Jump to content
Sign in to follow this  
tacticaltal

SESSION_HAS_VALID_VIEWS_ON_EXIT

Recommended Posts

Hello all, While surfing the web, I'll get a blue (or black, can't really tell) screen, and the computer will restart, and the following message comes along: SESSION_HAS_VALID_VIEWS_ON_EXIT

I'm getting constant script errors, messages to check certificates, etc. And sometimes the computer just auto restarts on its own without any messages. This is all new to this computer.

 

Please help as I'm not being able to use this machine very well anymore.

 

I'm running Windows 8.1

IE 11

 

Thanks

Share this post


Link to post
Share on other sites

Have you tried Sfc /scannow

 

Below are a couple of links I read over with other people having this issue....

throughout it describes looking into Device Manager with hints to display drivers and items related.

 

http://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/session-has-valid-views-on-exit-help/653e0f0d-9f47-4c11-9bd3-08a821852001

http://www.tenforums.com/bsod-crashes-debugging/51677-session_has_valid_views_on_exit-before-login-screen.html

Share this post


Link to post
Share on other sites

I ran the sfc, and followed the directions in the 1st link above. I'm not having the original issue now, but this could be a virus or something. I've been getting a lot of low on memory errors. I have changed my user group to allow me to login without using a password on restart, but every time the computer restarts after a low on memory error, I have to use the password.

 

Can we see if we have any malware or viruses on here?

 

Thanks.

Share this post


Link to post
Share on other sites

Sure, we can do that.

 

I'll post instructions on what to do then I'll move this topic to the appropriate forum.

 

 

************************

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

     

Share this post


Link to post
Share on other sites

I'll have to request it moved, I don't have privileges in User to User.

Edited by Juliet

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016

Ran by tacti_000 (administrator) on OFFICE (14-06-2016 22:38:00)

Running from C:\Users\tacti_000\Downloads

Loaded Profiles: tacti_000 (Available Profiles: tacti_000)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe

(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe

() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe



==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-11-10] (NVIDIA Corporation)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [MP3 Skype recorder] => C:\Users\tacti_000\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [2224280 2016-03-16] (Domit UK LTD)

ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)

ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)

ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)

ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)

Startup: C:\Users\tacti_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-05-30]

ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

Startup: C:\Users\tacti_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2016-06-13]

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 64.233.219.99 64.233.206.99

Tcpip\..\Interfaces\{7ffd6809-9ae7-459f-9381-1c35b70d7daf}: [DhcpNameServer] 64.233.219.99 64.233.206.99


Internet Explorer:

==================

HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/

SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

Toolbar: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/nirvana/controls/pcmatic.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)


FireFox:

========

FF ProfilePath: C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default

FF DefaultSearchEngine.US: Google

FF Homepage: yahoo.com

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()

FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

FF Extension: Flash and Video Download - C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-05-26]

FF Extension: Flashblock - C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-06-10]

FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found


Chrome:

=======

CHR HomePage: Default -> hxxp://yahoo.com/

CHR Profile: C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-11]

CHR Extension: (Google Docs) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-11]

CHR Extension: (Google Drive) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-11]

CHR Extension: (YouTube) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-11]

CHR Extension: (Google Sheets) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-11]

CHR Extension: (Google Docs Offline) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11]

CHR Extension: (Yahoo Homepage) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj [2016-06-11]

CHR Extension: (My Browser Page) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2016-06-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-11]

CHR Extension: (Gmail) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-11]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)

R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)

R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)

R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)

R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)

S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)

S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-06-14 22:38 - 2016-06-14 22:38 - 00018165 _____ C:\Users\tacti_000\Downloads\FRST.txt

2016-06-14 22:37 - 2016-06-14 22:38 - 00000000 ____D C:\FRST

2016-06-14 22:35 - 2016-06-14 22:37 - 02385920 _____ (Farbar) C:\Users\tacti_000\Downloads\FRST64.exe

2016-06-14 22:35 - 2016-06-14 22:35 - 01736192 _____ (Farbar) C:\Users\tacti_000\Downloads\FRST.exe

2016-06-13 23:46 - 2016-06-13 23:46 - 00000220 _____ C:\Users\tacti_000\Desktop\User to User Help - PC Pitstop Forums.url

2016-06-13 23:02 - 2016-06-13 23:02 - 00000239 _____ C:\Users\tacti_000\Desktop\SESSION_HAS_VALID_VIEWS_ON_EXIT - User to User Help - PC Pitstop Forums.url

