Jump to content

oldtrig

Members
  • Content count

    1,193
  • Joined

  • Last visited

About oldtrig

  • Rank
    Member
  • Birthday 08/22/1947
  • Age 70

Profile Information

  • Gender
    Male
  • Interests
    Computers, welding, old cars , and playing golf when the weather is nice :)
  • OS
    Windows 10
  • Computer specs
    Intel Core i5 6500 - Gigabyte Technology Co. Ltd.
    Model H170-D3HP-CF (U3E1)
    S27D390 on AMD Radeon R7 200 Series Video Card
    Windows 10 Pro 64-bit
    Crucial Solid State Drive Capacity 232 GB
  • Age 70

Profile Fields

  • Country
  • Age 70

Recent Profile Visitors

4,225 profile views
  1. I didn't know until last week that some Dell laptops and probably desktops with windows 8.1 and 10 were shipped without a Microsoft Product ID tag on them. I found out the hard way. I had used the Dell Data Safe program to make an image because the laptop was having so many issues. I used the DVD route thinking all would be OK. None of the keys I would hit during boot up would take me to the hidden partition so I was hoping this would work. I got half way though disk two and got an error. I tried cleaning the disk and no go. Now the operating system was trash and I had no product ID to install windows with. I then discovered that Dell supplies the operating system on their website for windows8.1, 10 and Linux if you have the original service tag. You download it from a working PC and away you go. I used an 8 gig USB thumb drive to do this with. Better back up anything before you do this if possible. In some cases you may even have to remove the HD and slave it to a working computer to do the backups. At least I did. Maybe all already knew this but I didn't. Hope it can help someone one day as it did me. You will have to go to the dell website and download drivers after it completes the process. Here ya go :) Only works on Dell computers and no activation required. http://www.dell.com/support/home/ba/en/badhs1/Drivers/OSISO/recoverytool
  2. Running great again Broni thanks to you. I really appreciate you helping with this laptop. I know my daughter in law thanks you also. Tom :) :)
  3. Farbar Service Scanner Version: 27-01-2016 Ran by Jean (administrator) on 03-03-2018 at 12:31:44 Running from "C:\Users\Jean\Desktop" Microsoft Windows 8.1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"". Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  4. Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Malwarebytes McAfee VirusScan Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  5. Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018 Ran by Jean (02-03-2018 20:03:20) Run:1 Running from C:\Users\Jean\Desktop Loaded Profiles: Jean (Available Profiles: Jean) Boot Mode: Normal ============================================== fixlist content: ***************** SearchScopes: HKU\S-1-5-21-1156205828-983869236-2419336164-1002 -> {13D8948E-F95C-4E18-A19B-0B0C6A363FD2} URL = U3 mfeavfk01; no ImagePath 2014-11-21 17:12 - 2014-11-21 17:12 - 032372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-12-03 17:47 - 2014-12-03 17:47 - 000467968 _____ (Realtek Semiconductor Corp.) C:\Users\Jean\AppData\Local\Temp\COMAP.EXE 2018-03-01 10:45 - 2017-08-11 17:58 - 001737600 _____ (Microsoft Corporation) C:\Users\Jean\AppData\Local\Temp\dllnt_dump.dll AlternateDataStreams: C:\Syst624C173E:$WIMMOUNTDATA [418] ***************** "HKU\S-1-5-21-1156205828-983869236-2419336164-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13D8948E-F95C-4E18-A19B-0B0C6A363FD2}" => removed successfully HKLM\Software\Classes\CLSID\{13D8948E-F95C-4E18-A19B-0B0C6A363FD2} => key not found mfeavfk01 => service not found. C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully "C:\Users\Jean\AppData\Local\Temp\COMAP.EXE" => not found "C:\Users\Jean\AppData\Local\Temp\dllnt_dump.dll" => not found C:\Syst624C173E => ":$WIMMOUNTDATA" ADS removed successfully ==== End of Fixlog 20:03:26 ====
  6. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018 Ran by Jean (02-03-2018 17:41:15) Running from C:\Users\Jean\Desktop Windows 8.1 (Update) (X64) (2014-11-21 22:34:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1156205828-983869236-2419336164-500 - Administrator - Disabled) Guest (S-1-5-21-1156205828-983869236-2419336164-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1156205828-983869236-2419336164-1004 - Limited - Enabled) Jean (S-1-5-21-1156205828-983869236-2419336164-1002 - Administrator - Enabled) => C:\Users\Jean reaga_000 (S-1-5-21-1156205828-983869236-2419336164-1005 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{985A3D13-F551-0AAB-F505-BA9A498AA8AA}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version: - ) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.2.0 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) LACE (HKLM-x32\...\LACEv2) (Version: - ) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R7 - McAfee, Inc.) McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla) OEM Application Profile (HKLM-x32\...\{4AA8C8A9-FEE7-5FD6-FCCA-4A89CC9EC9D3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8083 - Realtek Semiconductor Corp.) RogueKiller version 12.12.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.6.0 - Adlice Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2014-01-08] (Qualcomm®Atheros®) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (Cyberlink) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-12-21] (McAfee, Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (Cyberlink) ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2014-01-08] (Qualcomm®Atheros®) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-02-13] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-12-21] (McAfee, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A5C2899-5519-4051-B9CC-888D532C7FDC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.) Task: {44C7DCB2-EAAE-41B8-95BF-517DBF27DEC6} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe] Task: {5FF42390-3E44-44CD-83C3-834050582F37} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {6EBC90B9-705B-4E20-9C08-A180516EB5BB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.) Task: {727E929F-2752-4F4C-8BFE-6BC2DBC69A1A} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] () Task: {7B97CC10-E289-49BB-9333-AB9D50966940} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-13] (Synaptics Incorporated) Task: {7C7B1335-26B8-4AD0-9F10-EBEF042A3088} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc) Task: {9AB83C76-9C47-41F8-923B-19572F851929} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.) Task: {B4683B7F-6205-4887-B915-3A71570CD0DC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.) Task: {BAD3D337-E46F-4003-99EB-39371B2691E7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {BEA9C093-B15E-4D5B-8CB1-5DF31E50BEE2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {C3BDDA9B-2B81-427A-AE61-FA644FC6D09E} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] () Task: {D4D81CB9-228E-4710-97A9-19D4D0FFB81C} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {E48B00A9-C23C-4A8F-B24D-81106FBFDDC0} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {EAB56AFE-09F4-409B-A104-41B579DD8E11} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {F3C38C70-5656-40FF-9A56-661D6AD29C43} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-11-23] (McAfee, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-02-13 08:15 - 2014-02-13 08:15 - 000127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-08-22 12:40 - 2013-08-22 12:40 - 000016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe 2018-03-01 17:33 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-01 17:33 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-08-03 08:05 - 2017-12-21 10:53 - 001724384 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll 2017-08-03 08:05 - 2017-12-21 10:53 - 000584104 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll 2014-01-08 02:00 - 2014-01-08 02:00 - 000011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-01-08 01:58 - 2014-01-08 01:58 - 000086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-01-08 02:03 - 2014-01-08 02:03 - 000012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2014-02-13 08:15 - 2014-02-13 08:15 - 000102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2017-11-08 07:48 - 2016-12-21 10:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll 2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2014-05-31 03:40 - 2013-03-04 21:40 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-02-26 10:07 - 2015-02-09 09:14 - 001905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2014-05-31 03:58 - 2012-11-25 23:19 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-02-26 10:07 - 2014-02-18 12:12 - 000117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Syst624C173E:$WIMMOUNTDATA [418] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1156205828-983869236-2419336164-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg DNS Servers: 71.10.216.2 - 71.10.216.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1998E854-7953-4224-97F4-659CD09EC730}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe FirewallRules: [{FF34FEE1-6595-405E-8DEA-BF2673901D07}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe FirewallRules: [{15C0B070-A6DC-42F0-8B9E-BE54FBA5EE8B}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe FirewallRules: [{96612535-D79D-45EC-AA89-772EAB20E324}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{DF14BD28-3FC1-4F10-84F0-EBC2D1E789B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{4DF4A852-10DC-47A3-9BE7-468CDC3CFBB0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{4E937431-2836-413B-9854-9A8616C836A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{BCDEC305-2453-45E7-9DDD-AF614A8E2A19}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{1F6E6182-849E-4159-8E39-E15436387413}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{1E2E1489-18F3-434B-9BF4-189E45938290}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe FirewallRules: [{9D24631D-84E2-421D-BFC7-F5D32D45FBE8}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe FirewallRules: [{10B66504-A8F2-4B7B-B794-453B6C86FEE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F12BB334-106F-4E4D-906F-82D1C75442F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 10-01-2018 09:31:20 Windows Update 01-03-2018 13:40:19 Windows Update 01-03-2018 17:41:24 malware ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/01/2018 06:04:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WerFault.exe, version: 6.3.9600.17415, time stamp: 0x54503815 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18790, time stamp: 0x598d1b42 Exception code: 0xc0000142 Fault offset: 0x0009d4c2 Faulting process id: 0x1404 Faulting application start time: 0x01d3b1ba1679b2b5 Faulting application path: C:\Windows\SysWOW64\WerFault.exe Faulting module path: KERNELBASE.dll Report Id: 563eb4d2-1dad-11e8-82dc-645a045db8fd Faulting package full name: Faulting package-relative application ID: Error: (03/01/2018 12:00:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19 Faulting module name: uxtheme.dll, version: 6.3.9600.17415, time stamp: 0x54503957 Exception code: 0xc0000005 Fault offset: 0x000322ff Faulting process id: 0x2274 Faulting application start time: 0x01d3b18722d8f970 Faulting application path: C:\Windows\ERUNT.exe Faulting module path: C:\Windows\system32\uxtheme.dll Report Id: 61c98167-1d7a-11e8-82d8-645a045db8fd Faulting package full name: Faulting package-relative application ID: Error: (03/01/2018 11:42:01 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/01/2018 11:42:01 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/01/2018 11:41:45 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/01/2018 11:41:45 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (02/28/2018 05:34:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 6.3.9600.18264, time stamp: 0x56e1bc63 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xc0000005 Fault offset: 0x00000000000095fc Faulting process id: 0x114 Faulting application start time: 0x01d3b0eca632a3a1 Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: e4186800-1cdf-11e8-82d5-645a045db8fd Faulting package full name: Faulting package-relative application ID: Error: (02/28/2018 05:17:16 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY) Description: McShield failed to start because it is not trusted. Error Code:a7f40905 System errors: ============= Error: (03/02/2018 05:40:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: Incorrect function. Error: (03/01/2018 06:20:55 PM) (Source: DCOM) (EventID: 10010) (User: house) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (03/01/2018 06:02:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll Error: (03/01/2018 06:02:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll Error: (03/01/2018 06:02:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll Error: (03/01/2018 06:01:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Customer Connect service terminated unexpectedly. It has done this 1 time(s). Error: (03/01/2018 06:01:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/01/2018 06:01:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Wyse PocketCloud service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Windows Defender: =================================== Date: 2015-04-06 08:26:04.135 Description: Windows Defender scan has been stopped before completion. Scan ID: {04E406F5-BC69-4CA0-A54F-CE3C1BA3F981} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2016-11-14 