tacticaltal Posted June 14, 2016 Share Posted June 14, 2016 Hello all, While surfing the web, I'll get a blue (or black, can't really tell) screen, and the computer will restart, and the following message comes along: SESSION_HAS_VALID_VIEWS_ON_EXITI'm getting constant script errors, messages to check certificates, etc. And sometimes the computer just auto restarts on its own without any messages. This is all new to this computer. Please help as I'm not being able to use this machine very well anymore. I'm running Windows 8.1 IE 11 Thanks Link to comment Share on other sites More sharing options...
Juliet Posted June 14, 2016 Share Posted June 14, 2016 Have you tried Sfc /scannow Below are a couple of links I read over with other people having this issue.... throughout it describes looking into Device Manager with hints to display drivers and items related. http://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/session-has-valid-views-on-exit-help/653e0f0d-9f47-4c11-9bd3-08a821852001 http://www.tenforums.com/bsod-crashes-debugging/51677-session_has_valid_views_on_exit-before-login-screen.html Link to comment Share on other sites More sharing options...
tacticaltal Posted June 14, 2016 Author Share Posted June 14, 2016 I ran the sfc, and followed the directions in the 1st link above. I'm not having the original issue now, but this could be a virus or something. I've been getting a lot of low on memory errors. I have changed my user group to allow me to login without using a password on restart, but every time the computer restarts after a low on memory error, I have to use the password. Can we see if we have any malware or viruses on here? Thanks. Link to comment Share on other sites More sharing options...
Juliet Posted June 14, 2016 Share Posted June 14, 2016 Sure, we can do that. I'll post instructions on what to do then I'll move this topic to the appropriate forum. ************************ Farbar Recovery Scan Tool (FRST) Scan Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop. Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run. Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme. Click Yes to the disclaimer. Ensure the Addition.txt box is checked. Click the Scan button and let the programme run. Upon completion, click OK, then OK on the Addition.txt pop up screen. Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. Link to comment Share on other sites More sharing options...
Juliet Posted June 14, 2016 Share Posted June 14, 2016 (edited) I'll have to request it moved, I don't have privileges in User to User. Edited June 15, 2016 by Juliet Link to comment Share on other sites More sharing options...
tacticaltal Posted June 15, 2016 Author Share Posted June 15, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016 Ran by tacti_000 (administrator) on OFFICE (14-06-2016 22:38:00) Running from C:\Users\tacti_000\Downloads Loaded Profiles: tacti_000 (Available Profiles: tacti_000) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-11-10] (NVIDIA Corporation) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [MP3 Skype recorder] => C:\Users\tacti_000\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [2224280 2016-03-16] (Domit UK LTD) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS) Startup: C:\Users\tacti_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-05-30] ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\tacti_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2016-06-13] ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 64.233.219.99 64.233.206.99 Tcpip\..\Interfaces\{7ffd6809-9ae7-459f-9381-1c35b70d7daf}: [DhcpNameServer] 64.233.219.99 64.233.206.99 Internet Explorer: ================== HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/ SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.) Toolbar: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.) DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/nirvana/controls/pcmatic.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default FF DefaultSearchEngine.US: Google FF Homepage: yahoo.