jimmyedwards Posted February 28, 2017 Posted February 28, 2017 My grands got on my computer Sunday(one 8 years old and one 16) I don't know what they did but it has been acting up since they played with it . The 16 year old uses Chrome and now it is very slow to respond ,I had to delete it and now I can not reinstall it with all the freezing it is doing. The 8 year old uses IE to play games and now it is freezing and the mouse has gone berserk,the circle that shows it is loading is always spinning and moving all over the desktop. I use Firefox and haven't had a lot of problems except for the mouse going berserk and the spinning load indicator. I cant do a MBAM scan because of the constant loading and freezing. HELP and thanks in advance. Quote
ExTS Admin Starbuck Posted February 28, 2017 ExTS Admin Posted February 28, 2017 Hi Jimmy, I cant do a MBAM scan because of the constant loading and freezing.MBAM will run in Safe Mode. Safe Mode in Win8 is slightly different to earlier versions ( where you used the f8 key ) Press the http://img.photobucket.com/albums/v708/starbuck50/Blog%20pics/winr_zpsvq3qsjc6.jpg key combination on the keyboard and type msconfig in the run box, then press the enter key on the keyboard. http://img.photobucket.com/albums/v708/starbuck50/Blog%20pics/mscon_zpsnpzaagrz.png Switch over to the Boot tab, and click on the Safe Boot check box. http://img.photobucket.com/albums/v708/starbuck50/Blog%20pics/mscon2_zpst5dfiwyo.png Also select the Network radio button. This will give you an internet connection in safe mode. Once you have chosen your option click the OK button and then click to restart your machine. http://img.photobucket.com/albums/v708/starbuck50/Blog%20pics/mscon3_zpsflldjxuh.png Your PC will be booted into Safe Mode automatically. Now you should be able to update MBAM and run a scan. Note: When you have finished with Safe Mode and restart you PC you will just keep getting booted into Safe Mode, to stop this open msconfig again and uncheck the Safe Boot option, click the ok button and then click to restart your machine. Let me know how it goes and feel free to post the MBAM report here and I can check it if you want. Quote Member of:UNITE
jimmyedwards Posted February 28, 2017 Author Posted February 28, 2017 Thanks for your reply,I did a MBAM scan in safe mode and will post the results. I had to uninstall Chrome again and I will try to show you what I get when I try to download it. Malwarebytes Anti-Malware 1.61.0.1400 http://www.malwarebytes.org Database version: v2017.02.28.08 Windows 7 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.11.9600.18525 Ray :: JIMMY [administrator] 2/28/2017 3:56:47 PM mbam-log-2017-02-28 (15-56-47).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 650256 Time elapsed: 1 hour(s), 15 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe (PUP.Optional.ASK.OL) -> Quarantined and deleted successfully. (end) [ATTACH=CONFIG]1529.vB5-legacyid=2626[/ATTACH] Quote
ExTS Admin Starbuck Posted February 28, 2017 ExTS Admin Posted February 28, 2017 Hi Jimmy, Now i'm confused...... You posted in the Win8 forum, but the header on MBAM shows: Windows 7 x64 NTFS (Safe Mode/Networking) I also see that your copy of MBAM is well out of date: Malwarebytes Anti-Malware 1.61.0.1400 I suggest that you install the latest version 3.0.6 Because you are running an old version, this will have to be removed before the new version can be installed. Uninstall MalwareBytes from your system Restart your computer (very important). Now Download mbam clean and save to your Desktop. Please close all open applications to avoid any conflicts when running the tool. Locate the file mbam-clean.exe and double-click to run it... Vista/Windows 7/8/10 users right-click and select Run As Administrator.. and follow the onscreen prompts. It will ask to restart your computer, please allow it to do so (very important) . Download Malwarebytes 3 and save it to your desktop Double click the desktop icon, click Run, then OK Click Next Select I accept the agreement then continue to click Next then finally click Install Click Finish . MalwareBytes will now open to the Dashboard. http://img.photobucket.com/albums/v708/starbuck50/NMBv3/nmb12_zpslgp53gyt.png All protection should now enable and the update process should begin. Once the update process has completed, Click Scan Now to start your Threat scan. Allow MalwareBytes to remove/quarantine whatever it finds. To find the reports From the main Dashboard click Reports (left hand side) Double click on the scan log which shows the Date and time of the scan that showed the infections. Click Export >> Copy to Clipboard Paste the contents of the clipboard into your reply. . http://img.photobucket.com/albums/v708/starbuck50/NMBv3/nmb14_zpsdq4dkyqo.png If you decide that you only want to run the free version: From the Dashboard click.. Settings >> My Account >> Deactivate Premium Trial. http://img.photobucket.com/albums/v708/starbuck50/NMBv3/nmb13_zpsbwkswmeq.png --------------- In actual fact, this whole system is very out of date and is susceptible to infections. Windows 7 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.11.9600.18525 It looks like Windows Updates are not even turned on!! No SP1 ..... and still running IE9. Quote Member of:UNITE
jimmyedwards Posted March 1, 2017 Author Posted March 1, 2017 I am running Windows 8.1 I have been trying for over 45 minutes to reply to you and post some screenshots but this thing keeps freezing up. I am getting a unresponsive plugin message and from Scotty I get a cant delete MBAM Anti Exploit ,I cant delete MBAM or MBAM Anti Exploit in uninstall programs in control panel or Revo uninstallerI will try to send this first and then I will try the screenshots.Thanks for your reply and help. Quote
jimmyedwards Posted March 1, 2017 Author Posted March 1, 2017 [ATTACH=CONFIG]1530.vB5-legacyid=2627[/ATTACH][ATTACH=CONFIG]1531.vB5-legacyid=2628[/ATTACH][ATTACH=CONFIG]1532.vB5-legacyid=2629[/ATTACH]I am in safe mode trying to see if this works,I think I may have finally deleted MBAM Anti Exploit. Quote
ExTS Admin Starbuck Posted March 1, 2017 ExTS Admin Posted March 1, 2017 I am running Windows 8.1 So I see from the screenshot... that's very odd that MBAM throws up Win7. I think I may have finally deleted MBAM Anti Exploit. So is Anti Exploit uninstalled now? Have you managed to get the new version of MalwareBytes installed? If you're still having problems then it'll be best to disable any protection you have running ..... including WinPatrol. Once the new version of Malwarebytes is installed, you can re-enable the security. It'll be interesting to see what the new version reads from the system and places in the report header. Quote Member of:UNITE
