jimmyedwards Posted May 20, 2017 Posted May 20, 2017 Hi to all,I got a new modem for my wi-fi yesterday and since then I cant connect to the web with Google Chrome there is no problem with IE or Firefox. Thanks in advance for any help. Quote
KenB Posted May 21, 2017 Posted May 21, 2017 Hi J-E, Please confirm that this happening on a Win 8 machine. Which Anti-Virus are you using? Have you tried turning the AV off to see if this is the cause of the problem ? Obviously turn the AV back on again immediately after testing. Do you have any anti-malware software running in real time? If so - which one ? If so - try turning this off [ just to test - then turn back on again immediately ] =============== Also try this and let me know the results [ I expect no problems but we need to try it :) ] Start > Search Box > type in .......cmd ........ > right click on the Command Prompt that appears on the left side of screen Select "Run as Administrator" At the prompt type: ping 127.0.0.1 - now hit Enter [ space after ping ] You should get 4 packets sent and no losses If this is successful try typing : ping www.google.com - hit Enter Again you should get 4 packets sent and no losses. It looks like this: Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\ken>ping www.google.com Pinging www.google.com [62.24.212.79] with 32 bytes of data: Reply from 62.24.212.79: bytes=32 time=8ms TTL=62 Reply from 62.24.212.79: bytes=32 time=10ms TTL=62 Reply from 62.24.212.79: bytes=32 time=14ms TTL=62 Reply from 62.24.212.79: bytes=32 time=10ms TTL=62 Ping statistics for 62.24.212.79: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 8ms, Maximum = 14ms, Average = 10ms C:\Users\ken Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jimmyedwards Posted May 22, 2017 Author Posted May 22, 2017 Thanks for your reply, I am running windows 8.1 and the only av is windows defender. I did what you said in the search bar > cmd and it was just as you said it would be. Quote
KenB Posted May 22, 2017 Posted May 22, 2017 I also asked you to turn off your AV [ Defender ] to try to connect using Chrome. Did this make any difference ? This may help - click here Don't forget to turn it back on :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jimmyedwards Posted May 22, 2017 Author Posted May 22, 2017 Thanks for your reply,I turned windows defender off and tried to open Chrome it is still no go. I wonder if it has anything to do with the new modem(Arris). Quote
KenB Posted May 22, 2017 Posted May 22, 2017 I assume that you turned Defender back on ? Try resetting Chrome. Open Chrome > top right you will see three vertical dots > click on this. Click on "Settings" At the top there is a Search Box ........type in ......Reset.......hit Enter Now click on "Reset" You will see a box that explains what will happen if you Reset. Click "Reset" again. Let me know how you get on with this. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jimmyedwards Posted May 23, 2017 Author Posted May 23, 2017 I tried the reset tip and it is still no go,yes I turned windows defender back on. Quote
KenB Posted May 24, 2017 Posted May 24, 2017 try the following: Click on the Chrome Icon Click on the three vertical dots [top right of screen ] Settings In the Search Box at the top type in ..........network .........then click on "Change Proxy Settings" Click on "LAN Settings" at the bottom Make sure that "Automatically Detect Settings" is checked and NOT "Use a Proxy ...." If you have to make a change make sure you click OK to confirm. Let me know if this helps. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jimmyedwards Posted May 26, 2017 Author Posted May 26, 2017 I did the steps you sent and still no go. Quote
ExTS Admin Starbuck Posted May 26, 2017 ExTS Admin Posted May 26, 2017 Hi Jimmy, There are a couple of things I'd like to look in to if you don't mind.... Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. please post both reports for me. Thanks Quote Member of:UNITE
jimmyedwards Posted May 27, 2017 Author Posted May 27, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017 Ran by Ray (administrator) on JIMMY (26-05-2017 22:01:47) Running from C:\Users\Ray\Downloads Loaded Profiles: Ray (Available Profiles: Ray & Administrator) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Amazon.com) C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientService.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe (Intel Corporation) C:\WINDOWS\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe (johnsadventures.com) C:\Users\Ray\Desktop\My Documents\A New Folder Pictures for switch\John's Background Switcher\BackgroundSwitcher.exe (Ruiware) C:\Program Files (x86)\Ruiware LLC\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [backgroundSwitcher] => C:\Users\Ray\Desktop\My Documents\A New Folder Pictures for switch\John's Background Switcher\BackgroundSwitcher.exe [121688 2016-10-30] (johnsadventures.com) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware LLC\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [EasyHideIPVPN] => C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {6faa9800-2894-11e3-be6d-c81f66038689} - "D:\WD SmartWare.exe" autoplay=true ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2017-01-18] ShortcutTarget: Amazon Unbox.lnk -> C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientSystemTray.exe (Amazon.com) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-01-18] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 Series Class Driver.lnk [2017-05-26] ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 Series Class Driver.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Winsock: Catalog9-x64 15 C:\WINDOWS\system32\EasyRedirect64.dll [549808 2015-08-15] (EasyTech) Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 Tcpip\..\Interfaces\{51C8D340-F890-41D3-9072-A0A4EB2CA895}: [DhcpNameServer] 208.180.42.68 208.180.42.100 Tcpip\..\Interfaces\{8CDBDBFF-A911-4FDE-9D2F-5311E047BB2A}: [DhcpNameServer] 208.67.222.222 208.67.220.220 Tcpip\..\Interfaces\{A8C40184-0C97-472B-A7BC-59462E7AB2BC}: [DhcpNameServer] 208.180.42.68 208.180.42.100 Internet Explorer: ================== HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> DefaultScope {EA8E9CE8-160E-4200-89F5-5C78A3C55E8F} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=$hspart&hsimp=$hsimp&p={searchTerms}&type=tb_ie_chr-ctbs-tyc-sc SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {EA8E9CE8-160E-4200-89F5-5C78A3C55E8F} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=$hspart&hsimp=$hsimp&p={searchTerms}&type=tb_ie_chr-ctbs-tyc-sc BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-19] (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-19] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Ant.com browser helper (video detector) -> {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} -> C:\Program Files (x86)\Ant.com\IE add-on\Download.dll [2013-03-05] (Ant.com) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll [2013-03-05] (Ant.com) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Toolbar: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab FireFox: ======== FF ProfilePath: C:\Users\Ray\AppData\Roaming\TomTom\HOME\Profiles\8hcmhey1.default [2017-03-31] FF Extension: (Emulator) - C:\Users\Ray\AppData\Roaming\TomTom\HOME\Profiles\8hcmhey1.default\Extensions\Navcore.9.510.1234792@tomtom.com [2017-03-31] [not signed] FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706 [2017-05-26] FF Homepage: Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706 -> hxxps://us.yahoo.com?fr=fp-tyc-sc FF Extension: (Adguard AdBlocker) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\adguardadblocker@adguard.com.xpi [2017-01-14] FF Extension: (uBlock Origin) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\uBlock0@raymondhill.net.xpi [2017-05-14] FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2017-01-01] FF Extension: (Adblock Plus) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1fxv7mmq.default-1482161108706\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-25] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-19] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-2801032338-2342425128-3870613798-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default [2017-05-26] CHR Extension: (Docs) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-20] CHR Extension: (Google Drive) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-20] CHR Extension: (YouTube) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-20] CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-20] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ADVService; C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed] R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) S3 efavdrv; C:\WINDOWS\SysWOW64\drivers\efavdrv.sys [115008 2017-01-20] (ESET) S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [28664 2016-04-29] (Intel Mobile Communications) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-26 22:01 - 2017-05-26 22:02 - 00019418 _____ C:\Users\Ray\Downloads\FRST.txt 2017-05-26 21:58 - 2017-05-26 21:58 - 02429952 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe 2017-05-25 11:21 - 2017-05-25 11:21 - 00429095 _____ C:\Users\Ray\Downloads\2016-10-19-document.pdf 2017-05-25 11:15 - 2017-05-25 11:15 - 00428121 _____ C:\Users\Ray\Downloads\2017-05-19-document.pdf 2017-05-25 09:16 - 2017-05-25 09:16 - 00332413 _____ C:\Users\Ray\Desktop\Child Disability Report - Form 3820.htm 2017-05-25 09:16 - 2017-05-25 09:16 - 00000000 ____D C:\Users\Ray\Desktop\Child Disability Report - Form 3820_files 2017-05-24 17:49 - 2017-04-27 09:11 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2017-05-24 17:49 - 2017-04-27 09:11 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2017-05-24 17:49 - 2017-04-27 09:10 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2017-05-24 17:49 - 2017-04-27 09:10 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2017-05-24 17:45 - 2017-04-06 13:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2017-05-24 17:45 - 2017-04-06 13:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll 2017-05-24 17:45 - 2017-04-06 12:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-05-24 17:45 - 2017-04-06 12:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2017-05-24 17:45 - 2017-04-06 12:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2017-05-24 17:45 - 2017-04-06 12:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2017-05-24 17:45 - 2017-04-06 12:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2017-05-24 17:45 - 2017-04-06 11:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2017-05-24 17:45 - 2017-04-02 10:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2017-05-24 17:45 - 2017-04-02 09:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-05-24 17:45 - 2017-02-10 15:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-05-24 17:45 - 2017-02-01 15:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-05-24 17:45 - 2017-02-01 15:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2017-05-22 17:45 - 2017-05-22 17:45 - 00000592 _____ C:\Users\Ray\Downloads\Turn_On_Windows_Defender.reg 2017-05-22 17:40 - 2017-05-22 17:40 - 00000626 _____ C:\Users\Ray\Downloads\Turn_Off_Windows_Defender(1).reg 2017-05-22 17:39 - 2017-05-22 17:39 - 00000626 _____ C:\Users\Ray\Downloads\Turn_Off_Windows_Defender.reg 2017-05-20 17:10 - 2017-05-20 17:10 - 01130328 _____ (Google Inc.) C:\Users\Ray\Downloads\ChromeSetup(4).exe 2017-05-20 17:10 - 2017-05-20 17:10 - 00002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-20 17:10 - 2017-05-20 17:10 - 00002241 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-20 16:58 - 2017-05-20 16:58 - 01130328 _____ (Google Inc.) C:\Users\Ray\Downloads\ChromeSetup(3).exe 2017-05-16 20:43 - 2017-05-16 20:43 - 01510832 _____ (Ruiware) C:\Users\Ray\Downloads\wpsetup(3).exe 2017-05-16 20:40 - 2017-04-28 18:44 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-05-16 20:40 - 2017-04-28 18:44 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-05-16 18:53 - 2017-04-28 17:15 - 07444824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-05-16 18:53 - 2017-04-26 10:06 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-05-16 18:53 - 2017-04-16 06:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-05-16 18:53 - 2017-04-16 06:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2017-05-16 18:53 - 2017-04-16 06:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2017-05-16 18:53 - 2017-04-16 06:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-05-16 18:53 - 2017-04-16 06:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-05-16 18:53 - 2017-04-16 05:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-05-16 18:53 - 2017-04-16 05:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2017-05-16 18:53 - 2017-04-16 05:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2017-05-16 18:53 - 2017-04-16 05:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-05-16 18:53 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-05-16 18:53 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2017-05-16 18:53 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-05-16 18:53 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2017-05-16 18:53 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-05-16 18:53 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-05-16 18:53 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-05-16 18:53 - 2017-04-16 04:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-05-16 18:53 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2017-05-16 18:53 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-05-16 18:53 - 2017-04-16 04:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-05-16 18:53 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-05-16 18:53 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-05-16 18:53 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2017-05-16 18:53 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-05-16 18:53 - 2017-04-16 03:52 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2017-05-16 18:53 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-05-16 18:53 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-05-16 18:53 