2016-06-13 22:47 - 2016-06-13 22:47 - 542849877 _____ C:\WINDOWS\MEMORY.DMP

2016-06-13 22:47 - 2016-06-13 22:47 - 00179628 _____ C:\WINDOWS\Minidump\061316-21328-01.dmp

2016-06-13 22:47 - 2016-06-13 22:47 - 00000000 ____D C:\WINDOWS\Minidump

2016-06-11 23:56 - 2016-06-11 23:56 - 00000194 _____ C:\Users\tacti_000\Desktop\Guitar Lessons Upgrade.url

2016-06-11 00:42 - 2016-06-11 00:42 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-06-11 00:42 - 2016-06-11 00:42 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-06-10 22:51 - 2016-06-14 20:44 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1EF34483-6948-47F1-B858-96755E0D2AC4}

2016-06-09 18:24 - 2016-06-10 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-06-02 19:38 - 2016-06-02 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit Tools

2016-06-02 19:38 - 2016-06-02 19:38 - 00000000 ____D C:\Program Files (x86)\HTML-Kit

2016-06-02 19:37 - 2016-06-02 19:37 - 00001382 _____ C:\Users\Public\Desktop\HTML-Kit.lnk

2016-06-02 19:37 - 2016-06-02 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit

2016-06-02 19:37 - 2016-06-02 19:37 - 00000000 ____D C:\Program Files (x86)\Chami

2016-06-02 19:36 - 2016-06-02 19:37 - 02463779 _____ (HTMLKit.com ) C:\Users\tacti_000\Downloads\HKSetup.exe

2016-06-01 16:17 - 2016-06-01 16:17 - 00002113 _____ C:\Users\tacti_000\Desktop\shutdown.lnk

2016-05-30 19:50 - 2016-05-30 19:50 - 00000209 _____ C:\Users\tacti_000\Desktop\How to cook Cube Steak and Brown Gravy with Onions ! = Cooking - YouTube.url

2016-05-30 19:29 - 2016-05-30 19:29 - 00000222 _____ C:\Users\tacti_000\Desktop\pieguy3 - YouTube.url

2016-05-30 19:29 - 2016-05-30 19:29 - 00000192 _____ C:\Users\tacti_000\Desktop\HOW TO MAKE CUBE STEAKS (E-Z MEAL!!) - YouTube.url

2016-05-29 14:41 - 2016-06-12 15:59 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleFortacti_000.job

2016-05-29 14:41 - 2016-06-12 14:56 - 00003270 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFortacti_000

2016-05-27 00:17 - 2016-05-27 00:17 - 00024736 _____ C:\Users\tacti_000\Documents\physicians~genpract.pdf

2016-05-27 00:15 - 2016-05-27 00:15 - 00015908 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(3).pdf

2016-05-27 00:14 - 2016-05-27 00:14 - 00020994 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(1).pdf

2016-05-27 00:14 - 2016-05-27 00:14 - 00015875 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(2).pdf

2016-05-26 17:01 - 2016-05-26 17:01 - 00019583 _____ C:\Users\tacti_000\Documents\physicians~Internal Med.pdf

2016-05-26 16:56 - 2016-05-26 16:56 - 00019616 _____ C:\Users\tacti_000\Documents\physicians~psych.pdf

2016-05-26 16:55 - 2016-05-26 16:55 - 00020994 _____ C:\Users\tacti_000\Downloads\ProviderDirectory.pdf

2016-05-25 16:17 - 2016-05-25 16:17 - 00265688 _____ C:\Users\tacti_000\Documents\ep153-slow-blues-lead.pdf

2016-05-24 22:31 - 2016-05-24 22:31 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Deployment

2016-05-24 17:32 - 2016-05-24 17:32 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Logitech® Webcam Software

2016-05-24 17:25 - 2016-05-24 17:25 - 00000000 ____D C:\ProgramData\LogiShrd

2016-05-24 17:24 - 2016-05-24 17:25 - 00000000 ____D C:\Program Files (x86)\Logitech

2016-05-24 17:24 - 2016-05-24 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2016-05-24 17:23 - 2016-05-24 17:23 - 74520472 _____ (Logitech, Inc.) C:\Users\tacti_000\Downloads\lws280.exe

2016-05-21 13:34 - 2016-05-21 13:34 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Hewlett-Packard