jimmyedwards Posted March 1, 2017 Author Posted March 1, 2017 I don't see Anti Exploit anywhere on the pc now,I installed the new MBAM and will post the report. I still cant install Chrome .You notice the time the scan was done and the time I posted this ,the thing keeps freezing up . Malwarebytes http://www.malwarebytes.com -Log Details- Scan Date: 3/1/17 Scan Time: 1:49 PM Logfile: MBAM.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1395 License: Free -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: JIMMY\Ray -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 465959 Time Elapsed: 20 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Quote
ExTS Admin Starbuck Posted March 1, 2017 ExTS Admin Posted March 1, 2017 Hi Jimmy, -System Information- OS: Windows 8.1 At least the new version of MalwareBytes recognizes Win 8.1 There must have been a glitch in the older version. Ok, time to have a look and see what's going on here. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. It also makes another log (Addition.txt). Please copy and paste it to your reply also. FRST doesn't take long to complete. Once I have both reports, they should give me a better idea of what is going on with your system. My grands got on my computer Sunday(one 8 years old and one 16) I don't know what they did but it has been acting up since they played with it . Ok, that will come in handy when I check the reports. Thanks Quote Member of:UNITE
jimmyedwards Posted March 2, 2017 Author Posted March 2, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017 Ran by Ray (administrator) on JIMMY (01-03-2017 19:34:31) Running from C:\Users\Ray\Downloads Loaded Profiles: Ray (Available Profiles: Ray & Administrator) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Amazon.com) C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientService.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Malwarebytes) C:\Users\Ray\Desktop\MY SHARED FOLDER\Burn and Delete\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe (Intel Corporation) C:\WINDOWS\System32\igfxHK.exe (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe (Malwarebytes) C:\Users\Ray\Desktop\MY SHARED FOLDER\Burn and Delete\Anti-Malware\mbamtray.exe (johnsadventures.com) C:\Users\Ray\Desktop\My Documents\A New Folder Pictures for switch\John's Background Switcher\BackgroundSwitcher.exe (Ruiware) C:\Program Files (x86)\Ruiware LLC\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\WINDOWS\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Ray\Downloads\FRST64(2).exe (Farbar) C:\Users\Ray\Downloads\FRST64(2).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [Malwarebytes TrayApp] => C:\USERS\RAY\DESKTOP\MY SHARED FOLDER\BURN AND DELETE\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [backgroundSwitcher] => C:\Users\Ray\Desktop\My Documents\A New Folder Pictures for switch\John's Background Switcher\BackgroundSwitcher.exe [121688 2016-10-30] (johnsadventures.com) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-11-29] (TomTom) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware LLC\WinPatrol\WinPatrol.exe [1231240 2016-11-13] (Ruiware) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [EasyHideIPVPN] => C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {6faa9800-2894-11e3-be6d-c81f66038689} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {8ebacf48-e7a5-11e5-81bb-c81f66038689} - "D:\Setup.exe" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {cf9fcd36-917f-11e5-814f-c81f66038689} - "D:\Setup.exe" ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2017-01-18] ShortcutTarget: Amazon Unbox.lnk -> C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientSystemTray.exe (Amazon.com) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-01-18] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 Series Class Driver.lnk [2017-03-01] ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 Series Class Driver.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Winsock: Catalog9-x64 15 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 Tcpip\..\Interfaces\{51C8D340-F890-41D3-9072-A0A4EB2CA895}: [DhcpNameServer] 208.180.42.68 208.180.42.100 Tcpip\..\Interfaces\{8CDBDBFF-A911-4FDE-9D2F-5311E047BB2A}: [DhcpNameServer] 208.67.222.222 208.67.220.220 Tcpip\..\Interfaces\{A8C40184-0C97-472B-A7BC-59462E7AB2BC}: [DhcpNameServer] 208.180.42.68 Internet Explorer: ================== HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> DefaultScope {EA8E9CE8-160E-4200-89F5-5C78A3C55E8F} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=$hspart&hsimp=$hsimp&p={searchTerms}&type=tb_ie_chr-ctbs-tyc-sc SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PD SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {EA8E9CE8-160E-4200-89F5-5C78A3C55E8F} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=$hspart&hsimp=$hsimp&p={searchTerms}&type=tb_ie_chr-ctbs-tyc-sc BHO: No Name -> {236FE2ED-19AA-4392-A880-DA19F61AE10C} -> No File BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-01] (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-01] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: No Name -> {236FE2ED-19AA-4392-A880-DA19F61AE10C} -> No File BHO-x32: Ant.com browser helper (video detector) -> {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} -> C:\Program Files (x86)\Ant.com\IE add-on\Download.dll [2013-03-05] (Ant.com) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll [2013-03-05] (Ant.com) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Toolbar: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab FireFox: ======== FF ProfilePath: C:\Users\Ray\AppData\Roaming\TomTom\HOME\Profiles\8hcmhey1.default [2017-01-13] FF Extension: (Emulator) - C:\Users\Ray\AppData\Roaming\TomTom\HOME\Profiles\8hcmhey1.default\Extensions\Navcore.9.510.1234792@tomtom.com [2017-01-13] [not signed] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2017-01-13] [not signed] FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706 [2017-03-01] FF Homepage: Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706 -> hxxps://us.yahoo.com?fr=fp-tyc-sc FF Extension: (Adguard AdBlocker) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\adguardadblocker@adguard.com.xpi [2017-01-14] FF Extension: (uBlock Origin) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\uBlock0@raymondhill.net.xpi [2017-02-19] FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2017-01-01] FF Extension: (Adblock Plus) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-01] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\features\{b9cde528-2bcc-47c8-85a9-c65a88dda348}\disableSHA1rollout@mozilla.org.xpi [2017-03-01] FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\features\{b9cde528-2bcc-47c8-85a9-c65a88dda348}\tls13-compat-ff51@mozilla.org.xpi [2017-03-01] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-27] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-01] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-01] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-27] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] FF Plugin HKU\S-1-5-21-2801032338-2342425128-3870613798-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default [2017-02-28] CHR Extension: (Docs) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-27] CHR Extension: (Google Drive) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-27] CHR Extension: (YouTube) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-27] CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-27] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ADVService; C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed] R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) R2 MBAMService; C:\Users\Ray\Desktop\MY SHARED FOLDER\Burn and Delete\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed] S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 MbaeSvc; "C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) S3 efavdrv; C:\WINDOWS\SysWOW64\drivers\efavdrv.sys [115008 2017-01-20] (ESET) S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [28664 2016-04-29] (Intel Mobile Communications) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S1 ESProtectionDriver; \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-01 19:32 - 2017-03-01 19:32 - 02423808 _____ (Farbar) C:\Users\Ray\Downloads\FRST64(2).exe 2017-03-01 19:30 - 2017-03-01 19:30 - 02423808 _____ (Farbar) C:\Users\Ray\Downloads\FRST64(1).exe 2017-03-01 19:27 - 2017-03-01 19:27 - 02423808 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe 2017-03-01 17:05 - 2017-03-01 17:05 - 00001074 _____ C:\Users\Ray\Desktop\MBAM.txt 2017-02-28 22:27 - 2017-02-28 22:27 - 01129376 _____ (Google Inc.) C:\Users\Ray\Downloads\ChromeSetup.exe 2017-02-28 21:40 - 2017-03-01 09:15 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-28 21:40 - 2017-02-28 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-28 21:40 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-02-28 21:37 - 2017-02-28 21:37 - 55566792 _____ (Malwarebytes ) C:\Users\Ray\Downloads\mb3-setup-consumer-3.0.6.1469.exe 2017-02-28 21:31 - 2017-02-28 21:31 - 00288631 _____ C:\Users\Ray\Desktop\AOL Mail.htm 2017-02-28 21:31 - 2017-02-28 21:31 - 00000000 ____D C:\Users\Ray\Desktop\AOL Mail_files 2017-02-28 21:29 - 2017-02-28 21:29 - 00566128 _____ (Malwarebytes) C:\Users\Ray\Downloads\mbam-clean-2.3.0.1001.exe 2017-02-28 15:53 - 2017-02-28 15:53 - 00000000 ____D C:\WINDOWS\pss 2017-02-27 19:50 - 2017-02-27 19:50 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-02-27 19:50 - 2017-02-27 19:50 - 00001448 _____ C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-02-27 18:20 - 2017-02-27 18:20 - 01189840 _____ ( ) C:\Users\Ray\Downloads\hwmonitor_1.30.exe 2017-02-14 15:59 - 2017-02-14 15:59 - 00144511 _____ C:\Users\Ray\Documents\Scan0001.pdf 2017-02-14 12:01 - 2017-02-14 12:01 - 02291078 _____ C:\Users\Ray\Downloads\MyDISHBill_01-22-17.pdf 2017-02-14 12:01 - 2017-02-14 12:01 - 00658719 _____ C:\Users\Ray\Downloads\MyDISHBill_12-22-16.pdf 2017-02-09 17:27 - 2017-02-09 17:27 - 00241401 _____ C:\Users\Ray\Downloads\2016TurboTaxReturn(2).pdf 2017-01-31 18:41 - 2017-03-01 19:35 - 00022046 _____ C:\Users\Ray\Downloads\FRST.txt 2017-01-31 18:41 - 2017-01-31 18:45 - 00042768 _____ C:\Users\Ray\Downloads\Addition.txt 2017-01-31 08:12 - 2017-03-01 19:34 - 00000000 ____D C:\FRST 2017-01-31 08:04 - 2017-01-31 08:04 - 00000000 ____D C:\Program Files\Malwarebytes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-01 19:30 - 2016-11-18 18:03 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\Mozilla 2017-03-01 19:26 - 2012-07-26 00:26 - 00000223 _____ C:\WINDOWS\win.ini 2017-03-01 19:04 - 2016-03-19 20:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-03-01 16:54 - 2013-12-28 19:23 - 00000000 ____D C:\Users\Ray\AppData\Roaming\ClassicShell 2017-03-01 11:25 - 2013-12-30 00:21 - 00043272 _____ C:\Users\Ray\AppData\Roaming\wklnhst.dat 2017-03-01 11:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-03-01 09:25 - 2013-12-28 18:11 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2801032338-2342425128-3870613798-1001 2017-03-01 09:18 - 2014-09-24 02:15 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-01 09:18 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf 2017-03-01 09:16 - 2013-09-24 17:44 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-03-01 09:15 - 2014-10-22 15:38 - 00000000 __RDO C:\Users\Ray\OneDrive 2017-03-01 09:15 - 2014-10-22 15:35 - 00000000 __SHD C:\Users\Ray\IntelGraphicsProfiles 2017-03-01 09:14 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-01 09:11 - 2013-12-30 00:47 - 00000000 ____D C:\ProgramData\Oracle 2017-03-01 09:02 - 2015-08-19 16:28 - 00000000 ____D C:\Program Files\Java 2017-03-01 09:01 - 2015-08-19 16:28 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2017-03-01 09:01 - 2015-08-19 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-03-01 08:29 - 2014-10-22 14:33 - 00000000 ____D C:\Users\Ray 2017-02-28 22:36 - 2013-09-29 00:18 - 00000000 ___RD C:\Users\Ray\Desktop\My DVD Burners ETC 2017-02-28 21:32 - 2013-12-29 18:07 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-28 20:53 - 2015-02-01 16:27 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2017-02-27 10:09 - 2016-11-18 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-27 10:09 - 2015-08-23 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-27 07:04 - 2016-03-19 20:19 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-02-27 07:04 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-27 07:04 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-27 00:40 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2017-02-27 00:30 - 2015-05-18 08:45 - 00000000 ___RD C:\Users\Ray\Desktop\MOST OF THE DESKTOP IN ONE FOLDER 2017-02-27 00:20 - 2016-01-07 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2017-02-27 00:19 - 2017-01-25 15:06 - 00000000 ____D C:\AdwCleaner 2017-02-27 00:19 - 2016-12-27 19:42 - 00000000 ____D C:\Users\Ray\Desktop\badger badger youtube - Yahoo Video Search Results_files 2017-02-27 00:19 - 2016-06-10 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2017-02-27 00:19 - 2016-06-10 16:03 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications 2017-02-27 00:19 - 2016-05-29 20:01 - 00000000 ____D C:\Users\Ray\AppData\Roaming\NCH Software 2017-02-27 00:19 - 2016-05-29 20:01 - 00000000 ____D C:\Program Files (x86)\NCH Software 2017-02-27 00:19 - 2016-02-21 12:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2017-02-27 00:19 - 2015-07-01 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChrisPC Free VideoTube Downloader 2017-02-27 00:19 - 2015-07-01 16:47 - 00000000 ____D C:\Program Files (x86)\ChrisPC Free VideoTube Downloader 2017-02-27 00:19 - 2014-11-03 22:32 - 00000000 ____D C:\Program Files (x86)\FFMPEG Addon 2017-02-27 00:19 - 2014-10-22 14:33 - 00000000 ____D C:\Users\Administrator 2017-02-27 00:19 - 2014-07-02 08:39 - 00000000 ____D C:\WINDOWS\ERUNT 2017-02-27 00:19 - 2014-01-02 16:07 - 00000000 ____D C:\Users\Ray\AppData\Roaming\vlc 2017-02-27 00:19 - 2013-12-29 21:20 - 00000000 ____D C:\Users\Ray\AppData\Roaming\PySolFC 2017-02-27 00:19 - 2013-12-29 19:54 - 00000000 ____D C:\Program Files\Tracker Software 2017-02-27 00:19 - 2013-12-28 20:13 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\Yahoo! 