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-05-16 18:53 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-05-16 18:53 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-05-16 18:53 - 2017-04-16 03:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-05-16 18:53 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-05-16 18:53 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2017-05-16 18:53 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-05-16 18:53 - 2017-04-16 03:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2017-05-16 18:53 - 2017-04-16 03:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-05-16 18:53 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2017-05-16 18:53 - 2017-04-16 03:17 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2017-05-16 18:53 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-05-16 18:53 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-05-16 18:53 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-05-16 18:53 - 2017-04-16 03:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-05-16 18:53 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-05-16 18:53 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-05-16 18:53 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-05-16 18:53 - 2017-04-16 03:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2017-05-16 18:53 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-05-16 18:53 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-05-16 18:53 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-05-16 18:53 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-05-16 18:53 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-05-16 18:53 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-05-16 18:53 - 2017-04-09 18:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-05-16 18:53 - 2017-04-09 18:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-05-16 18:53 - 2017-04-07 19:20 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2017-05-16 18:53 - 2017-04-07 09:56 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2017-05-16 18:53 - 2017-04-02 12:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-05-16 18:53 - 2017-04-02 12:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-05-16 18:53 - 2017-03-31 19:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2017-05-16 18:53 - 2017-03-31 17:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2017-05-16 18:53 - 2017-03-14 15:06 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2017-05-16 18:53 - 2017-03-14 10:26 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-05-16 18:53 - 2017-03-14 10:09 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2017-05-16 18:53 - 2017-03-14 10:08 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-05-16 18:53 - 2017-03-14 10:06 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-05-16 18:53 - 2017-03-13 12:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll 2017-05-16 18:53 - 2017-03-13 12:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2017-05-16 18:53 - 2017-03-13 12:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll 2017-05-16 18:53 - 2017-03-13 12:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll 2017-05-16 18:53 - 2017-03-13 12:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2017-05-16 18:53 - 2017-03-13 12:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2017-05-16 18:53 - 2017-03-13 12:08 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2017-05-16 18:53 - 2017-03-13 12:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-05-16 18:53 - 2017-03-13 12:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2017-05-16 18:53 - 2017-03-13 12:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll 2017-05-16 18:53 - 2017-03-13 11:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2017-05-16 18:53 - 2017-03-13 11:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2017-05-16 18:53 - 2017-03-13 11:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-05-16 18:53 - 2017-03-12 11:04 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-05-16 18:53 - 2017-03-10 23:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2017-05-16 18:53 - 2017-03-10 23:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2017-05-16 18:53 - 2017-03-10 23:44 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2017-05-16 18:53 - 2017-03-10 23:41 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2017-05-16 18:53 - 2017-03-10 19:38 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2017-05-16 18:53 - 2017-03-09 17:08 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2017-05-16 18:53 - 2017-03-09 16:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll 2017-05-16 18:53 - 2017-03-09 15:29 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2017-05-16 18:53 - 2017-03-09 15:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll 2017-05-16 18:53 - 2017-03-07 22:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml 2017-05-16 18:53 - 2017-03-04 15:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-05-16 18:53 - 2017-03-04 15:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2017-05-16 18:53 - 2017-03-04 14:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2017-05-16 18:53 - 2017-03-04 12:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-05-16 18:53 - 2017-03-03 11:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2017-05-16 18:53 - 2017-03-03 11:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll 2017-05-16 18:53 - 2017-03-03 11:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2017-05-16 18:53 - 2017-03-03 11:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll 2017-05-16 18:53 - 2017-02-11 14:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2017-05-16 18:53 - 2017-02-11 13:00 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-05-16 18:53 - 2017-02-11 12:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2017-05-16 18:53 - 2017-02-11 12:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2017-05-16 18:53 - 2017-02-10 10:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2017-05-16 18:53 - 2017-02-09 11:28 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-05-16 18:53 - 2017-02-09 11:19 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-05-16 18:53 - 2017-02-09 11:16 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-05-16 18:53 - 2017-02-09 10:59 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-05-16 18:53 - 2017-02-09 10:58 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-05-16 18:53 - 2017-02-09 10:58 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-05-16 18:53 - 2017-02-04 16:30 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2017-05-16 18:53 - 2017-02-04 16:30 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2017-05-16 18:53 - 2017-02-04 16:30 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-05-16 18:53 - 2017-02-04 16:30 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2017-05-16 18:53 - 2017-02-04 15:32 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2017-05-16 18:53 - 2017-02-04 15:30 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2017-05-16 18:53 - 2017-02-04 14:14 - 01001472 