17:21:25.695 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.231.1361.0 Previous Signature Version: 1.195.2073.0 Update Source: User Signature Type: AntiSpyware Update Type: Full Current Engine Version: 1.1.13202.0 Previous Engine Version: 1.1.11502.0 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2016-11-14 17:21:25.695 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.231.1361.0 Previous Signature Version: 1.195.2073.0 Update Source: User Signature Type: AntiVirus Update Type: Full Current Engine Version: 1.1.13202.0 Previous Engine Version: 1.1.11502.0 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2016-11-14 17:21:25.695 Description: Windows Defender has encountered an error trying to update the engine. New Engine Version: 1.1.13202.0 Previous Engine Version: 1.1.11502.0 Error Code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2016-11-08 08:45:44.985 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Signature Type: Update Type: Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2016-11-08 08:45:24.489 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.2073.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.11502.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. ==================== Memory info =========================== Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics Percentage of memory in use: 37% Total physical RAM: 7096.56 MB Available physical RAM: 4446.11 MB Total Virtual: 8248.56 MB Available Virtual: 5272.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.83 GB) (Free:856.02 GB) NTFS Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.29 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:11.29 GB) (Free:0.72 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================
  7. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2018 Ran by Jean (administrator) on HOUSE (02-03-2018 17:38:42) Running from C:\Users\Jean\Desktop Loaded Profiles: Jean (Available Profiles: Jean) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9199104 2017-03-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-10] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-02-13] (Advanced Micro Devices, Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-11-21] ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 71.10.216.2 71.10.216.1 192.168.1.1 Tcpip\..\Interfaces\{3A69891F-B953-4D00-967B-C3000C03A028}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EB0DF0C3-F7BC-4BBA-AEBE-C29B7A8F6A8D}: [DhcpNameServer] 71.10.216.2 71.10.216.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1156205828-983869236-2419336164-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-1156205828-983869236-2419336164-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1156205828-983869236-2419336164-1002 -> DefaultScope {CB31F241-31C5-4BEF-BB48-ECC55BCC9080} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20160214&p={searchTerms} SearchScopes: HKU\S-1-5-21-1156205828-983869236-2419336164-1002 -> {13D8948E-F95C-4E18-A19B-0B0C6A363FD2} URL = SearchScopes: HKU\S-1-5-21-1156205828-983869236-2419336164-1002 -> {CB31F241-31C5-4BEF-BB48-ECC55BCC9080} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20160214&p={searchTerms} BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-11-21] (McAfee) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.) BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-11-21] (McAfee) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-11-21] (McAfee) Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-11-21] (McAfee) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-12-21] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-12-21] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: 1tuon8hw.default FF ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\1tuon8hw.default [2018-03-02] FF Homepage: Mozilla\Firefox\Profiles\1tuon8hw.default -> yahoo.com FF Extension: (Adblock Plus) - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\1tuon8hw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-03-01] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-03-01] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-02-28] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-12-21] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-12-21] () Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-13] (Advanced Micro Devices, Inc.) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed] S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-12-13] (McAfee, Inc.) S4 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728808 2017-12-20] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-29] (McAfee LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-29] (McAfee LLC) R2 mfevtp; C:\Windows\system32\mfevtps.exe [466384 2017-09-29] (McAfee LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2017-03-10] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] () R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.) R1 amdpsp; C:\Windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. ) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77280 2017-10-19] (McAfee LLC) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] () S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-03-01] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-03-01] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-03-01] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-01] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-03-01] (Malwarebytes) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [492512 2017-10-19] (McAfee LLC) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [355808 2017-10-19] (McAfee LLC) U3 mfeavfk01; no ImagePath S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [84016 2017-10-19] (McAfee LLC) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [506336 2017-10-19] (McAfee LLC) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [938464 2017-10-19] (McAfee LLC) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [507304 2017-11-15] (McAfee LLC.