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Extension: Flash and Video Download - C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-05-26] FF Extension: Flashblock - C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-06-10] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> hxxp://yahoo.com/ CHR Profile: C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-11] CHR Extension: (Google Docs) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-11] CHR Extension: (Google Drive) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-11] CHR Extension: (YouTube) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-11] CHR Extension: (Google Sheets) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-11] CHR Extension: (Google Docs Offline) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11] CHR Extension: (Yahoo Homepage) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj [2016-06-11] CHR Extension: (My Browser Page) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2016-06-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-11] CHR Extension: (Gmail) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.) S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-14 22:38 - 2016-06-14 22:38 - 00018165 _____ C:\Users\tacti_000\Downloads\FRST.txt 2016-06-14 22:37 - 2016-06-14 22:38 - 00000000 ____D C:\FRST 2016-06-14 22:35 - 2016-06-14 22:37 - 02385920 _____ (Farbar) C:\Users\tacti_000\Downloads\FRST64.exe 2016-06-14 22:35 - 2016-06-14 22:35 - 01736192 _____ (Farbar) C:\Users\tacti_000\Downloads\FRST.exe 2016-06-13 23:46 - 2016-06-13 23:46 - 00000220 _____ C:\Users\tacti_000\Desktop\User to User Help - PC Pitstop Forums.url 2016-06-13 23:02 - 2016-06-13 23:02 - 00000239 _____ C:\Users\tacti_000\Desktop\SESSION_HAS_VALID_VIEWS_ON_EXIT - User to User Help - PC Pitstop Forums.url 2016-06-13 22:47 - 2016-06-13 22:47 - 542849877 _____ C:\WINDOWS\MEMORY.DMP 2016-06-13 22:47 - 2016-06-13 22:47 - 00179628 _____ C:\WINDOWS\Minidump\061316-21328-01.dmp 2016-06-13 22:47 - 2016-06-13 22:47 - 00000000 ____D C:\WINDOWS\Minidump 2016-06-11 23:56 - 2016-06-11 23:56 - 00000194 _____ C:\Users\tacti_000\Desktop\Guitar Lessons Upgrade.url 2016-06-11 00:42 - 2016-06-11 00:42 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-11 00:42 - 2016-06-11 00:42 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-10 22:51 - 2016-06-14 20:44 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1EF34483-6948-47F1-B858-96755E0D2AC4} 2016-06-09 18:24 - 2016-06-10 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-02 19:38 - 2016-06-02 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit Tools 2016-06-02 19:38 - 2016-06-02 19:38 - 00000000 ____D C:\Program Files (x86)\HTML-Kit 2016-06-02 19:37 - 2016-06-02 19:37 - 00001382 _____ C:\Users\Public\Desktop\HTML-Kit.lnk 2016-06-02 19:37 - 2016-06-02 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit 2016-06-02 19:37 - 2016-06-02 19:37 - 00000000 ____D C:\Program Files (x86)\Chami 2016-06-02 19:36 - 2016-06-02 19:37 - 02463779 _____ (HTMLKit.com ) C:\Users\tacti_000\Downloads\HKSetup.exe 2016-06-01 16:17 - 2016-06-01 16:17 - 00002113 _____ C:\Users\tacti_000\Desktop\shutdown.lnk 2016-05-30 19:50 - 2016-05-30 19:50 - 00000209 _____ C:\Users\tacti_000\Desktop\How to cook Cube Steak and Brown Gravy with Onions ! = Cooking - YouTube.url 2016-05-30 19:29 - 2016-05-30 19:29 - 00000222 _____ C:\Users\tacti_000\Desktop\pieguy3 - YouTube.url 2016-05-30 19:29 - 2016-05-30 19:29 - 00000192 _____ C:\Users\tacti_000\Desktop\HOW TO MAKE CUBE STEAKS (E-Z MEAL!!) - YouTube.url 2016-05-29 14:41 - 2016-06-12 15:59 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleFortacti_000.job 2016-05-29 14:41 - 2016-06-12 14:56 - 00003270 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFortacti_000 2016-05-27 00:17 - 2016-05-27 00:17 - 00024736 _____ C:\Users\tacti_000\Documents\physicians~genpract.pdf 2016-05-27 00:15 - 2016-05-27 00:15 - 00015908 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(3).pdf 2016-05-27 00:14 - 2016-05-27 00:14 - 00020994 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(1).pdf 2016-05-27 00:14 - 2016-05-27 00:14 - 00015875 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(2).pdf 2016-05-26 17:01 - 2016-05-26 17:01 - 00019583 _____ C:\Users\tacti_000\Documents\physicians~Internal Med.pdf 2016-05-26 16:56 - 2016-05-26 16:56 - 00019616 _____ C:\Users\tacti_000\Documents\physicians~psych.pdf 2016-05-26 16:55 - 2016-05-26 16:55 - 00020994 _____ C:\Users\tacti_000\Downloads\ProviderDirectory.pdf 2016-05-25 16:17 - 2016-05-25 16:17 - 00265688 _____ C:\Users\tacti_000\Documents\ep153-slow-blues-lead.pdf 2016-05-24 22:31 - 2016-05-24 22:31 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Deployment 2016-05-24 17:32 - 2016-05-24 17:32 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Logitech® Webcam Software 2016-05-24 17:25 - 2016-05-24 17:25 - 00000000 ____D C:\ProgramData\LogiShrd 2016-05-24 17:24 - 2016-05-24 17:25 - 00000000 ____D C:\Program