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2017-05-16 18:53 - 2017-02-04 13:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2017-05-16 18:53 - 2017-02-04 13:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2017-05-16 18:53 - 2017-02-04 13:50 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll 2017-05-16 18:53 - 2017-02-04 13:40 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-05-16 18:53 - 2017-02-04 13:32 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2017-05-16 18:53 - 2017-02-04 13:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2017-05-16 18:53 - 2017-02-04 13:17 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll 2017-05-16 18:53 - 2017-02-04 13:10 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-05-16 18:53 - 2017-02-04 13:05 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll 2017-05-16 18:53 - 2017-01-21 17:37 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-05-16 18:53 - 2017-01-21 15:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2017-05-16 18:53 - 2017-01-21 15:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll 2017-05-16 18:53 - 2017-01-21 14:40 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2017-05-16 18:53 - 2017-01-21 14:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll 2017-05-16 18:53 - 2017-01-18 22:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-05-16 18:53 - 2017-01-18 10:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-05-16 18:53 - 2017-01-18 10:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-05-16 18:53 - 2017-01-14 16:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-05-16 18:53 - 2017-01-14 15:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-05-16 18:53 - 2017-01-14 13:49 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2017-05-16 18:53 - 2017-01-12 12:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2017-05-16 18:53 - 2017-01-12 12:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2017-05-16 18:53 - 2017-01-12 02:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-05-16 18:53 - 2017-01-11 15:37 - 02345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-05-16 18:53 - 2017-01-11 15:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll 2017-05-16 18:53 - 2017-01-11 13:28 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-05-16 18:53 - 2017-01-11 11:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll 2017-05-16 18:53 - 2017-01-10 18:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2017-05-16 18:53 - 2017-01-10 17:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-05-16 18:53 - 2017-01-10 16:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2017-05-16 18:53 - 2017-01-10 15:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-05-16 18:53 - 2017-01-10 15:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2017-05-16 18:53 - 2017-01-10 15:08 - 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-05-16 18:53 - 2017-01-06 13:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2017-05-16 18:53 - 2017-01-06 13:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2017-05-16 18:53 - 2017-01-05 14:09 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2017-05-16 18:53 - 2017-01-05 13:29 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2017-05-16 18:53 - 2017-01-05 13:13 - 07796224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-05-16 18:53 - 2017-01-05 12:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-05-16 18:53 - 2016-12-24 21:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys 2017-05-16 18:53 - 2016-12-24 21:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2017-05-16 18:53 - 2016-12-24 20:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll 2017-05-16 18:53 - 2016-12-24 20:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2017-05-16 18:53 - 2016-12-24 19:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll 2017-05-16 18:53 - 2016-12-09 04:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-05-16 18:53 - 2016-11-19 17:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2017-05-16 18:53 - 2016-11-19 13:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2017-05-16 18:53 - 2016-11-16 17:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-05-16 18:53 - 2016-11-12 17:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2017-05-16 18:53 - 2016-11-12 15:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2017-05-16 18:53 - 2016-11-10 22:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-05-16 18:53 - 2016-11-09 13:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-05-16 18:53 - 2016-11-05 13:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2017-05-16 18:53 - 2016-11-05 13:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2017-05-16 18:53 - 2016-11-05 11:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2017-05-16 18:53 - 2016-11-05 11:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2017-05-16 18:52 - 2017-02-23 10:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-05-16 18:52 - 2017-02-22 10:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-05-16 18:52 - 2017-02-22 10:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-05-16 18:52 - 2017-02-22 10:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-05-16 18:52 - 2017-02-22 10:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-05-16 18:52 - 2017-02-22 10:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-05-16 18:52 - 2017-02-22 10:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll 2017-05-16 18:52 - 2017-02-22 10:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-05-16 18:52 - 2017-02-22 10:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-05-16 16:00 - 2017-05-16 16:00 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Google 2017-05-11 23:21 - 2017-05-11 23:21 - 00000000 ____D C:\Users\Ray\Desktop\Amazon.com D-JOY Tri-Spinner Fidget Toy Hand Spinner Camouflage, Stress Reducer Relieve Anxiety and Boredom Camo (Starry sky) Toys & Games_files 2017-05-11 23:20 - 2017-05-11 23:21 - 01177986 _____ C:\Users\Ray\Desktop\Amazon.com D-JOY Tri-Spinner Fidget Toy Hand Spinner Camouflage, Stress Reducer Relieve Anxiety and Boredom Camo (Starry sky) Toys & Games.htm 2017-05-02 22:47 - 2017-05-02 22:47 - 00082664 _____ C:\Users\Ray\Downloads\Fructosamin-to-A1C-conversion-table.