2017-02-27 00:19 - 2013-12-28 20:13 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2017-02-27 00:18 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-27 00:15 - 2015-11-22 18:28 - 00000000 ____D C:\Users\Ray\Desktop\MY SHARED FOLDER 2017-02-27 00:15 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration 2017-02-27 00:14 - 2013-12-30 01:05 - 00000000 ____D C:\Users\Ray\AppData\Local\Google 2017-02-27 00:14 - 2013-09-24 17:38 - 00000000 ____D C:\ProgramData\Dell 2017-02-20 20:33 - 2014-04-18 14:48 - 00000000 ____D C:\Users\Ray\AppData\Local\Microsoft Help 2017-02-17 17:10 - 2013-12-29 18:04 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\ant.com ==================== Files in the root of some directories ======= 2013-12-30 00:21 - 2017-03-01 11:25 - 0043272 _____ () C:\Users\Ray\AppData\Roaming\wklnhst.dat 2016-05-29 19:53 - 2016-05-29 19:53 - 0004608 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-12-05 17:38 - 2016-12-05 17:38 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-02-10 17:10 - 2016-02-10 17:10 - 0000258 _____ () C:\ProgramData\fontcacheev1.dat 2014-01-03 17:45 - 2014-01-03 17:53 - 0000819 _____ () C:\ProgramData\hpzinstall.log 2016-05-29 19:22 - 2016-05-29 19:22 - 0000016 _____ () C:\ProgramData\mntemp 2016-05-29 19:22 - 2016-05-29 19:22 - 0004906 _____ () C:\ProgramData\oqztiqep.adk 2016-08-05 07:17 - 2016-08-05 07:17 - 0000032 _____ () C:\ProgramData\Temp.log 2014-11-30 14:15 - 2014-11-30 14:15 - 0005098 _____ () C:\ProgramData\vczcspay.tpu 2013-09-24 17:44 - 2013-09-24 17:44 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-09-24 17:41 - 2013-09-24 17:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-09-24 17:42 - 2013-09-24 17:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-09-24 17:40 - 2013-09-24 17:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-09-24 17:43 - 2013-09-24 17:44 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat Some files in TEMP: ==================== 2017-03-01 09:00 - 2017-03-01 09:00 - 0739904 _____ (Oracle Corporation) C:\Users\Ray\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-01-11 10:31 - 2017-01-11 10:31 - 0008704 _____ (Microsoft Corporation) C:\Users\Ray\AppData\Local\Temp\SpOrder.dll 2017-01-13 19:42 - 2017-01-13 19:42 - 7097928 _____ (VS Revo Group ) C:\Users\Ray\AppData\Local\Temp\VSUSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-27 10:33 Quote
jimmyedwards Posted March 2, 2017 Author Posted March 2, 2017 Ran by Ray (01-03-2017 19:35:22) Running from C:\Users\Ray\Downloads Windows 8.1 (Update) (X64) (2014-10-22 20:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2801032338-2342425128-3870613798-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-2801032338-2342425128-3870613798-501 - Limited - Disabled) Ray (S-1-5-21-2801032338-2342425128-3870613798-1001 - Administrator - Enabled) => C:\Users\Ray ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510af_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software) Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software) Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software) Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software) Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software) Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com) Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com) Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Any Video Recorder version 1.0.4 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.4 - anvsoft, Inc.) Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG) Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios) ChrisPC Free VideoTube Downloader 8.56 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version: - Chris P.C. srl) ChrisPC YTD Downloader MP3 Converter 2.40 (HKLM-x32\...\{6006089C-9ABC-4F18-ABCD-123456789801}_is1) (Version: - Chris P.C. srl) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - ) FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG) File1 Package Manager (English version) (HKLM-x32\...\{F0805E9F-2F4C-4298-8CDC-83C1D8E4EC91}) (Version: 1.1.100 - Helios Technologies) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Free Hide Folder (HKLM-x32\...\Free Hide Folder) (Version: - ) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP) HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.203 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) John's Background Switcher 4.14 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.14 - johnsadventures.com) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.318.1 - Tracker Software Products Ltd) Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TomTom HOME (HKLM-x32\...\{3C595537-D968-48D5-AAB1-CCB2E90FA59A}) (Version: 2.9.94 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Uninstall Dual Mode Camera (DT01) (HKLM-x32\...\DT01_2009_1026_1436_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware) WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft) Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft) Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) Youtube to MP3 Converter v. 1.4 (HKLM-x32\...\Youtube to MP3 Converter_is1) (Version: - YoutubeDownloaderHD.com) YTD Video Downloader 5.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.7 - GreenTree Applications SRL) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {10E7CDFA-2463-4AA3-A931-EF99644B27C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.) Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {2B698B18-E3DE-4BA3-A4A0-99300FD8244C} - System32\Tasks\File1 Update Launch => C:\Program Files (x86)\Ant.com\File1 Package Manager\File1UL.exe [2014-04-30] (Helios Technologies Ltd.) Task: {305486BC-CF31-4F18-B143-564AD42D6FB3} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ray\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {46E0D154-DFBC-4003-8802-D3D51BE25062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {4901A6C3-9271-4168-801D-78216C660293} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {4DDF5C1D-174C-4C4E-8C4E-CCC3B8D96F68} - System32\Tasks\HP AR Program Upload - 84bcb34db9f946e8944251e6026ab08ca421cfaa47f34d789a57faeab098e479 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {58FE5BF4-4E30-4242-9B37-A6EB97177E91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.) Task: {5DFDE964-9DBF-4E0E-8B11-46C4398C7094} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {88067C95-3DEA-44F0-9CAE-2A9ABD92AABA} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2016-09-21] (Tracker Software Products (Canada) Ltd.) Task: {95D83143-E725-4C38-8FEF-37E28CA3643E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {A3A296BD-CF24-4966-9C5B-04AD97343C63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {B8B63F70-D4B8-4452-97E7-FDAF10FBC78C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {BA58B807-D5A9-4B82-97CD-0ACADF6C23B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-17] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe Task: {D7DD2F8C-5FB0-41DC-ADA7-7139CBD5A1F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.) Task: {D8AC50E5-57DE-4865-B539-E7F7D601F9E2} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {E12FB32E-7A8A-4D6C-85D2-C79BDD75F5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {E43F873B-9CC5-4CEC-AFEE-67FBF2DBD1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {E854B597-C9BE-47FA-827D-4A4D73977A77} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe Task: {F86B1E72-E4AC-47CA-B4AB-826EFD28A2FB} - System32\Tasks\{FB0EC9E3-EC0B-40D4-9CC2-CE45128497E0} => pcalua.exe -a "C:\Users\Ray\Desktop\MY SHARED FOLDER\Downloads, Winrar Etc Etc\PandoraRecovery2.1.1Setup.exe" -d "C:\Users\Ray\Desktop\MY SHARED FOLDER\Downloads, Winrar Etc Etc" Task: {FC3168F0-5526-43EE-B651-C173054AA193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.) Task: {FF9D33D7-56DA-4D71-AB20-38BE083343F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-27] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Ray\Desktop\My DVD Burners ETC\Disable_Windows_8_Explorer_Auto_Arrange - Shortcut.lnk -> C:\Users\Ray\Downloads\Disable_Windows_8_Explorer_Auto_Arrange.bat () Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2013-09-24 17:45 - 2013-04-19 17:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2013-09-24 17:45 - 2013-04-19 17:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll 2013-09-24 17:45 - 2013-04-19 17:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2017-02-28 21:40 - 2017-01-20 07:47 - 02264352 _____ () C:\USERS\RAY\DESKTOP\MY SHARED FOLDER\BURN AND DELETE\ANTI-MALWARE\PoliciesControllerImpl.dll 2011-11-23 20:21 - 2011-11-23 20:21 - 00105576 ____R () C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\LimelightDownloadManager.dll 2013-09-24 17:37 - 2012-07-18 14:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\summitcu.org -> hxxps://www.summitcu.org IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\swcorp.org -> hxxps://membercapture.swcorp.org IE restricted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\usabit.com -> hxxp://www.usabit.com IE restricted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\usabit.com -> http://www.usabit.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 00:26 - 2015-08-19 15:58 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg DNS Servers: 208.180.42.68 - 208.180.42.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk" HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "IMSS" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "PCShowServer" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "TomTomHOME.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{2E5CE9F1-F4FE-4A1C-BEC2-1FC2E81A853A}] => (Allow) LPort=1900 FirewallRules: [{D754747E-683E-4057-97C5-70B1A9D5027D}] => (Allow) LPort=2869 FirewallRules: [{C923C4C6-9B49-40C7-9371-572B12BDE35B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5E061F47-6AD2-47FF-95CB-54C7A1A1431F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{86FB472A-4CE5-460E-8F27-B2372E8D6165}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{990B95F7-EF83-4ECE-BF6F-A4D69FC9F83F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{68D3E9AF-C61B-4FAE-BD1F-BC06782A0D14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{8B34ACD6-5D32-4A76-91D9-350DB78A9719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{83E4B487-6614-4483-BC48-0D08204DE91F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{5F9D9918-1620-4A0F-B3A6-3871EDA5216A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{66173C11-6A8B-4C38-A038-9987D21B6297}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{8D120410-D7AB-457F-BBC3-4D639F3ECD8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{434E3162-983B-4CEB-8848-EE80A576B6A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{487853B9-8D61-4D6B-809C-D76F3B89C308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{FBC077C7-0DF8-4FF6-AFB8-7717F6A41847}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{D5B8730B-52FD-4209-91C7-A622375CE37F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{1166F700-646D-4E42-980B-801C723E1DD3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{45ECB300-8CB2-46D4-A602-131B4A7EBAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{EB358FD7-4A9C-43C1-9A47-E94F2085EC6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{1EA55450-82A8-4B6A-BCFA-C9956BF9F6C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{3E248B0D-F208-403E-A33F-494DBF5B0FEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{E8016474-50EB-4A04-91D9-F5164E57AA4E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D68BE6A3-B344-4B65-B42B-D6E6B0442842}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4EF0A35F-1644-4EAB-AAD6-F5AAC83A838D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26C770EF-9A12-4E13-BD11-F8A0A732D5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26511AD0-4D0A-497B-BAC4-1D4753F73A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{68C6965E-8ADD-4E7A-BA14-C23E63E2D2C7}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe FirewallRules: [{51495EF1-E86D-4ECE-8997-C256208A36BB}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe FirewallRules: [{EA0CBA7E-BE68-4560-B88C-1F3984750FE4}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe FirewallRules: [{794685D0-75B0-40ED-A213-C17F6356FCEB}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe FirewallRules: [{78BB779D-F662-4775-9CF7-4324145858C4}] => (Allow) LPort=5357 FirewallRules: [{69FEF454-9429-400D-99A8-36C38C1B3476}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{74612741-5F8B-46DE-AF35-CD34581D272A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-01-2017 20:01:40 Dell Update: Dell Update - SupportAssist Update Plugin 26-02-2017 23:43:45 Revo Uninstaller's restore point - PySolFC Solitaire (a freeware Solitaire Game) version 1.1 27-02-2017 00:09:49 Restore Operation 27-02-2017 16:00:33 Removed Google Earth. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/01/2017 09:21:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075 Exception code: 0xe0434352 Fault offset: 0x0000000000008a5c Faulting process id: 0x1334 Faulting application start time: 0x01d292970f1b191e Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 4dac898e-fe8a-11e6-8305-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (03/01/2017 09:21:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException Stack: at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (03/01/2017 08:46:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JIMMY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/01/2017 08:46:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JIMMY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/01/2017 08:46:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JIMMY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/01/2017 08:43:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: javaws.exe, version: 11.111.2.14, time stamp: 0x57e49647 Faulting module name: USER32.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e Exception code: 0xc0000142 Fault offset: 0x00000000000ecdd0 Faulting process id: 0x1eaf4 Faulting application start time: 0x01d29291bb28e3b8 Faulting application path: C:\Program Files\Java\jre1.8.0_111\bin\javaws.exe Faulting module path: USER32.dll Report Id: 067cd85c-fe85-11e6-8304-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (02/28/2017 07:43:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FlashPlayerPlugin_24_0_0_221.exe, version: 24.0.0.221, time stamp: 0x588f9975 Faulting module name: MSON***T.DLL, version: 11.0.6715.60, time stamp: 0x43306199 Exception code: 0xc0000005 Fault offset: 0x00052b84 Faulting process id: 0xbad4 Faulting application start time: 0x01d29224971ac731 Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe Faulting module path: C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSON***T.DLL Report Id: 0e6b9d5e-fe18-11e6-82ff-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (02/28/2017 03:51:15 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Users\Ray\Desktop\MY SHARED FOLDER\A SECURITY STUFF\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (02/28/2017 09:19:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x57366075 Exception code: 0xe0434352 Fault offset: 0x0000000000008a5c Faulting process id: 0x1aaac Faulting application start time: 0x01d291cdb1572c22 Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: faf46874-fdc0-11e6-82fa-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (02/28/2017 09:19:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException Stack: at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) System errors: ============= Error: (03/01/2017 09:16:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (03/01/2017 09:14:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Malwarebytes Anti-Exploit Service service failed to start due to the following error: The system cannot find the file specified. Error: (03/01/2017 08:46:06 AM) (Source: DCOM) (EventID: 10010) (User: JIMMY) Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout. Error: (03/01/2017 08:46:06 AM) (Source: DCOM) (EventID: 10010) (User: JIMMY) Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout. Error: (03/01/2017 08:46:06 AM) (Source: DCOM) (EventID: 10010) (User: JIMMY) Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout. Error: (03/01/2017 08:31:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (03/01/2017 08:28:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Malwarebytes Anti-Exploit Service service failed to start due to the following error: The system cannot find the file specified. Error: (03/01/2017 08:28:43 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:24:08 AM on 3/1/2017 was unexpected. Error: (03/01/2017 07:31:29 AM) (Source: DCOM) (EventID: 10010) (User: JIMMY) Description: The server {AD3EDBCA-0901-415B-82E9-C16D3B65E38C} did not register with DCOM within the required timeout. Error: (03/01/2017 06:46:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. CodeIntegrity: =================================== Date: 2017-02-28 20:32:11.067 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-28 20:32:10.629 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-28 20:32:10.160 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-28 20:32:09.770 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-27 00:30:59.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-27 00:30:59.347 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-27 00:30:58.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-11 10:37:57.703 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-11 10:37:57.253 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-11 10:37:56.650 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i3-3240 CPU @ 3.40GHz Percentage of memory in use: 34% Total physical RAM: 8066.05 MB Available physical RAM: 5323 MB Total Virtual: 9346.05 MB Available Virtual: 6715.21 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:551.48 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6AA7D01A) Partition: GPT. ==================== End of Addition.txt ============================ Quote
jimmyedwards Posted March 2, 2017 Author Posted March 2, 2017 The reports are posted ,thanks for your help. Quote
ExTS Admin Starbuck Posted March 2, 2017 ExTS Admin Posted March 2, 2017 Hi Jimmy, Strangely enough looking for entries dated Sunday 26th Feb .... there aren't any. There are some items we should deal with though. I still cant install Chrome There are some leftover Google folders which may be interfering with the install. I've added these to the fix...... after the fix has run you can try and install Google Chrome again. Step 1 Not sure why you have so many adblockers running in Firefox: FF Extension: (Adguard AdBlocker) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\adguardadblocker@adguard. com.xpi [2017-01-14] FF Extension: (uBlock Origin) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\uBlock0@raymondhill.net.x pi [2017-02-19] FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2017-01-01] FF Extension: (Adblock Plus) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-01] Running more than One won't help.... you stand to get conflicts and possible errors. uBlock Origin is about the best there is at the moment. I recommend that you keep that and remove the others. FRST has flagged this: YTD Video Downloader 5.