Files (x86)\Logitech 2016-05-24 17:24 - 2016-05-24 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-05-24 17:23 - 2016-05-24 17:23 - 74520472 _____ (Logitech, Inc.) C:\Users\tacti_000\Downloads\lws280.exe 2016-05-21 13:34 - 2016-05-21 13:34 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Hewlett-Packard 2016-05-21 13:29 - 2016-05-24 22:21 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\hpqLog 2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\System.sav 2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2016-05-21 13:16 - 2016-05-28 13:22 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\HpUpdate 2016-05-21 13:16 - 2016-05-21 13:16 - 00003760 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 1510 series 2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\Visan 2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\HP Photo Creations 2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2016-05-21 13:15 - 2016-05-21 13:16 - 00000000 ____D C:\Program Files (x86)\HP 2016-05-21 13:15 - 2016-05-21 13:15 - 00000057 _____ C:\ProgramData\Ament.ini 2016-05-21 13:15 - 2016-05-21 13:15 - 00000000 ____D C:\Program Files\HP 2016-05-21 13:14 - 2016-05-21 13:16 - 00000000 ____D C:\Users\tacti_000\AppData\Local\HP 2016-05-21 13:13 - 2016-05-29 14:41 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Hewlett-Packard 2016-05-21 13:13 - 2016-05-21 13:14 - 00000000 ____D C:\Users\tacti_000\Downloads\HP Downloads 2016-05-21 13:11 - 2016-05-24 22:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2016-05-21 13:11 - 2016-05-21 13:29 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-05-21 13:10 - 2016-05-21 13:10 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\tacti_000\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe 2016-05-18 19:20 - 2016-05-18 19:20 - 00229467 _____ C:\Users\tacti_000\Downloads\statechamp_16.pdf 2016-05-17 11:08 - 2016-05-17 11:08 - 00919146 _____ C:\Users\tacti_000\Documents\matthew.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-14 22:31 - 2015-12-26 23:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-06-14 22:22 - 2015-11-23 18:22 - 00000298 _____ C:\WINDOWS\Tasks\UpdateTask.job 2016-06-14 22:19 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-14 22:18 - 2015-11-21 04:22 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-06-14 22:16 - 2015-11-21 04:22 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-06-14 21:53 - 2015-11-23 18:22 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-14 18:53 - 2015-11-23 18:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-14 15:10 - 2015-11-30 23:28 - 00000000 ____D C:\Users\tacti_000\Documents\ChessBase 2016-06-14 12:45 - 2016-04-18 17:57 - 00000000 ____D C:\ProgramData\NVIDIA 2016-06-14 12:45 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF 2016-06-14 12:16 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-14 12:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-13 22:55 - 2013-11-28 09:04 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-06-13 22:52 - 2016-04-18 18:12 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-13 22:47 - 2016-02-13 08:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-13 16:06 - 2015-12-23 23:28 - 00000000 ____D C:\Users\tacti_000\AppData\Local\ElevatedDiagnostics 2016-06-13 15:30 - 2015-11-21 19:45 - 04068352 _____ C:\Users\tacti_000\Documents\master20151120.FBK 2016-06-13 15:30 - 2015-11-21 19:44 - 04068352 _____ C:\Users\tacti_000\Documents\master20151120.FTW 2016-06-12 15:59 - 2016-04-18 18:00 - 00000000 ____D C:\Users\tacti_000 2016-06-11 00:42 - 2015-11-23 18:22 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Google 2016-06-11 00:42 - 2015-11-23 18:22 - 00000000 ____D C:\Program Files (x86)\Google 2016-06-10 22:50 - 2015-12-21 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-10 22:50 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-06-05 13:09 - 2016-01-29 20:07 - 00103976 _____ C:\Users\tacti_000\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-04 20:10 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-06-03 22:11 - 2015-11-22 14:51 - 00000000 ____D C:\Users\tacti_000\Documents\My Chess Database 2016-06-03 06:26 - 2016-01-08 18:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-30 11:50 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-05-26 14:09 - 2016-04-02 13:57 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-24 22:34 - 2015-12-13 03:36 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Family Tree Analyzer 2016-05-24 22:21 - 2015-12-22 00:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-05-24 21:55 - 2016-04-02 13:58 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Skype 2016-05-24 17:25 - 2016-04-18 17:58 - 00000000 ____D C:\Program Files\Common Files\logishrd 2016-05-22 00:34 - 2016-02-13 08:11 - 00379248 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-05-21 13:29 - 2013-11-28 08:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-05-21 13:15 - 2015-11-26 15:03 - 00000000 ____D C:\ProgramData\HP ==================== Files in the root of some directories ======= 2015-11-23 19:22 - 2015-11-23 19:22 - 0000046 _____ () C:\Users\tacti_000\AppData\Roaming\WB.CFG 2016-05-21 13:15 - 2016-05-21 13:15 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-04-18 17:57 - 2016-04-18 17:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-11-28 09:04 - 2013-11-28 09:04 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-11-28 09:01 - 2013-11-28 09:02 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-11-28 09:02 - 2013-11-28 09:03 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-11-28 09:01 - 2013-11-28 09:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-11-28 09:03 - 2013-11-28 09:04 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-13 13:45 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016 Ran by tacti_000 (2016-06-14 22:38:42) Running from C:\Users\tacti_000\Downloads Windows 10 Home Version 1511 (X64) (2016-04-19 01:27:31) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4084636481-732014058-1395683245-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4084636481-732014058-1395683245-503 - Limited - Disabled) Guest (S-1-5-21-4084636481-732014058-1395683245-501 - Limited - Disabled) tacti_000 (S-1-5-21-4084636481-732014058-1395683245-1001 - Administrator - Enabled) => C:\Users\tacti_000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) BlitzIn 3.11 (HKLM-x32\...\BlitzIn 3.11) (Version: - Internet Chess Club) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Chromium (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.) Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell) Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - ) Fritz 15 64-bit (HKLM\...\{0D98285E-7B98-4637-8114-155705273EDA}) (Version: 15.1.0.0 - ChessBase) FT Analyzer (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\9fcd84de4bf45cd5) (Version: 5.1.0.5 - FT Analyzer) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP) HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com) HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com) ICC for Windows 1.0 beta 9.6.25 (HKLM-x32\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.) Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) MP3 Skype recorder (HKLM-x32\...\{200C029F-CB1B-402B-ACDC-E345DAAC3EB8}) (Version: 4.20.1.0 - Domit LTD) NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation) NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinTD 4.20 (HKLM-x32\...\{8E7F4B9D-3F93-4E8E-AE26-E4E2A50ABA50}) (Version: 4.2.0 - Estima) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07DEEDD2-16C9-490B-A73F-2B2190810079} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {0BB9C7CF-D1F2-4DB3-B265-A5DB2B748412} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\Windows\System32\GWX\GWX.exe Task: {0BC9544D-D7BD-4DA3-AE80-09B00D63955E} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.) Task: {0CC53981-5F86-4CF7-95F5-0579F35669EF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {0CF28E95-27CE-4114-AD23-40B032129D50} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.) Task: {0CF9D93D-008D-4065-A3D0-3EB4F0C67A1A} - System32\Tasks\HPCeeScheduleFortacti_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard) Task: {0FF7BE12-0A74-4485-8A65-E9687F0DA700} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.) Task: {1EF54EDD-F1FE-4E90-913B-03D0E251E250} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {2F896C0F-E7F7-41C5-84C0-176BEFE21143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {30EA5090-D1C4-465B-8AEA-FAD8014D2E6A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.) Task: {42E14AF4-0A78-494D-AA15-26364055CF24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.) Task: {4930CB12-1A35-42E2-8758-2DF182375CD0} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {4A1C8436-5E1B-41D7-9F17-E8CAF8428E11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {5DB6B591-6A05-4462-A74F-D27ACFEFE89C} - System32\Tasks\UpdateTask => C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE Task: {69366F22-A166-447F-873D-7F13E35F2718} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {6DD9CC7B-5183-49F8-B845-C894DD8A62BE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.) Task: {6EA1074E-1992-4271-856B-ECCFB880591E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {6EC92539-9787-4411-A15E-22199D436EEF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.) Task: {709FDB0E-12A7-48E9-813B-49F921BBD585} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.) Task: {78C42508-9988-4602-BBE2-756E3559A46C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink) Task: {7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {82D4BAB0-7437-4713-BACF-2BD10FDD8F74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {8A588C64-8C1D-4D04-88A3-99B892422494} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard) Task: {9AF879BA-F78C-4833-A58E-62CBE2093290} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {A906E757-8A9A-4192-B70C-1730A9887867} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {A9ADFEAE-1406-4CB9-915F-921D565C2DE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.) Task: {B09229B5-E378-41D5-8CA2-611A43F839E5} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {B1AC362E-9075-40E0-8705-5CDD8459745A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {BA6EA267-2DBD-42D5-B987-923814D8794E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {BCD69540-5540-4335-A9B0-B9F3672996DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {C64A147E-CF55-4508-9E04-0FE58F89E3D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {CA517EED-B06D-4ABA-8D27-56A564AD2C82} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-14] (Microsoft Corporation) Task: {CC50CD51-AC45-4D2E-9E12-F7E4AA31686C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.) Task: {D722159C-5E2B-49E7-91D0-1647A9D792EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {E8EA0242-3200-4E66-9192-5DB36C452B83} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {F0F4AF61-11F5-485D-A5D5-39F3D194DB97} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {F2A3C167-995E-4580-B160-7C9A3A741C48} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {F58E2DE7-2081-448F-8FA6-13F8F81A1045} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFortacti_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2013-11-28 09:03 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2016-04-18 20:50 - 2016-04-18 20:50 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-18 20:50 - 2016-04-18 20:50 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-10 13:52 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2016-04-18 21:11 - 2016-04-18 21:12 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2016-04-18 21:11 - 2016-04-18 21:12 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-06-03 10:44 - 2016-06-03 10:46 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-06-03 10:44 - 2016-06-03 10:46 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-03 10:44 - 2016-06-03 10:46 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-04-18 21:05 - 2016-04-18 21:06 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-05-10 13:53 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-10 13:53 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-10 13:53 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-10 13:53 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2013-11-28 09:02 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-08-07 17:27 - 2013-08-07 17:27 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2013-11-28 08:54 - 2013-07-16 20:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2016-01-05 12:17 - 2015-12-18 18:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2013-11-28 09:06 - 2012-11-26 02:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2016-01-05 12:17 - 2014-02-18 15:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg DNS Servers: 64.233.219.99 - 64.233.206.99 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "MP3 Skype recorder" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [uDP Query User{F4B291F4-0F58-49D2-891B-624EC6422ED5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{1D48813A-4609-48E0-A6DF-A4F9903FCF8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{9A3F8FC8-B370-45F6-A374-9434457842AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{ABE0AC04-A450-4FE5-8185-9D4D0AF27B4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AF24421F-D254-4FA8-8D9C-AE8CCA80E175}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{A28FF453-E1F0-4638-86D4-AA250CAE430D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{F3E662DB-681E-46AC-A9A9-714FB6D71E44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{02B32D95-B51A-4EBC-9F9F-455457C4CB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D9F73E07-3D33-444B-861A-850ED26B370A}] => (Allow) LPort=2869 