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-26 22:01 - 2017-01-31 09:12 - 00000000 ____D C:\FRST 2017-05-26 21:53 - 2013-12-28 20:23 - 00000000 ____D C:\Users\Ray\AppData\Roaming\ClassicShell 2017-05-26 21:51 - 2012-07-26 01:26 - 00000223 _____ C:\WINDOWS\win.ini 2017-05-26 21:00 - 2016-11-18 19:03 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\Mozilla 2017-05-26 13:12 - 2014-09-24 03:15 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-26 13:12 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf 2017-05-26 13:11 - 2013-09-24 18:44 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-05-26 13:09 - 2014-10-22 16:38 - 00000000 __RDO C:\Users\Ray\OneDrive 2017-05-26 13:08 - 2014-10-22 16:35 - 00000000 __SHD C:\Users\Ray\IntelGraphicsProfiles 2017-05-26 13:08 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-26 13:08 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2017-05-25 09:25 - 2017-03-03 10:21 - 00000000 ____D C:\Users\Ray\AppData\Local\CrashDumps 2017-05-24 17:49 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-05-24 17:48 - 2013-12-28 21:55 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-05-24 17:47 - 2013-12-28 21:55 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-05-23 16:27 - 2013-12-30 01:21 - 00043408 _____ C:\Users\Ray\AppData\Roaming\wklnhst.dat 2017-05-23 16:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-05-23 11:33 - 2015-05-18 09:45 - 00000000 ___RD C:\Users\Ray\Desktop\MOST OF THE DESKTOP IN ONE FOLDER 2017-05-23 11:10 - 2015-11-22 19:28 - 00000000 ____D C:\Users\Ray\Desktop\MY SHARED FOLDER 2017-05-22 10:47 - 2013-12-28 19:11 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2801032338-2342425128-3870613798-1001 2017-05-22 10:23 - 2013-12-29 19:07 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-20 17:33 - 2014-01-02 17:07 - 00000000 ____D C:\Users\Ray\AppData\Roaming\vlc 2017-05-20 17:10 - 2017-03-03 05:38 - 00000000 ____D C:\Program Files (x86)\Google 2017-05-20 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-05-20 13:39 - 2016-11-18 16:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-05-20 13:39 - 2015-08-23 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-05-20 13:21 - 2013-12-29 19:04 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\ant.com 2017-05-16 20:44 - 2013-12-30 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2017-05-16 20:44 - 2013-12-30 02:40 - 00000000 ____D C:\ProgramData\InstallMate 2017-05-16 20:38 - 2016-05-29 14:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-05-16 20:38 - 2016-05-29 14:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-05-16 20:38 - 2013-08-22 10:44 - 00528752 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-05-16 20:33 - 2015-04-15 15:38 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-05-16 20:33 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData 2017-05-16 20:33 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2017-05-16 20:33 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender 2017-05-16 20:33 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-05-16 19:03 - 2016-05-29 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-05-14 09:00 - 2016-02-04 11:37 - 00000638 _____ C:\WINDOWS\Tasks\TrackerAutoUpdate.job 2017-05-11 14:11 - 2016-04-07 07:41 - 00000000 ____D C:\Users\Ray\Desktop\J.R.s Folder 2017-05-09 11:42 - 2016-03-19 21:19 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-05-09 11:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-05-09 11:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-04-28 16:49 - 2017-03-03 05:38 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-28 16:49 - 2017-03-03 05:38 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2013-12-30 01:21 - 2017-05-23 16:27 - 0043408 _____ () C:\Users\Ray\AppData\Roaming\wklnhst.dat 2016-05-29 20:53 - 2016-05-29 20:53 - 0004608 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-12-05 18:38 - 2016-12-05 18:38 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-01-03 18:45 - 2014-01-03 18:53 - 0000819 _____ () C:\ProgramData\hpzinstall.log 2016-05-29 20:22 - 2016-05-29 20:22 - 0000016 _____ () C:\ProgramData\mntemp 2016-05-29 20:22 - 2016-05-29 20:22 - 0004906 _____ () C:\ProgramData\oqztiqep.adk 2016-08-05 08:17 - 2016-08-05 08:17 - 0000032 _____ () C:\ProgramData\Temp.log 2014-11-30 15:15 - 2014-11-30 15:15 - 0005098 _____ () C:\ProgramData\vczcspay.tpu 2013-09-24 18:44 - 2013-09-24 18:44 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-09-24 18:41 - 2013-09-24 18:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-09-24 18:42 - 2013-09-24 18:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-09-24 18:40 - 2013-09-24 18:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-09-24 18:43 - 2013-09-24 18:44 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some files in TEMP: ==================== 2017-03-02 19:57 - 2016-08-13 03:40 - 1737080 _____ (Microsoft Corporation) C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll 2017-04-19 08:49 - 2017-04-19 08:49 - 0739904 _____ (Oracle Corporation) C:\Users\Ray\AppData\Local\Temp\jre-8u131-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-27 11:33 ==================== End of FRST.txt ============================ Quote
jimmyedwards Posted May 27, 2017 Author Posted May 27, 2017 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017 Ran by Ray (26-05-2017 22:02:39) Running from C:\Users\Ray\Downloads Windows 8.1 (Update) (X64) (2014-10-22 20:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2801032338-2342425128-3870613798-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-2801032338-2342425128-3870613798-501 - Limited - Disabled) Ray (S-1-5-21-2801032338-2342425128-3870613798-1001 - Administrator - Enabled) => C:\Users\Ray ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510af_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software) Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software) Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software) Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software) Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software) Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com) Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com) Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Any Video Recorder version 1.0.4 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.4 - anvsoft, Inc.) Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG) Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios) ChrisPC Free VideoTube Downloader 9.3.4 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version: - Chris P.C. srl) ChrisPC YTD Downloader MP3 Converter 2.40 (HKLM-x32\...\{6006089C-9ABC-4F18-ABCD-123456789801}_is1) (Version: - Chris P.C. srl) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - ) FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG) File1 Package Manager (English version) (HKLM-x32\...\{F0805E9F-2F4C-4298-8CDC-83C1D8E4EC91}) (Version: 1.1.100 - Helios Technologies) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Free Hide Folder (HKLM-x32\...\Free Hide Folder) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP) HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.203 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) John's Background Switcher 4.14 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.14 - johnsadventures.com) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.321.0 - Tracker Software Products Ltd) Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) PySol Fan Club edition v.2.0 (HKLM-x32\...\PySol Fan Club edition_is1) (Version: - ) PySolFC Solitaire (a freeware Solitaire Game) version 1.1 (HKLM-x32\...\PySolFC Solitaire_is1) (Version: - ) Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Uninstall Dual Mode Camera (DT01) (HKLM-x32\...\DT01_2009_1026_1436_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware) WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft) Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft) Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) Youtube to MP3 Converter v. 1.4 (HKLM-x32\...