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.7 - GreenTree Applications SRL) <==== ATTENTION It's not really something that you want on your system. I recommend that you uninstall it. Step 2 Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Ray\Downloads. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply. Step 3 Please download RogueKiller Anti-malware (Free) onto your desktop.Close all open programs and internet browsers. Double click on RogueKiller Anti-malware to install the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator. Select Accept the User Agreement then continue to click Next then finally click Install Click Finish . When the program opens..... click Scan http://img.photobucket.com/albums/v708/starbuck50/rk1_zpsn7bfbew7.png Click Start Scan http://img.photobucket.com/albums/v708/starbuck50/rk2_zpszu8aygv0.png http://img.photobucket.com/albums/v708/starbuck50/rk4_zpsj0fwsy1w.png Double check anything found and tick to select items to be removed http://img.photobucket.com/albums/v708/starbuck50/rk3_zps0k0uqbtb.png Click Remove Selected When the items have been removed.... Click Open Report >> Open TXT. Copy and paste that report into your next reply. . Step 4 Try and install Google Chrome again now. In your next reply, please submit: Fixlog.txt RogueKiller report Let me know if Chrome installed again and also if there's any improvement in the running of the system Thanks.fixlist.txt Quote Member of:UNITE
jimmyedwards Posted March 3, 2017 Author Posted March 3, 2017 I will post the other when it finishes. Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017 Ran by Ray (02-03-2017 18:40:14) Run:1 Running from C:\Users\Ray\Downloads Loaded Profiles: Ray (Available Profiles: Ray & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {6faa9800-2894-11e3-be6d-c81f66038689} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {8ebacf48-e7a5-11e5-81bb-c81f66038689} - "D:\Setup.exe" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {cf9fcd36-917f-11e5-814f-c81f66038689} - "D:\Setup.exe" SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolba r=PD BHO: No Name -> {236FE2ED-19AA-4392-A880-DA19F61AE10C} -> No File BHO-x32: No Name -> {236FE2ED-19AA-4392-A880-DA19F61AE10C} -> No File Toolbar: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File] S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 MbaeSvc; "C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe" [X] S1 ESProtectionDriver; \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [X] C:\ProgramData\fontcacheev1.dat 2017-03-01 09:00 - 2017-03-01 09:00 - 0739904 _____ (Oracle Corporation) C:\Users\Ray\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-01-11 10:31 - 2017-01-11 10:31 - 0008704 _____ (Microsoft Corporation) C:\Users\Ray\AppData\Local\Temp\SpOrder.dll 2017-01-13 19:42 - 2017-01-13 19:42 - 7097928 _____ (VS Revo Group ) C:\Users\Ray\AppData\Local\Temp\VSUSetup.exe Task: {5DFDE964-9DBF-4E0E-8B11-46C4398C7094} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {A3A296BD-CF24-4966-9C5B-04AD97343C63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {F86B1E72-E4AC-47CA-B4AB-826EFD28A2FB} - System32\Tasks\{FB0EC9E3-EC0B-40D4-9CC2-CE45128497E0} => pcalua.exe -a "C:\Users\Ray\Desktop\MY SHARED FOLDER\Downloads, Winrar Etc Etc\PandoraRecovery2.1.1Setup.exe" -d "C:\Users\Ray\Desktop\MY SHARED FOLDER\Downloads, Winrar Etc Etc" IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\summitcu.org -> hxxps://www.summitcu.org IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\swcorp.org -> hxxps://membercapture.swcorp.org IE restricted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\usabit.com -> hxxp://www.usabit.com IE restricted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\usabit.com -> http://www.usabit.com C:\Program Files (x86)\Malwarebytes Anti-Exploit C:\Program Files (x86)\Google C:\Users\Ray\AppData\Local\Google CMD: ipconfig /flushdns Hosts: EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Exploit => value removed successfully HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6faa9800-2894-11e3-be6d-c81f66038689} => key removed successfully HKCR\CLSID\{6faa9800-2894-11e3-be6d-c81f66038689} => key not found. HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ebacf48-e7a5-11e5-81bb-c81f66038689} => key removed successfully HKCR\CLSID\{8ebacf48-e7a5-11e5-81bb-c81f66038689} => key not found. HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9fcd36-917f-11e5-814f-c81f66038689} => key removed successfully HKCR\CLSID\{cf9fcd36-917f-11e5-814f-c81f66038689} => key not found. HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E00ED14-DDAB-4086-B889-8ACD884A8ECF} => key removed successfully HKCR\CLSID\{9E00ED14-DDAB-4086-B889-8ACD884A8ECF} => key not found. HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => key removed successfully HKCR\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{236FE2ED-19AA-4392-A880-DA19F61AE10C} => key removed successfully HKCR\CLSID\{236FE2ED-19AA-4392-A880-DA19F61AE10C} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{236FE2ED-19AA-4392-A880-DA19F61AE10C} => key removed successfully HKCR\Wow6432Node\CLSID\{236FE2ED-19AA-4392-A880-DA19F61AE10C} => key not found. HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => value removed successfully HKCR\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully HKU\.DEFAULT\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf => key removed successfully C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll => not found. HKLM\System\CurrentControlSet\Services\ACDaemon => key removed successfully ACDaemon => service removed successfully HKLM\System\CurrentControlSet\Services\gupdate => key removed successfully gupdate => service removed successfully HKLM\System\CurrentControlSet\Services\gupdatem => key removed successfully gupdatem => service removed successfully HKLM\System\CurrentControlSet\Services\MbaeSvc => key removed successfully MbaeSvc => service removed successfully HKLM\System\CurrentControlSet\Services\ESProtectionDriver => key removed successfully ESProtectionDriver => service removed successfully C:\ProgramData\fontcacheev1.dat => moved successfully C:\Users\Ray\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully C:\Users\Ray\AppData\Local\Temp\SpOrder.dll => moved successfully C:\Users\Ray\AppData\Local\Temp\VSUSetup.exe => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5DFDE964-9DBF-4E0E-8B11-46C4398C7094} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DFDE964-9DBF-4E0E-8B11-46C4398C7094} => key removed successfully