FirewallRules: [{51B1F39A-324B-49EC-8F7F-8F30DE725F1A}] => (Allow) LPort=1900 FirewallRules: [{31C755F3-231A-4743-80EE-F4DC4CE1D270}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{C916CF1A-447B-44B4-900B-EF32BF6ADA29}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{3293FA12-0732-482A-9933-02CB9FD78633}] => (Allow) C:\Users\tacti_000\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{6619302C-429A-4D5D-8488-F1DD6B502CAF}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe FirewallRules: [{6A555807-C02A-4E9A-9294-972FEE83A905}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{E7338802-F40B-477A-9C0D-7A2B328DA29F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 24-05-2016 16:20:59 Scheduled Checkpoint 02-06-2016 14:00:06 Scheduled Checkpoint 08-06-2016 00:34:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 14-06-2016 22:16:20 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/14/2016 10:16:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 1100) (User: ) Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object. at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj) Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 401) (User: ) Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe] Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 1101) (User: ) Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe] Error: (06/14/2016 01:09:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a Exception code: 0xe06d7363 Fault offset: 0x000bdae8 Faulting process id: 0x1a70 Faulting application start time: 0xIEXPLORE.EXE0 Fault Link to comment Share on other sites More sharing options...
Juliet Posted June 15, 2016 Share Posted June 15, 2016 Please go to one of the below sites to scan the following files: Virus Total (Recommended) jotti.org VirScan click on Browse, and upload the following file for analysis: C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see. If it says already scanned -- click "reanalyze now" Please post the results in your next reply. ~~~~~~~~~~~~~~~~~~ Running from C:\Users\tacti_000\Downloads It's best we move Farbar's to desktop. Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT Go to an open spot on your desktop, right click and select PASTE You should now have Farbar Recovery Scan Tool on your desktop. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = Task: {07DEEDD2-16C9-490B-A73F-2B2190810079} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {2F896C0F-E7F7-41C5-84C0-176BEFE21143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {4A1C8436-5E1B-41D7-9F17-E8CAF8428E11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {69366F22-A166-447F-873D-7F13E35F2718} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {6EA1074E-1992-4271-856B-ECCFB880591E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {82D4BAB0-7437-4713-BACF-2BD10FDD8F74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9AF879BA-F78C-4833-A58E-62CBE2093290} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {BA6EA267-2DBD-42D5-B987-923814D8794E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {BCD69540-5540-4335-A9B0-B9F3672996DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {C64A147E-CF55-4508-9E04-0FE58F89E3D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F58E2DE7-2081-448F-8FA6-13F8F81A1045} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION EmptyTemp: Hosts: End Open FRST/FRST64 and press the > Fix < button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`` AdwCleaner Please download AdwCleaner and save the file to your Desktop. Right-click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Logfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate. Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab. Click Clean. Follow the prompts and allow your computer to reboot. After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply. -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt. ====================================================== Please download Junkware Removal Tool or from here http://downloads.malwarebytes.org/file/jrt to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ****** please post file scanned for analysis Fixlog.txt AdwCleaner[C1].txt JRT.txt Link to comment Share on other sites More sharing options...