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108456 2017-11-15] (McAfee LLC.) R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [115168 2017-10-19] (McAfee LLC) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252896 2017-10-19] (McAfee LLC) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-03-01] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-02 17:38 - 2018-03-02 17:39 - 000016637 _____ C:\Users\Jean\Desktop\FRST.txt 2018-03-02 17:37 - 2018-03-02 17:37 - 000000000 ___RD C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2018-03-01 17:54 - 2018-03-01 18:01 - 000000000 ____D C:\AdwCleaner 2018-03-01 17:34 - 2018-03-01 21:06 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-03-01 17:34 - 2018-03-01 18:03 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-03-01 17:34 - 2018-03-01 18:03 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-03-01 17:34 - 2018-03-01 17:34 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-03-01 17:33 - 2018-03-01 17:33 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-03-01 17:33 - 2018-03-01 17:33 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-01 17:33 - 2018-03-01 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-01 17:33 - 2018-03-01 17:33 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-01 17:33 - 2018-03-01 17:33 - 000000000 ____D C:\Program Files\Malwarebytes 2018-03-01 17:33 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-03-01 17:32 - 2018-03-01 17:32 - 008222496 _____ (Malwarebytes) C:\Users\Jean\Desktop\AdwCleaner.exe 2018-03-01 17:31 - 2018-03-01 17:32 - 067456464 _____ (Malwarebytes ) C:\Users\Jean\Desktop\mb3-setup-exp89ctrl.exp89ctrl-3.3.1.2183-1.0.262-1.0.4030.exe 2018-03-01 12:12 - 2018-03-01 12:12 - 000002090 _____ C:\Users\Public\Desktop\SupportAssist.lnk 2018-03-01 12:12 - 2018-03-01 12:12 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows 2018-03-01 12:11 - 2018-03-01 12:11 - 000000000 ____D C:\Program Files\Dell Support Center 2018-03-01 12:00 - 2018-03-02 17:38 - 000000000 ____D C:\FRST 2018-03-01 11:59 - 2018-03-01 11:59 - 002403840 _____ (Farbar) C:\Users\Jean\Desktop\FRST64.exe 2018-03-01 10:45 - 2018-03-01 11:52 - 000000000 ____D C:\ProgramData\RogueKiller 2018-03-01 10:45 - 2018-03-01 10:45 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-03-01 10:45 - 2018-03-01 10:45 - 000000872 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-03-01 10:45 - 2018-03-01 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-03-01 10:44 - 2018-03-01 10:45 - 000000000 ____D C:\Program Files\RogueKiller 2018-03-01 10:44 - 2018-03-01 10:44 - 036465728 _____ (Adlice Software ) C:\Users\Jean\Downloads\setup.exe 2018-03-01 10:33 - 2018-03-02 17:36 - 000000000 ____D C:\Users\Jean\AppData\LocalLow\Mozilla 2018-03-01 10:33 - 2018-03-01 10:35 - 000000000 ____D C:\Users\Jean\AppData\Local\Mozilla 2018-03-01 10:33 - 2018-03-01 10:33 - 000000000 ____D C:\Users\Jean\AppData\Roaming\Mozilla 2018-03-01 10:32 - 2018-03-01 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-03-01 10:32 - 2018-03-01 10:32 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-03-01 10:32 - 2018-03-01 10:32 - 000000938 _____ C:\Users\Public\Desktop\Firefox.lnk 2018-03-01 10:32 - 2018-03-01 10:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-03-01 10:31 - 2018-03-01 10:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-01 21:03 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf 2018-03-01 20:11 - 2014-11-21 16:41 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1156205828-983869236-2419336164-1002 2018-03-01 20:07 - 2014-05-31 03:57 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2018-03-01 18:05 - 2014-11-27 14:51 - 000000000 ____D C:\Users\Jean\AppData\Local\CrashDumps 2018-03-01 18:02 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-01 18:02 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-03-01 17:44 - 2014-05-31 03:52 - 000000000 ____D C:\Program Files (x86)\Amazon 2018-03-01 17:25 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp 2018-03-01 15:14 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\rescache 2018-03-01 15:10 - 2015-07-22 16:55 - 000003308 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare) 2018-03-01 14:25 - 2014-11-26 09:23 - 000000000 ____D C:\Windows\system32\MRT 2018-03-01 14:23 - 2017-10-23 07:45 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-03-01 14:23 - 2014-11-26 09:23 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-03-01 13:41 - 2017-12-03 08:35 - 000003068 _____ C:\Windows\System32\Tasks\McAfeeLogon 2018-03-01 13:33 - 2016-03-01 11:58 - 000000136 _____ C:\Windows\ODBC.INI 2018-03-01 13:27 - 2014-11-21 16:39 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{34E9AAEC-F4DD-48C5-8513-50D1E4267256} 2018-03-01 12:12 - 2014-05-31 03:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2018-03-01 11:52 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-01 11:52 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\AppReadiness 2018-03-01 11:41 - 2013-08-22 09:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-03-01 10:34 - 2014-05-31 03:17 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-01 10:19 - 2014-11-21 16:35 - 000000000 ____D C:\Users\Jean 2018-02-28 17:26 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\ELAM 2018-02-28 17:19 - 2015-07-05 09:57 - 000000000 ____D C:\Windows\System32\Tasks\McAfee 2018-02-14 09:06 - 2014-11-21 17:05 - 000000000 ____D C:\Program Files\Common Files\McAfee 2018-02-14 08:46 - 2013-08-22 09:36 - 000000000 ___HD C:\Windows\ELAMBKUP 2018-02-05 14:38 - 2017-09-28 08:16 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-02-05 14:38 - 2017-09-28 08:16 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-11-21 17:12 - 2014-11-21 17:12 - 032372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe Some files in TEMP: ==================== 2014-12-03 17:47 - 2014-12-03 17:47 - 000467968 _____ (Realtek Semiconductor Corp.) C:\Users\Jean\AppData\Local\Temp\COMAP.EXE 2018-03-01 10:45 - 2017-08-11 17:58 - 001737600 _____ (Microsoft Corporation) C:\Users\Jean\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-01 13:40 ==================== End of FRST.txt ============================
  8. Ok, thanks. She was still using internet explorer. I have now installed firefox and told her to stay away from IE 11. Back with scan log in a minute. Tom
  9. Did you see anything that was bad? I don't hear the man saying her computer is infected now since I ran all the programs . Thanks. Tom
  10. # AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 02 00:01:56 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 8.1 (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|c:\Program Files (x86)\Amazon\Amazon1ButtonApp\ ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1608 B] - [2018/3/1 23:58:59] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