C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3A296BD-CF24-4966-9C5B-04AD97343C63} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3A296BD-CF24-4966-9C5B-04AD97343C63} => key removed successfully C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F86B1E72-E4AC-47CA-B4AB-826EFD28A2FB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F86B1E72-E4AC-47CA-B4AB-826EFD28A2FB} => key removed successfully C:\WINDOWS\System32\Tasks\{FB0EC9E3-EC0B-40D4-9CC2-CE45128497E0} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB0EC9E3-EC0B-40D4-9CC2-CE45128497E0} => key removed successfully HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\summitcu.org => key removed successfully HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\swcorp.org => key removed successfully HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\usabit.com => key removed successfully HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\usabit.com => key not found. "C:\Program Files (x86)\Malwarebytes Anti-Exploit" => not found. "C:\Program Files (x86)\Google" => not found. C:\Users\Ray\AppData\Local\Google => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 12582912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 128223133 B Java, Flash, Steam htmlcache => 282067 B Windows/system/drivers => 79788516 B Edge => 0 B Chrome => 0 B Firefox => 404372119 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 560 B LocalService => 12718 B NetworkService => 5554196 B Ray => 5582719140 B Administrator => 0 B RecycleBin => 5790314829 B EmptyTemp: => 11.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:48:14 ==== Quote
jimmyedwards Posted March 3, 2017 Author Posted March 3, 2017 [ATTACH=CONFIG]1534.vB5-legacyid=2631[/ATTACH] It looks like the scan has stalled or is stuck for the last 20 minutes and counting. Quote
jimmyedwards Posted March 3, 2017 Author Posted March 3, 2017 It has been like this for over an hour, I cant get a report until it finishes I think. I will leave it on and maybe in the morning it will be finished.[ATTACH=CONFIG]1535.vB5-legacyid=2632[/ATTACH][ATTACH=CONFIG]1536.vB5-legacyid=2633[/ATTACH] Quote
jimmyedwards Posted March 3, 2017 Author Posted March 3, 2017 RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : Ray [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 03/02/2017 20:11:14 (Duration : 01:30:17) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 5 ¤¤¤ [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm) [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 208.180.42.68 208.180.42.100 ([X][X]) -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51C8D340-F890-41D3-9072-A0A4EB2CA895} | DhcpNameServer : 208.180.42.68 208.180.42.100 ([X][X]) -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A8C40184-0C97-472B-A7BC-59462E7AB2BC} | DhcpNameServer : 208.180.42.68 ([X]) -> Replaced () ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 2 ¤¤¤ [PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft -> Deleted [PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll -> Deleted [PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft\bin -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\visic_coupon.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbn.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0 -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\ytbb.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\ytbn.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1 -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\visic_coupon.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbn.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2 -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\inyt.exe.manifest -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\visic_coupon.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\ytbb.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\ytbn.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3 -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\visic_coupon.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\ytbb.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\ytbn.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4 -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\visic_coupon.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\ytbb.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\ytbn.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5 -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\visic_coupon.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\ytbb.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\ytbn.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6 -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\visic_coupon.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\yt.dll -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\ytbb.exe -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\ytbn.exe -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7 -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs -> Deleted ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-1CH162 +++++ --- User --- [MBR] f86a2e4a0deb7b33014a5a1b1869d7fe [bSP] 0169d0bfa43e5d3486df4d12c0a9697c : Empty MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB 1 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB 3 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 490 MB 4 - Basic data partition | Offset (sectors): 2373632 | Size: 940824 MB 5 - [sYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1929181184 | Size: 11885 MB User = LL1 ... OK User = LL2 ... OK Quote
jimmyedwards Posted March 3, 2017 Author Posted March 3, 2017 I still cant download chrome.[ATTACH=CONFIG]1537.vB5-legacyid=2634[/ATTACH] Quote
jimmyedwards Posted March 3, 2017 Author Posted March 3, 2017 I finally downloaded and can use Chrome,thanks for your help. Quote
ExTS Admin Starbuck Posted March 3, 2017 ExTS Admin Posted March 3, 2017 Hi Jimmy, I finally downloaded and can use Chrome That's good to hear. How about the constant freezing..... is the system running any better now? Quote Member of:UNITE
jimmyedwards Posted March 3, 2017 Author Posted March 3, 2017 So far so good thank you for all your help .Can you mark it solved,thanks. Quote
ExTS Admin Starbuck Posted March 3, 2017 ExTS Admin Posted March 3, 2017 Hi Jimmy, Let's finish the cleaning process and remove the tools we have used. Step 1 FRST can now be removed: Right click on the FRST icon and select delete. Right click on any fixlog.txt or fixlist.txt files and select delete. Navigate to: C:\frst and delete the frst folder Step 2 RogueKiller AntiMalware can be uninstalled from the uninstall list: Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.