tacticaltal Posted June 15, 2016 Author Share Posted June 15, 2016 (edited) I can't seem to find the "UNINST~1.EXE" part of C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE. I find a UNINST.DAT file, would that be it, though it isn't an exe file? CORRECTION: I'm running Windows 10. Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016 Ran by tacti_000 (2016-06-15 13:11:19) Run:1 Running from C:\Users\tacti_000\Desktop Loaded Profiles: tacti_000 (Available Profiles: tacti_000) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = Task: {07DEEDD2-16C9-490B-A73F-2B2190810079} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {2F896C0F-E7F7-41C5-84C0-176BEFE21143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {4A1C8436-5E1B-41D7-9F17-E8CAF8428E11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {69366F22-A166-447F-873D-7F13E35F2718} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {6EA1074E-1992-4271-856B-ECCFB880591E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {82D4BAB0-7437-4713-BACF-2BD10FDD8F74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9AF879BA-F78C-4833-A58E-62CBE2093290} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {BA6EA267-2DBD-42D5-B987-923814D8794E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {BCD69540-5540-4335-A9B0-B9F3672996DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {C64A147E-CF55-4508-9E04-0FE58F89E3D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F58E2DE7-2081-448F-8FA6-13F8F81A1045} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION EmptyTemp: Hosts: End ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. "HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07DEEDD2-16C9-490B-A73F-2B2190810079}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DEEDD2-16C9-490B-A73F-2B2190810079}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F896C0F-E7F7-41C5-84C0-176BEFE21143}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F896C0F-E7F7-41C5-84C0-176BEFE21143}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A1C8436-5E1B-41D7-9F17-E8CAF8428E11}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1C8436-5E1B-41D7-9F17-E8CAF8428E11}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69366F22-A166-447F-873D-7F13E35F2718}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69366F22-A166-447F-873D-7F13E35F2718}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EA1074E-1992-4271-856B-ECCFB880591E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EA1074E-1992-4271-856B-ECCFB880591E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82D4BAB0-7437-4713-BACF-2BD10FDD8F74}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82D4BAB0-7437-4713-BACF-2BD10FDD8F74}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AF879BA-F78C-4833-A58E-62CBE2093290}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AF879BA-F78C-4833-A58E-62CBE2093290}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA6EA267-2DBD-42D5-B987-923814D8794E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA6EA267-2DBD-42D5-B987-923814D8794E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCD69540-5540-4335-A9B0-B9F3672996DA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD69540-5540-4335-A9B0-B9F3672996DA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C64A147E-CF55-4508-9E04-0FE58F89E3D0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C64A147E-CF55-4508-9E04-0FE58F89E3D0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F58E2DE7-2081-448F-8FA6-13F8F81A1045}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F58E2DE7-2081-448F-8FA6-13F8F81A1045}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 968.2 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 13:11:51 ==== # AdwCleaner v5.200 - Logfile created 15/06/2016 at 13:19:29 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-15.1 [server] # Operating system : Windows 10 Home (X64) # Username : tacti_000 - OFFICE # Running from : C:\Users\tacti_000\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : updateTask ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKCU\Software\darwendlm [-] Key Deleted : HKCU\Software\distromatic [-] Key Deleted : HKCU\Software\yahooprovidedsearch ***** [ Web browsers ] ***** [-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.lastActivePing", "1462763279639"); [-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false); [-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "onlinemapfinder@mindspark.com"); [-] [C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com [-] [C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com [-] [C:\Users\tacti_000\AppData\Local\Chromium\User Data\Default\Web Data] [search Provider] Deleted : search provided by yahoo [-] [C:\Users\tacti_000\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_15_48_ssg01¶m1=1¶m2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0FyCyBtCtAtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByC0C0Bzy0DyB0EtGtBtByD0BtGyEzz0BtBtGyDtA0D0BtG0E0C0DzztA0CtAyB0CyCtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtB0DtAtA0D0D0EtGyByD0C0FtGyEzz0BtCtGzy0DyCyCtGtC0EtCzy0CyEtB0ByE0F0Czz2QtN0A0LzuyE%26cr%3D1586293862%26a%3Dwncy_dwndlm_15_48_ssg01%26os%3DWindows%2B8&uref=chmm ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2721 bytes] - [15/06/2016 13:19:29] C:\AdwCleaner\AdwCleaner[s1].txt - [2952 bytes] - [15/06/2016 13:16:29] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2867 bytes] ########## Edited June 15, 2016 by tacticaltal Link to comment Share on other sites More sharing options...