  11. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/1/18 Scan Time: 5:34 PM Log File: 1c7a749e-1da9-11e8-bce2-645a045db8fd.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4162 License: Trial -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: house\Jean -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 248163 Threats Detected: 51 Threats Quarantined: 51 Time Elapsed: 5 min, 43 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 16 PUP.Optional.Amazon1Button, HKU\S-1-5-21-1156205828-983869236-2419336164-1002\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, Quarantined, [837], [441167],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, Quarantined, [837], [441168],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}, Quarantined, [837], [493347],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{983410CC-D399-401D-BEC8-3F6623B5E8BD}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BC87ADED-E2FC-4B7E-B21B-F2578F51D78E}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{983410CC-D399-401D-BEC8-3F6623B5E8BD}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BC87ADED-E2FC-4B7E-B21B-F2578F51D78E}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}, Quarantined, [837], [456680],1.0.4162 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}, Quarantined, [837], [456680],1.0.4162 Registry Value: 3 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|AMAZON1BUTTONTASKBARAPP.EXE, Quarantined, [837], [493348],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [14769], [-1],0.0.0 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [14769], [-1],0.0.0 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 12 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-CA, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-GB, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-US, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ja-JP, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\zh-CN, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\de, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\es, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\fr, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\it, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Quarantined, [14769], [464595],1.0.4162 File: 20 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\de\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-CA\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-GB\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-US\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\es\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\fr\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\it\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ja-JP\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\amazon-favicon.ico, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_ca_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_cn_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_co-jp_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_co-uk_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_com_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_de_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_es_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_fr_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_it_logo.png, Quarantined, [14769], [464595],1.0.4162 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\zh-CN\Amazon1ButtonUpdater.resources.dll, Quarantined, [14769], [464595],1.0.4162 Physical Sector: 0 (No malicious items detected) (end)
  12. RogueKiller V12.12.6.0 (x64) [Feb 26 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : Jean [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 03/01/2018 10:45:52 (Duration : 00:56:15) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 5 ¤¤¤ [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6} -> Not selected [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1156205828-983869236-2419336164-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Not selected [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1156205828-983869236-2419336164-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Not selected [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1156205828-983869236-2419336164-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Not selected [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1156205828-983869236-2419336164-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Not selected ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 4 ¤¤¤ [PUP.Gen1][File] C:\Users\Jean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk [LNK@] C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~1.EXE -> Deleted [PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk [LNK@] C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~1.EXE -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp -> Removed at reboot [91] [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonUpdater.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonUpdater.exe.config -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonUpdateTask.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIEManaged.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\CommandLine.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\CommandLine.xml -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\de -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-CA -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-GB -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-US -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\es -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\fr -> ERROR [5] [PUP.Gen1][File] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\InstallAction.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\it -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ja-JP -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Amazon\Amazon1ButtonApp\zh-CN -> ERROR [5] [PUP.AutoIt.Gen][File] C:\Program Files (x86)\Dell Backup and Recovery\QTtool Lite.exe -> Deleted ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000LM024 HN-M SATA Disk Device +++++ --- User --- [MBR] f206e1d21fccdd55ca85f03ab7e83c1a [BSP] 06504993e7376a4db818f2cdfed71d79 : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB 1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB 3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB 4 - Basic data partition | Offset (sectors): 2906112 | Size: 940886 MB 5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1929840640 | Size: 11563 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++ --- User --- [MBR] 5b3ed819e79bf5661c3dabc423ecd7d6 [BSP] 335da733900015fb0be4195b46ec303d : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 14798 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  13. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018 Ran by Jean (01-03-2018 12:09:02) Running from C:\Users\Jean\Desktop Windows 8.1 (Update) (X64) (2014-11-21 22:34:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1156205828-983869236-2419336164-500 - Administrator - Disabled) Guest (S-1-5-21-1156205828-983869236-2419336164-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1156205828-983869236-2419336164-1004 - Limited - Enabled) Jean (S-1-5-21-1156205828-983869236-2419336164-1002 - Administrator - Enabled) => C:\Users\Jean reaga_000 (S-1-5-21-1156205828-983869236-2419336164-1005 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION AMD Catalyst Install Manager (HKLM\...