\Youtube to MP3 Converter_is1) (Version: - YoutubeDownloaderHD.com) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10E7CDFA-2463-4AA3-A931-EF99644B27C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.) Task: {2B698B18-E3DE-4BA3-A4A0-99300FD8244C} - System32\Tasks\File1 Update Launch => C:\Program Files (x86)\Ant.com\File1 Package Manager\File1UL.exe [2014-04-30] (Helios Technologies Ltd.) Task: {305486BC-CF31-4F18-B143-564AD42D6FB3} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ray\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe Task: {46E0D154-DFBC-4003-8802-D3D51BE25062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {4DDF5C1D-174C-4C4E-8C4E-CCC3B8D96F68} - System32\Tasks\HP AR Program Upload - 84bcb34db9f946e8944251e6026ab08ca421cfaa47f34d789a57faeab098e479 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {50CE3FBA-8E31-43C7-9D3F-3858745502D7} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2017-03-06] (Tracker Software Products (Canada) Ltd.) Task: {58FE5BF4-4E30-4242-9B37-A6EB97177E91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.) Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {81DC8FE7-0BDA-499C-86E9-ADB8A3EEDE2E} - System32\Tasks\HP AR Program Upload - 7fc3a4d784604be2b4d002197f18f4ca3c1c5dd625304782ae6cf242c8b50f74 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {95D83143-E725-4C38-8FEF-37E28CA3643E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {A3681D03-7A5B-46AE-AEC0-2F1434932837} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {B841A3BF-74F2-4198-8BC3-C6B187408409} - System32\Tasks\HP AR Program Upload - ebbb76cf134e4ad4b2eae894a4122e0c067f88a663394b6ebaff748f40240995 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {B8B63F70-D4B8-4452-97E7-FDAF10FBC78C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {BA58B807-D5A9-4B82-97CD-0ACADF6C23B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-24] (Microsoft Corporation) Task: {BD0B2236-0C42-44AC-9DB1-B8894B3BF670} - System32\Tasks\HP AR Program Upload - 84e70fa7d4d743919ccd443c3d6132b0d6d744ae387342e19f32bc3d5b168979 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {C3CA267B-59D5-435A-B99C-E24A8A70FA5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {D7DD2F8C-5FB0-41DC-ADA7-7139CBD5A1F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.) Task: {D8AC50E5-57DE-4865-B539-E7F7D601F9E2} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {DC97E556-53E4-40B4-9843-C6793A6DD3DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {E12FB32E-7A8A-4D6C-85D2-C79BDD75F5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {E43F873B-9CC5-4CEC-AFEE-67FBF2DBD1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {E6300A07-8445-47C6-8435-11C170C5357A} - System32\Tasks\HP AR Program Upload - a43eef6a7e9b47b7ae82508c4f0e48c6a506510c79cb4d6abc72fe4be41fc96f => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {E854B597-C9BE-47FA-827D-4A4D73977A77} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe Task: {FB9D4695-A5E8-428D-97E9-FD3CCA21028C} - System32\Tasks\HP AR Program Upload - f83b9e52d02f4a0082c5a5033800ab2cd0be4d2648994ccebb5ee7a48159d05f => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {FC3168F0-5526-43EE-B651-C173054AA193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.) Task: {FF9D33D7-56DA-4D71-AB20-38BE083343F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Ray\Desktop\My DVD Burners ETC\Disable_Windows_8_Explorer_Auto_Arrange - Shortcut.lnk -> C:\Users\Ray\Downloads\Disable_Windows_8_Explorer_Auto_Arrange.bat () Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2013-09-24 18:45 - 2013-04-19 18:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2013-09-24 18:45 - 2013-04-19 18:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll 2013-09-24 18:45 - 2013-04-19 18:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2011-11-23 21:21 - 2011-11-23 21:21 - 00105576 ____R () C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\LimelightDownloadManager.dll 2013-09-24 18:37 - 2012-07-18 15:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2017-03-02 19:40 - 00000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg DNS Servers: 208.180.42.68 - 208.180.42.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk" HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "IMSS" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "PCShowServer" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "TomTomHOME.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2E5CE9F1-F4FE-4A1C-BEC2-1FC2E81A853A}] => (Allow) LPort=1900 FirewallRules: [{D754747E-683E-4057-97C5-70B1A9D5027D}] => (Allow) LPort=2869 FirewallRules: [{C923C4C6-9B49-40C7-9371-572B12BDE35B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5E061F47-6AD2-47FF-95CB-54C7A1A1431F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{86FB472A-4CE5-460E-8F27-B2372E8D6165}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{990B95F7-EF83-4ECE-BF6F-A4D69FC9F83F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{68D3E9AF-C61B-4FAE-BD1F-BC06782A0D14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{8B34ACD6-5D32-4A76-91D9-350DB78A9719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{83E4B487-6614-4483-BC48-0D08204DE91F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{5F9D9918-1620-4A0F-B3A6-3871EDA5216A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{66173C11-6A8B-4C38-A038-9987D21B6297}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{8D120410-D7AB-457F-BBC3-4D639F3ECD8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{434E3162-983B-4CEB-8848-EE80A576B6A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{487853B9-8D61-4D6B-809C-D76F3B89C308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{FBC077C7-0DF8-4FF6-AFB8-7717F6A41847}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{D5B8730B-52FD-4209-91C7-A622375CE37F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{1166F700-646D-4E42-980B-801C723E1DD3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{45ECB300-8CB2-46D4-A602-131B4A7EBAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{EB358FD7-4A9C-43C1-9A47-E94F2085EC6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{1EA55450-82A8-4B6A-BCFA-C9956BF9F6C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{3E248B0D-F208-403E-A33F-494DBF5B0FEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{E8016474-50EB-4A04-91D9-F5164E57AA4E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D68BE6A3-B344-4B65-B42B-D6E6B0442842}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4EF0A35F-1644-4EAB-AAD6-F5AAC83A838D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26C770EF-9A12-4E13-BD11-F8A0A732D5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26511AD0-4D0A-497B-BAC4-1D4753F73A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{68C6965E-8ADD-4E7A-BA14-C23E63E2D2C7}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe FirewallRules: [{51495EF1-E86D-4ECE-8997-C256208A36BB}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe FirewallRules: [{EA0CBA7E-BE68-4560-B88C-1F3984750FE4}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe FirewallRules: [{794685D0-75B0-40ED-A213-C17F6356FCEB}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe FirewallRules: [{78BB779D-F662-4775-9CF7-4324145858C4}] => (Allow) LPort=5357 FirewallRules: [{69FEF454-9429-400D-99A8-36C38C1B3476}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{024B6ACD-BCFB-4671-A003-390D3A58B2ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{784D2CF3-86EF-451C-8106-2AD1AFA913E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 31-03-2017 18:59:38 Installed TomTom HOME. 16-05-2017 18:54:11 Windows Update 20-05-2017 17:05:07 Revo Uninstaller's restore point - Google Chrome 24-05-2017 17:45:31 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2017 09:25:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xe0434352 Fault offset: 0x00000000000095fc Faulting process id: 0xe10 Faulting application start time: 0x01d2d55a63fe6fa7 Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: a3156596-414d-11e7-834d-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (05/25/2017 09:25:37 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException Stack: at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (05/25/2017 09:21:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: firefox.exe, version: 53.0.3.6347, time stamp: 0x591d55d1 Faulting module name: MSON***T.DLL, version: 11.0.6715.60, time stamp: 0x43306199 Exception code: 0xc0000005 Fault offset: 0x00052b84 Faulting process id: 0x40c Faulting application start time: 0x01d2d5573f958920 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSON***T.DLL Report Id: 0da0a13e-414d-11e7-834d-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (05/24/2017 10:19:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00007ff89f6db69a Faulting process id: 0x10ec Faulting application start time: 0x01d2d498af88ef98 Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: unknown Report Id: ee4086b4-408b-11e7-834c-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (05/24/2017 10:19:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException Stack: at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (05/23/2017 09:43:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xe0434352 Fault offset: 0x00000000000095fc Faulting process id: 0xe1c Faulting application start time: 0x01d2d3ca8b2d658c Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: c9e9c176-3fbd-11e7-834c-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (05/23/2017 09:43:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException Stack: at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (05/23/2017 08:54:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d Faulting module name: combase.dll, version: 6.3.9600.18666, time stamp: 0x58f317cc Exception code: 0xc0000005 Fault offset: 0x000441bf Faulting process id: 0x394 Faulting application start time: 0x01d2d3c37e34788a Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\WINDOWS\SYSTEM32\combase.dll Report Id: fc855b2d-3fb6-11e7-834b-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (05/22/2017 05:50:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: firefox.exe, version: 53.0.3.6347, time stamp: 0x591d55d1 Faulting module name: MSON***T.DLL, version: 11.0.6715.60, time stamp: 0x43306199 Exception code: 0xc0000005 Fault offset: 0x00052b84 Faulting process id: 0xba4 Faulting application start time: 0x01d2d3419f59fb3e Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSON***T.DLL Report Id: b0c1bce9-3f38-11e7-834b-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (05/22/2017 10:43:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xe0434352 Fault offset: 0x00000000000095fc Faulting process id: 0x115c Faulting application start time: 0x01d2d309cfaa7b25 Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 0d7f8f64-3efd-11e7-834a-c81f66038689 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (05/24/2017 10:30:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. Error: (05/24/2017 10:28:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service. Error: (05/21/2017 08:59:37 PM) (Source: DCOM) (EventID: 10010) (User: JIMMY) Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout. Error: (05/21/2017 08:59:37 PM) (Source: DCOM) (EventID: 10010) (User: JIMMY) Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout. Error: (05/21/2017 02:09:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. Error: (05/21/2017 02:07:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service. Error: (05/20/2017 05:21:41 PM) (Source: DCOM) (EventID: 10016) (User: JIMMY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jimmy\Ray SID (S-1-5-21-2801032338-2342425128-3870613798-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/20/2017 05:21:41 PM) (Source: DCOM) (EventID: 10016) (User: JIMMY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jimmy\Ray SID (S-1-5-21-2801032338-2342425128-3870613798-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/20/2017 01:13:59 PM) (Source: DCOM) (EventID: 10016) (User: JIMMY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jimmy\Ray SID (S-1-5-21-2801032338-2342425128-3870613798-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/20/2017 01:13:59 PM) (Source: DCOM) (EventID: 10016) (User: JIMMY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jimmy\Ray SID (S-1-5-21-2801032338-2342425128-3870613798-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-05-23 10:20:58.386 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-23 10:20:58.068 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-23 10:20:57.744 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-23 10:20:57.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-18 16:41:18.338 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-18 16:41:18.014 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-18 16:41:17.683 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-18 16:41:17.355 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-17 23:34:10.457 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-17 23:34:10.097 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i3-3240 CPU @ 3.40GHz Percentage of memory in use: 24% Total physical RAM: 8066.05 MB Available physical RAM: 6092.69 MB Total Virtual: 9346.05 MB Available Virtual: 6936.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:513.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6AA7D01A) Partition: GPT. ==================== End of Addition.txt ============================ Quote