2016-05-21 13:29 - 2016-05-24 22:21 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\hpqLog

2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\System.sav

2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2016-05-21 13:16 - 2016-05-28 13:22 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\HpUpdate

2016-05-21 13:16 - 2016-05-21 13:16 - 00003760 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 1510 series

2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\Visan

2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\HP Photo Creations

2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations

2016-05-21 13:15 - 2016-05-21 13:16 - 00000000 ____D C:\Program Files (x86)\HP

2016-05-21 13:15 - 2016-05-21 13:15 - 00000057 _____ C:\ProgramData\Ament.ini

2016-05-21 13:15 - 2016-05-21 13:15 - 00000000 ____D C:\Program Files\HP

2016-05-21 13:14 - 2016-05-21 13:16 - 00000000 ____D C:\Users\tacti_000\AppData\Local\HP

2016-05-21 13:13 - 2016-05-29 14:41 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Hewlett-Packard

2016-05-21 13:13 - 2016-05-21 13:14 - 00000000 ____D C:\Users\tacti_000\Downloads\HP Downloads

2016-05-21 13:11 - 2016-05-24 22:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard

2016-05-21 13:11 - 2016-05-21 13:29 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

2016-05-21 13:10 - 2016-05-21 13:10 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\tacti_000\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe

2016-05-18 19:20 - 2016-05-18 19:20 - 00229467 _____ C:\Users\tacti_000\Downloads\statechamp_16.pdf

2016-05-17 11:08 - 2016-05-17 11:08 - 00919146 _____ C:\Users\tacti_000\Documents\matthew.pdf


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-06-14 22:31 - 2015-12-26 23:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-06-14 22:22 - 2015-11-23 18:22 - 00000298 _____ C:\WINDOWS\Tasks\UpdateTask.job

2016-06-14 22:19 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-06-14 22:18 - 2015-11-21 04:22 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-06-14 22:16 - 2015-11-21 04:22 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-06-14 21:53 - 2015-11-23 18:22 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-06-14 18:53 - 2015-11-23 18:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-06-14 15:10 - 2015-11-30 23:28 - 00000000 ____D C:\Users\tacti_000\Documents\ChessBase

2016-06-14 12:45 - 2016-04-18 17:57 - 00000000 ____D C:\ProgramData\NVIDIA

2016-06-14 12:45 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF

2016-06-14 12:16 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-06-14 12:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-06-13 22:55 - 2013-11-28 09:04 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery

2016-06-13 22:52 - 2016-04-18 18:12 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-06-13 22:47 - 2016-02-13 08:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-06-13 16:06 - 2015-12-23 23:28 - 00000000 ____D C:\Users\tacti_000\AppData\Local\ElevatedDiagnostics

2016-06-13 15:30 - 2015-11-21 19:45 - 04068352 _____ C:\Users\tacti_000\Documents\master20151120.FBK

2016-06-13 15:30 - 2015-11-21 19:44 - 04068352 _____ C:\Users\tacti_000\Documents\master20151120.FTW

2016-06-12 15:59 - 2016-04-18 18:00 - 00000000 ____D C:\Users\tacti_000

2016-06-11 00:42 - 2015-11-23 18:22 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Google

2016-06-11 00:42 - 2015-11-23 18:22 - 00000000 ____D C:\Program Files (x86)\Google

2016-06-10 22:50 - 2015-12-21 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-06-10 22:50 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2016-06-05 13:09 - 2016-01-29 20:07 - 00103976 _____ C:\Users\tacti_000\AppData\Local\GDIPFONTCACHEV1.DAT

2016-06-04 20:10 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-06-03 22:11 - 2015-11-22 14:51 - 00000000 ____D C:\Users\tacti_000\Documents\My Chess Database

2016-06-03 06:26 - 2016-01-08 18:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-05-30 11:50 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2016-05-26 14:09 - 2016-04-02 13:57 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-05-24 22:34 - 2015-12-13 03:36 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Family Tree Analyzer

2016-05-24 22:21 - 2015-12-22 00:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-05-24 21:55 - 2016-04-02 13:58 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Skype

2016-05-24 17:25 - 2016-04-18 17:58 - 00000000 ____D C:\Program Files\Common Files\logishrd

2016-05-22 00:34 - 2016-02-13 08:11 - 00379248 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-05-21 13:29 - 2013-11-28 08:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-05-21 13:15 - 2015-11-26 15:03 - 00000000 ____D C:\ProgramData\HP