\{985A3D13-F551-0AAB-F505-BA9A498AA8AA}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version: - ) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.2.0 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) LACE (HKLM-x32\...\LACEv2) (Version: - ) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R7 - McAfee, Inc.) McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla) OEM Application Profile (HKLM-x32\...\{4AA8C8A9-FEE7-5FD6-FCCA-4A89CC9EC9D3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8083 - Realtek Semiconductor Corp.) RogueKiller version 12.12.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.6.0 - Adlice Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2014-01-08] (Qualcomm®Atheros®) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (Cyberlink) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-12-21] (McAfee, Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (Cyberlink) ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2014-01-08] (Qualcomm®Atheros®) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-02-13] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-12-21] (McAfee, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A5C2899-5519-4051-B9CC-888D532C7FDC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.) Task: {2176C568-15D9-4E98-922B-6995F96D2BC3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.) Task: {44C7DCB2-EAAE-41B8-95BF-517DBF27DEC6} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe] Task: {5FF42390-3E44-44CD-83C3-834050582F37} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {6EBC90B9-705B-4E20-9C08-A180516EB5BB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.) Task: {727E929F-2752-4F4C-8BFE-6BC2DBC69A1A} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] () Task: {7B97CC10-E289-49BB-9333-AB9D50966940} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-13] (Synaptics Incorporated) Task: {7C7B1335-26B8-4AD0-9F10-EBEF042A3088} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc) Task: {9AB83C76-9C47-41F8-923B-19572F851929} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe Task: {BAD3D337-E46F-4003-99EB-39371B2691E7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {BEA9C093-B15E-4D5B-8CB1-5DF31E50BEE2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {C23FF948-878F-41AC-A9B3-961E8F5B1E91} - System32\Tasks\BundleApplicationRepairToolLauncherTask => C:\Users\Jean\AppData\Roaming\PCDr\Repair\BundleApplicationRepairTool.exe [2017-11-08] () Task: {C3BDDA9B-2B81-427A-AE61-FA644FC6D09E} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] () Task: {D4D81CB9-228E-4710-97A9-19D4D0FFB81C} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {E48B00A9-C23C-4A8F-B24D-81106FBFDDC0} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {EAB56AFE-09F4-409B-A104-41B579DD8E11} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {F3C38C70-5656-40FF-9A56-661D6AD29C43} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-11-23] (McAfee, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-02-13 08:15 - 2014-02-13 08:15 - 000127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-08-22 12:40 - 2013-08-22 12:40 - 000016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe 2017-08-03 08:05 - 2017-12-21 10:53 - 001724384 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll 2017-08-03 08:05 - 2017-12-21 10:53 - 000584104 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll 2014-01-08 02:00 - 2014-01-08 02:00 - 000011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-01-08 01:58 - 2014-01-08 01:58 - 000086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-01-08 02:03 - 2014-01-08 02:03 - 000012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2014-02-13 08:15 - 2014-02-13 08:15 - 000102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2017-08-08 08:31 - 2017-11-08 08:01 - 000625024 ____N () C:\Users\Jean\AppData\Roaming\PCDr\Repair\BundleApplicationRepairTool.exe 2017-11-08 07:48 - 2016-12-21 10:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll 2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2014-05-31 03:40 - 2013-03-04 21:40 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2018-03-01 11:51 - 2018-03-01 11:51 - 000011264 _____ () C:\Users\Jean\AppData\Local\Temp\nsi7BA2.tmp\System.dll 2018-03-01 11:51 - 2018-03-01 11:51 - 000006144 _____ () C:\Users\Jean\AppData\Local\Temp\nsi7BA2.tmp\nsExec.dll 2018-03-01 11:52 - 2018-03-01 11:52 - 000011264 _____ () C:\Users\Jean\AppData\Local\Temp\nskB134.tmp\System.dll 2018-03-01 11:54 - 2018-03-01 11:54 - 000011264 _____ () C:\Users\Jean\AppData\Local\Temp\nsx5C05.tmp\System.dll 2018-03-01 11:54 - 2018-03-01 11:54 - 000004608 _____ () C:\Users\Jean\AppData\Local\Temp\nsx5C05.tmp\nsProcess.dll 2015-02-26 10:07 - 2015-02-09 09:14 - 001905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2014-05-31 03:58 - 2012-11-25 23:19 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-02-26 10:07 - 2014-02-18 12:12 - 000117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Syst624C173E:$WIMMOUNTDATA [418] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1156205828-983869236-2419336164-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg DNS Servers: 71.10.216.2 - 71.10.216.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1998E854-7953-4224-97F4-659CD09EC730}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe FirewallRules: [{FF34FEE1-6595-405E-8DEA-BF2673901D07}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe FirewallRules: [{15C0B070-A6DC-42F0-8B9E-BE54FBA5EE8B}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe FirewallRules: [{96612535-D79D-45EC-AA89-772EAB20E324}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{DF14BD28-3FC1-4F10-84F0-EBC2D1E789B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{4DF4A852-10DC-47A3-9BE7-468CDC3CFBB0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{4E937431-2836-413B-9854-9A8616C836A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{BCDEC305-2453-45E7-9DDD-AF614A8E2A19}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{1F6E6182-849E-4159-8E39-E15436387413}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{1E2E1489-18F3-434B-9BF4-189E45938290}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe FirewallRules: [{9D24631D-84E2-421D-BFC7-F5D32D45FBE8}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe FirewallRules: [{10B66504-A8F2-4B7B-B794-453B6C86FEE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F12BB334-106F-4E4D-906F-82D1C75442F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 23-10-2017 07:43:29 Windows Update 03-11-2017 10:42:58 Installed Realtek High Definition Audio Driver 08-12-2017 10:03:50 Windows Update 10-01-2018 09:31:20 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/01/2018 