktop\FRST64.exe 2017-06-25 06:15 - 2017-06-25 06:15 - 00000506 _____ C:\DelFix.txt 2017-06-25 06:14 - 2017-06-25 06:14 - 00000000 ____D C:\Users\grant\AppData\Local\CrashDumps 2017-06-25 00:02 - 2017-06-25 00:02 - 00003922 _____ C:\Users\grant\Desktop\rk_5DCB.tmp.txt 2017-06-24 22:59 - 2017-06-25 00:02 - 00000000 ____D C:\ProgramData\RogueKiller 2017-06-24 22:59 - 2017-06-24 22:59 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-06-24 22:59 - 2017-06-24 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-06-24 22:59 - 2017-06-24 22:59 - 00000000 ____D C:\Program Files\RogueKiller 2017-06-24 15:28 - 2017-06-24 15:28 - 00000000 ____D C:\Users\grant\Desktop\Old Firefox Data ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-25 06:15 - 2013-08-21 20:32 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-25 06:14 - 2013-02-14 13:27 - 00000000 _____ C:\Users\grant\AppData\Local\WavXMapDrive.bat 2017-06-25 06:13 - 2016-06-22 11:44 - 00000000 ____D C:\Program Files\TrueKey 2017-06-25 06:12 - 2016-06-22 11:54 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2017-06-25 06:12 - 2016-06-22 11:54 - 00001230 _____ C:\Users\Public\Desktop\True Key.lnk 2017-06-25 06:11 - 2016-06-22 11:52 - 00000000 ____D C:\Program Files\McAfee 2017-06-25 00:19 - 2013-02-19 17:34 - 130903960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-25 00:19 - 2011-01-06 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-25 00:19 - 2011-01-06 17:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-25 00:17 - 2016-07-16 03:19 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-25 00:12 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-06-24 23:02 - 2016-02-03 18:57 - 02899282 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-24 22:57 - 2011-01-06 17:17 - 00000000 ____D C:\ProgramData\Sonic 2017-06-24 22:56 - 2016-12-20 10:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-24 22:56 - 2014-01-11 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-06-24 22:53 - 2016-07-15 21:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-06-24 22:47 - 2015-11-09 16:42 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-06-24 22:31 - 2016-07-16 03:29 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-24 22:31 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-24 22:15 - 2015-08-16 15:04 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-24 16:13 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-24 15:56 - 2016-12-20 09:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-24 15:41 - 2013-08-26 17:28 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-06-24 15:41 - 2013-08-26 17:28 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-06-24 15:36 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-06-24 15:36 - 2013-02-20 20:27 - 00000000 ____D C:\Users\grant\AppData\Local\Adobe 2017-06-24 15:35 - 2015-08-01 10:43 - 00002408 _____ C:\Users\grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-06-24 15:35 - 2015-08-01 10:43 - 00000000 ___RD C:\Users\grant\OneDrive 2017-06-24 15:32 - 2011-01-24 13:13 - 00456360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-06-03 01:36 - 2016-07-16 03:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2017-06-03 01:36 - 2016-07-16 03:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2013-11-16 13:50 - 2015-06-27 18:18 - 0137592 _____ () C:\Users\grant\AppData\Local\av.log 2015-03-02 21:34 - 2015-03-02 21:46 - 0004608 _____ () C:\Users\grant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-14 13:27 - 2017-06-25 06:14 - 0000000 _____ () C:\Users\grant\AppData\Local\WavXMapDrive.bat Some files in TEMP: ==================== 2017-06-24 22:59 - 2016-11-11 02:59 - 1586736 _____ (Microsoft Corporation) C:\Users\grant\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-24 15:56 ==================== End of FRST.txt ============================
  14. Word 2007 question on windows 10

    My son got it done for me. He asked me save a word file to my documents and see if the lock showed. It didn't show there. He had me go to the C drive and then user and find desktop. Under desktop I right clicked and it showed something about ownership. I clicked that and word did something that was going across my screen and in a few minutes it was complete and now no more locks show up when I save my word documents to my desktop. Thanks . Tom
  15. Word 2007 question on windows 10

    That did not apply to my problem Shay I don't think anyway :) Let me start over When I now open a word document and type something and save to my desktop I see the lock on the top right of documents. None of my older saved documents have this. I can right click on the new document and under file ownership I see file ownership. I hold my mouse over file ownership and I see a little lock with it open. I can just click personal and it is gone and don't show back up no matter how I add to the document. It never did this before Saturday when I was trying to secure a PDF document where only me could see it. I should have never messed with it to begin with. Just wondering what setting I changed to have caused this. Like I mentioned I have many old word documents that were made before I did this that do not have the lock on them and when you right click on those you will not see the option for file ownership. I probably have all confused on this and it is no big deal but just annoying to me :(