Juliet Posted June 15, 2016 Share Posted June 15, 2016 C:\Users\TACTI_~1\AppData\Local\{D3C7E~1 See if you can locate it in this folder. Open Malwarebytes Anti-Malware On the Dashboard click on Update Now Go to the Setting Tab Under Setting go to Detection and Protection Under PUP and PUM make sure both are set to show Treat Detections as Malware Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked Then on the Dashboard click on Scan Make sure to select THREAT SCAN Then click on Scan Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes. Upon completion of the scan (or after the reboot), click the History tab. Click Application Logs, followed by the first Scan Log. Click Export, followed by Copy to Clipboard. Paste the log in your next reply. After running the above scan, please tell me how the computer is now. Link to comment Share on other sites More sharing options...
tacticaltal Posted June 16, 2016 Author Share Posted June 16, 2016 I wasn't able to find that folder. Here's the log from MalwareBytes: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/15/2016Scan Time: 10:01 PMLogfile:Administrator: YesVersion: 2.2.1.1043Malware Database: v2016.06.15.06Rootkit Database: v2016.05.27.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 10CPU: x64File System: NTFSUser: tacti_000Scan Type: Threat ScanResult: CompletedObjects Scanned: 304991Time Elapsed: 5 min, 57 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 2PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],Files: 21PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\HowToRemove.html, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\chromium-min.jpg, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\control panel-min-min.JPG, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\down.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\ff menu.JPG, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\ff search engine-min.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\hp-min ff.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\hp-min ie.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\search engine.gif, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\setup pages.gif, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\sp-min.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\start-min.jpg, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\up.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\config.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\data, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\info.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\install.log, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\Sqlite3.dll, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\STTL.DAT, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\TTL.DAT, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\uninst.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],Physical Sectors: 0(No malicious items detected)(end) Link to comment Share on other sites More sharing options...
Juliet Posted June 16, 2016 Share Posted June 16, 2016 How is the computer now? What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough. The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find. This scanner can take quite a bit of time to run, depending of course how full your computer is. ESET Online Scan Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. Please download ESET Online Scan and save the file to your Desktop. Temporarily disable your anti-virus software. For instructions, please refer to the following link. Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start. Agree to the Terms of Use once more and click Start. Allow components to download. Place a checkmark next to Enable detection of potentially unwanted applications. Click Advanced settings. Place a checkmark next to:Scan archives Scan for potentially unsafe applications Enable Anti-Stealth technology Ensure Remove found threats is unchecked. Click Start. Wait for the scan to finish. Please be patient as this can take some time. Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something such as "MyEsetScan". Push the Back button. Place a checkmark next to and click . Re-enable your anti-virus software. Copy the contents of the log and paste in your next reply. Link to comment Share on other sites More sharing options...
tacticaltal Posted June 17, 2016 Author Share Posted June 17, 2016 I haven't had enough time to run eset yet, and the computer is doing a bit better, but I'm still having issues with a "low on memory" error. I don't know if this is malware or if it's a valid error. It's very annoying to have to reboot all the time. Link to comment Share on other sites More sharing options...
Juliet Posted June 17, 2016 Share Posted June 17, 2016 You know, it could be hardware or software. When you see this happen, right click on the tool bar and bring up task manager. (Ok, having a moment here your windows 10) then go to either Details or Performance?, and see if you can detect which process is hogging all the resources or CPU? Link to comment Share on other sites More sharing options...
Juliet Posted July 23, 2016 Share Posted July 23, 2016 Glad we could help. Since this issue appears resolved ... this Topic is closed. Link to comment Share on other sites More sharing options...
Recommended Posts