12:00:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19 Faulting module name: uxtheme.dll, version: 6.3.9600.17415, time stamp: 0x54503957 Exception code: 0xc0000005 Fault offset: 0x000322ff Faulting process id: 0x2274 Faulting application start time: 0x01d3b18722d8f970 Faulting application path: C:\Windows\ERUNT.exe Faulting module path: C:\Windows\system32\uxtheme.dll Report Id: 61c98167-1d7a-11e8-82d8-645a045db8fd Faulting package full name: Faulting package-relative application ID: Error: (03/01/2018 11:42:01 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/01/2018 11:42:01 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/01/2018 11:41:45 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/01/2018 11:41:45 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (02/28/2018 05:34:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 6.3.9600.18264, time stamp: 0x56e1bc63 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xc0000005 Fault offset: 0x00000000000095fc Faulting process id: 0x114 Faulting application start time: 0x01d3b0eca632a3a1 Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: e4186800-1cdf-11e8-82d5-645a045db8fd Faulting package full name: Faulting package-relative application ID: Error: (02/28/2018 05:17:16 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY) Description: McShield failed to start because it is not trusted. Error Code:a7f40905 Error: (02/28/2018 05:17:16 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY) Description: Failed to load a dependant module. Error Code:a7f42003 System errors: ============= Error: (03/01/2018 11:17:16 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (03/01/2018 10:20:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell Digital Delivery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/01/2018 10:20:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect. Error: (03/01/2018 10:17:31 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:38:26 PM on ‎2/‎28/‎2018 was unexpected. Error: (02/28/2018 05:39:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: Incorrect function. Error: (02/28/2018 05:36:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: The service has not been started. Error: (02/28/2018 05:26:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. Error: (02/28/2018 05:24:17 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:11:36 PM on ‎2/‎28/‎2018 was unexpected. Windows Defender: =================================== Date: 2015-04-06 08:26:04.135 Description: Windows Defender scan has been stopped before completion. Scan ID: {04E406F5-BC69-4CA0-A54F-CE3C1BA3F981} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2016-11-14 17:21:25.695 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.231.1361.0 Previous Signature Version: 1.195.2073.0 Update Source: User Signature Type: AntiSpyware Update Type: Full Current Engine Version: 1.1.13202.0 Previous Engine Version: 1.1.11502.0 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2016-11-14 17:21:25.695 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.231.1361.0 Previous Signature Version: 1.195.2073.0 Update Source: User Signature Type: AntiVirus Update Type: Full Current Engine Version: 1.1.13202.0 Previous Engine Version: 1.1.11502.0 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2016-11-14 17:21:25.695 Description: Windows Defender has encountered an error trying to update the engine. New Engine Version: 1.1.13202.0 Previous Engine Version: 1.1.11502.0 Error Code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2016-11-08 08:45:44.985 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Signature Type: Update Type: Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2016-11-08 08:45:24.489 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.2073.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.11502.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. ==================== Memory info =========================== Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics Percentage of memory in use: 36% Total physical RAM: 7096.56 MB Available physical RAM: 4527.41 MB Total Virtual: 8248.56 MB Available Virtual: 5048.5 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.83 GB) (Free:853.85 GB) NTFS Drive f: (USB DRIVE) (Removable) (Total:14.44 GB) (Free:6.86 GB) FAT32 Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.29 GB) NTFS Drive x: (PBR Image) (Fixed) (Total:11.29 GB) (Free:0.72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: D88650CB) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.5 GB) (Disk ID: 235DFDDE) Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C) ==================== End of Addition.txt ============================
  14. This laptop belongs to my daughter in law. She said it is really slow and a voice starts talking about computer being infected. I can reformat if I need to but maybe you can see something in the logs that might save me from doing that. Thanks and here are the logs. No big deal as I can run the Dell PC Restore and bring it back to factory for her. Nothing on the computer that needs saving but always like a challenge :) Let me know what you think. Tom Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2018 Ran by Jean (administrator) on HOUSE (01-03-2018 12:01:56) Running from C:\Users\Jean\Desktop Loaded Profiles: Jean (Available Profiles: Jean) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe () C:\Users\Jean\AppData\Roaming\PCDr\Repair\BundleApplicationRepairTool.exe (Dell Inc) C:\Users\Jean\AppData\Roaming\PCDr\Repair\aulauncher.exe (PC-Doctor, Inc.) C:\Users\Jean\AppData\Local\Temp\nsi7BA2.tmp\appupdater.exe (Dell Inc) C:\Users\Jean\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6875_668_64_02.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (PC-Doctor, Inc.) C:\Users\Jean\AppData\Local\Temp\nskB134.tmp\Setup.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9199104 2017-03-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-10] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-02-13] (Advanced Micro Devices, Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-11-21] ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 71.10.216.2 71.10.216.1 192.168.1.1 Tcpip\..\Interfaces\{3A69891F-B953-4D00-967B-C3000C03A028}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EB0DF0C3-F7BC-4BBA-AEBE-C29B7A8F6A8D}: [DhcpNameServer] 71.10.216.2 71.10.216.