ExTS Admin Starbuck Posted May 27, 2017 ExTS Admin Posted May 27, 2017 Hi Jimmy, On looking into this problem it seemed that there was a few things that caused this. Incorrect Firewall rules Conflict with an old AV that hadn't been uninstalled correctly Also clearing the caches etc can sometimes help. The first 2 are the things I wanted to look into. The report shows that these are ok. The clearing of the caches we can deal with, within the fix. There are a few things that I'd like to mention about the findings.... File1 Package Manager Did you actually install this yourself? It does normally come bundled as a third party program with a legit program that you install. If you didn't install this yourself, I recommend that you remove it. Amazon Unbox Video This is a very old program and has actually been discontinued for a couple of years now. It's never wise to keep discontinued programs on your system. Amazon did give instructions on how to still see any downloaded videos. About Watching Videos Previously Downloaded to Your PC Updated Ad Blocker for Firefox 11+ Adblock Plus uBlock Origin This is a bit of overkill. uBlock Origin would be all you need. Having the others may cause conflicts as they're all trying to do the same thing. There are a few things that should be removed with a fix..... Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Ray\Downloads. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply. Thanksfixlist.txt Quote Member of:UNITE
jimmyedwards Posted May 28, 2017 Author Posted May 28, 2017 Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017 Ran by Ray (27-05-2017 23:39:49) Run:2 Running from C:\Users\Ray\Downloads Loaded Profiles: Ray (Available Profiles: Ray & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = Toolbar: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File 2017-03-02 19:57 - 2016-08-13 03:40 - 1737080 _____ (Microsoft Corporation) C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll 2017-04-19 08:49 - 2017-04-19 08:49 - 0739904 _____ (Oracle Corporation) C:\Users\Ray\AppData\Local\Temp\jre-8u131-windows-au.exe 2016-05-29 20:22 - 2016-05-29 20:22 - 0004906 _____ () C:\ProgramData\oqztiqep.adk 2014-11-30 15:15 - 2014-11-30 15:15 - 0005098 _____ () C:\ProgramData\vczcspay.tpu 2013-09-24 18:44 - 2013-09-24 18:44 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-09-24 18:41 - 2013-09-24 18:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-09-24 18:42 - 2013-09-24 18:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-09-24 18:40 - 2013-09-24 18:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-09-24 18:43 - 2013-09-24 18:44 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "BitTorrent" CMD: ipconfig /flushdns Hosts: EmptyTemp: ***************** HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E00ED14-DDAB-4086-B889-8ACD884A8ECF} => key removed successfully HKCR\CLSID\{9E00ED14-DDAB-4086-B889-8ACD884A8ECF} => key not found. HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => value removed successfully HKCR\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => key not found. C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll => moved successfully C:\Users\Ray\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully C:\ProgramData\oqztiqep.adk => moved successfully C:\ProgramData\vczcspay.tpu => moved successfully C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance => key removed successfully HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BitTorrent => value removed successfully HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BitTorrent => value not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 12582912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 239191101 B Java, Flash, Steam htmlcache => 20052 B Windows/system/drivers => 7468961 B Edge => 0 B Chrome => 6822861 B Firefox => 404746096 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => -658 B Ray => 1020456283 B Administrator => 0 B RecycleBin => 9367386586 B EmptyTemp: => 10.3 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 23:41:03 ==== Quote
ExTS Admin Starbuck Posted May 28, 2017 ExTS Admin Posted May 28, 2017 Has the fix made any difference to Chrome connecting? Quote Member of:UNITE
jimmyedwards Posted May 29, 2017 Author Posted May 29, 2017 I still cant get on the internet with Chrome,I tried to send an attachment showing the message from Chrome but for some reason I cant. The message did say something about reconnecting the wi-fi. How would I do that? Thanks for all the help I am getting too. Quote
ExTS Admin Starbuck Posted May 31, 2017 ExTS Admin Posted May 31, 2017 Hi Jimmy, Sorry for the late reply.... The message did say something about reconnecting the wi-fi. How would I do that? Turn your router off from the mains..... wait about 5 minutes, then turn it back on. Once the lights have settled try chrome again. Quote Member of:UNITE
jimmyedwards Posted May 31, 2017 Author Posted May 31, 2017 I did that and still no internet,however from settings I was able to send a report an issue . Quote
KenB Posted June 2, 2017 Posted June 2, 2017 Hi, Go to the following location please ...... C: > Programs > Google > Chrome > Application Right click on "Chrome" > Properties If Chrome here is "Read Only" uncheck it > Apply > OK [ you will need admin privileges ] You may need to reboot. Try accessing Chrome again. At the start ........ C: > Programs ......... I had to use Programs[x86] to find Chrome folder :) ================ I don't think I asked earlier ....... What happens when you click on the Chrome icon when trying to access the net ? Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jimmyedwards Posted June 3, 2017 Author Posted June 3, 2017 I tried your suggestions and still no internet on Chrome,when i click on the Google icon it goes to Google and then when I click on any thing it shows the dinosaur and the no internet message. I tried to go advanced and send screen shots of the messages but I do it. I tried to delete my old files so I could add screenshots but I cant figure out how to delete them. Quote
KenB Posted June 4, 2017 Posted June 4, 2017 Hi Right click on the Chrome icon [ you may need to right click on "Google Chrome" in the list ] > click on "Run as Administrator" Does this give you access ? Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jimmyedwards Posted June 4, 2017 Author Posted June 4, 2017 When I right click Chrome icon and then run as admin it goes to user account control,when I ok that it goes to Google Chrome and the no internet message. I clicked on the program compatibility troubleshooter and it showed issues found "incompatible program ,then fix Chrome completed. It showed computer name JIMMY,Windows version 6.3,Architecture x64 and time today's date etc. Next was find and fix problems with older running programs on this version of windows Package version 1.5 publisher Microsoft windows. Finally it showed find and fix problems with older running programs on this version of windows package version 1.0 publisher Microsoft Corporation. I would do a screen shot but the system wont let me add files in advanced and I don't know how to delete the old files . Quote
KenB Posted June 5, 2017 Posted June 5, 2017 "incompatible program" Try the following: Right click on the Chrome icon > Properties > Compatibility Check the box - "Run this program in compatibility for" - select Windows 7 Apply > OK Try it now. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jimmyedwards Posted June 7, 2017 Author Posted June 7, 2017 I tried that still no internet connection. Quote
KenB Posted June 8, 2017 Posted June 8, 2017 Try uninsalling Chrome [ you will lose bookmarked sites ] then reinstall the most recent version. If you wish to save your bookmarks see here - click here Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.