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1156205828-983869236-2419336164-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-1156205828-983869236-2419336164-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1156205828-983869236-2419336164-1002 -> DefaultScope {CB31F241-31C5-4BEF-BB48-ECC55BCC9080} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20160214&p={searchTerms} SearchScopes: HKU\S-1-5-21-1156205828-983869236-2419336164-1002 -> {13D8948E-F95C-4E18-A19B-0B0C6A363FD2} URL = SearchScopes: HKU\S-1-5-21-1156205828-983869236-2419336164-1002 -> {CB31F241-31C5-4BEF-BB48-ECC55BCC9080} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20160214&p={searchTerms} BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-11-21] (McAfee) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.) BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-11-21] (McAfee) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-11-21] (McAfee) Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-11-21] (McAfee) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-12-21] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-12-21] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: 1tuon8hw.default FF ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\1tuon8hw.default [2018-03-01] FF Homepage: Mozilla\Firefox\Profiles\1tuon8hw.default -> yahoo.com FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-03-01] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-02-28] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-12-21] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-12-21] () Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-13] (Advanced Micro Devices, Inc.) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed] S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-12-13] (McAfee, Inc.) S4 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728808 2017-12-20] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-29] (McAfee LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-29] (McAfee LLC) R2 mfevtp; C:\Windows\system32\mfevtps.exe [466384 2017-09-29] (McAfee LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2017-03-10] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] () R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.) R1 amdpsp; C:\Windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. ) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77280 2017-10-19] (McAfee LLC) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [492512 2017-10-19] (McAfee LLC) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [355808 2017-10-19] (McAfee LLC) U3 mfeavfk01; no ImagePath S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [84016 2017-10-19] (McAfee LLC) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [506336 2017-10-19] (McAfee LLC) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [938464 2017-10-19] (McAfee LLC) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [507304 2017-11-15] (McAfee LLC.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108456 2017-11-15] (McAfee LLC.) R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [115168 2017-10-19] (McAfee LLC) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252896 2017-10-19] (McAfee LLC) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-03-01] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-01 12:01 - 2018-03-01 12:06 - 000016295 _____ C:\Users\Jean\Desktop\FRST.txt 2018-03-01 12:00 - 2018-03-01 12:01 - 000000000 ____D C:\FRST 2018-03-01 11:59 - 2018-03-01 11:59 - 002403840 _____ (Farbar) C:\Users\Jean\Desktop\FRST64.exe 2018-03-01 11:52 - 2018-03-01 11:52 - 000010120 _____ C:\Users\Jean\Desktop\scan roque.txt 2018-03-01 11:50 - 2018-03-01 11:50 - 000000000 ___RD C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2018-03-01 10:45 - 2018-03-01 11:52 - 000000000 ____D C:\ProgramData\RogueKiller 2018-03-01 10:45 - 2018-03-01 10:45 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-03-01 10:45 - 2018-03-01 10:45 - 000000872 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-03-01 10:45 - 2018-03-01 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-03-01 10:44 - 2018-03-01 10:45 - 000000000 ____D C:\Program Files\RogueKiller 2018-03-01 10:44 - 2018-03-01 10:44 - 036465728 _____ (Adlice Software ) C:\Users\Jean\Downloads\setup.exe 2018-03-01 10:33 - 2018-03-01 11:53 - 000000000 ____D C:\Users\Jean\AppData\LocalLow\Mozilla 2018-03-01 10:33 - 2018-03-01 10:35 - 000000000 ____D C:\Users\Jean\AppData\Local\Mozilla 2018-03-01 10:33 - 2018-03-01 10:33 - 000000000 ____D C:\Users\Jean\AppData\Roaming\Mozilla 2018-03-01 10:32 - 2018-03-01 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-03-01 10:32 - 2018-03-01 10:32 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-03-01 10:32 - 2018-03-01 10:32 - 000000938 _____ C:\Users\Public\Desktop\Firefox.lnk 2018-03-01 10:32 - 2018-03-01 10:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-03-01 10:31 - 2018-03-01 10:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-01 12:00 - 2014-11-27 14:51 - 000000000 ____D C:\Users\Jean\AppData\Local\CrashDumps 2018-03-01 11:59 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf 2018-03-01 11:56 - 2014-05-31 03:57 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2018-03-01 11:54 - 2014-11-21 16:41 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1156205828-983869236-2419336164-1002 2018-03-01 11:52 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-01 11:52 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\AppReadiness 2018-03-01 11:51 - 2014-11-21 16:39 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{34E9AAEC-F4DD-48C5-8513-50D1E4267256} 2018-03-01 11:45 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-01 11:44 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-03-01 11:41 - 2013-08-22 09:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-03-01 10:43 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp 2018-03-01 10:34 - 2014-05-31 03:17 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-01 10:19 - 2014-11-21 16:35 - 000000000 ____D C:\Users\Jean 2018-02-28 17:26 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\ELAM 2018-02-28 17:19 - 2015-07-05 09:57 - 000000000 ____D C:\Windows\System32\Tasks\McAfee 2018-02-25 16:21 - 2015-07-22 16:55 - 000003312 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare) 2018-02-14 09:06 - 2014-11-21 17:05 - 000000000 ____D C:\Program Files\Common Files\McAfee 2018-02-14 08:59 - 2017-12-03 08:35 - 000003068 _____ C:\Windows\System32\Tasks\McAfeeLogon 2018-02-14 08:46 - 2013-08-22 09:36 - 000000000 ___HD C:\Windows\ELAMBKUP ==================== Files in the root of some directories ======= 2014-11-21 17:12 - 2014-11-21 17:12 - 032372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe Some files in TEMP: ==================== 2014-12-03 17:47 - 2014-12-03 17:47 - 000467968 _____ (Realtek Semiconductor Corp.) C:\Users\Jean\AppData\Local\Temp\COMAP.EXE 2018-03-01 10:45 - 2017-08-11 17:58 - 001737600 _____ (Microsoft Corporation) C:\Users\Jean\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-08 09:09 ==================== End of FRST.txt ============================
×