==================== Files in the root of some directories =======


2015-11-23 19:22 - 2015-11-23 19:22 - 0000046 _____ () C:\Users\tacti_000\AppData\Roaming\WB.CFG

2016-05-21 13:15 - 2016-05-21 13:15 - 0000057 _____ () C:\ProgramData\Ament.ini

2016-04-18 17:57 - 2016-04-18 17:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2013-11-28 09:04 - 2013-11-28 09:04 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log

2013-11-28 09:01 - 2013-11-28 09:02 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log

2013-11-28 09:02 - 2013-11-28 09:03 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log

2013-11-28 09:01 - 2013-11-28 09:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

2013-11-28 09:03 - 2013-11-28 09:04 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



LastRegBack: 2016-06-13 13:45


==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016

Ran by tacti_000 (2016-06-14 22:38:42)

Running from C:\Users\tacti_000\Downloads

Windows 10 Home Version 1511 (X64) (2016-04-19 01:27:31)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-4084636481-732014058-1395683245-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-4084636481-732014058-1395683245-503 - Limited - Disabled)

Guest (S-1-5-21-4084636481-732014058-1395683245-501 - Limited - Disabled)

tacti_000 (S-1-5-21-4084636481-732014058-1395683245-1001 - Administrator - Enabled) => C:\Users\tacti_000


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)

BlitzIn 3.11 (HKLM-x32\...\BlitzIn 3.11) (Version: - Internet Chess Club)

CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden

Chromium (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)

CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)

Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden

Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)

Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)

Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)

Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.)

Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - )

Fritz 15 64-bit (HKLM\...\{0D98285E-7B98-4637-8114-155705273EDA}) (Version: 15.1.0.0 - ChessBase)

FT Analyzer (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\9fcd84de4bf45cd5) (Version: 5.1.0.5 - FT Analyzer)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden

HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)

HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)

HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)

ICC for Windows 1.0 beta 9.6.25 (HKLM-x32\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.)

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)

MP3 Skype recorder (HKLM-x32\...\{200C029F-CB1B-402B-ACDC-E345DAAC3EB8}) (Version: 4.20.1.0 - Domit LTD)

NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)

NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)

Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

WinTD 4.20 (HKLM-x32\...\{8E7F4B9D-3F93-4E8E-AE26-E4E2A50ABA50}) (Version: 4.2.0 - Estima)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {07DEEDD2-16C9-490B-A73F-2B2190810079} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {0BB9C7CF-D1F2-4DB3-B265-A5DB2B748412} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\Windows\System32\GWX\GWX.exe

Task: {0BC9544D-D7BD-4DA3-AE80-09B00D63955E} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

Task: {0CC53981-5F86-4CF7-95F5-0579F35669EF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {0CF28E95-27CE-4114-AD23-40B032129D50} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)

Task: {0CF9D93D-008D-4065-A3D0-3EB4F0C67A1A} - System32\Tasks\HPCeeScheduleFortacti_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)

Task: {0FF7BE12-0A74-4485-8A65-E9687F0DA700} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)

Task: {1EF54EDD-F1FE-4E90-913B-03D0E251E250} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {2F896C0F-E7F7-41C5-84C0-176BEFE21143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {30EA5090-D1C4-465B-8AEA-FAD8014D2E6A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)

Task: {42E14AF4-0A78-494D-AA15-26364055CF24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)

Task: {4930CB12-1A35-42E2-8758-2DF182375CD0} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)

Task: {4A1C8436-5E1B-41D7-9F17-E8CAF8428E11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {5DB6B591-6A05-4462-A74F-D27ACFEFE89C} - System32\Tasks\UpdateTask => C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE

Task: {69366F22-A166-447F-873D-7F13E35F2718} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

Task: {6DD9CC7B-5183-49F8-B845-C894DD8A62BE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)

Task: {6EA1074E-1992-4271-856B-ECCFB880591E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {6EC92539-9787-4411-A15E-22199D436EEF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)

Task: {709FDB0E-12A7-48E9-813B-49F921BBD585} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)

Task: {78C42508-9988-4602-BBE2-756E3559A46C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)

Task: {7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {82D4BAB0-7437-4713-BACF-2BD10FDD8F74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {8A588C64-8C1D-4D04-88A3-99B892422494} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)

Task: {9AF879BA-F78C-4833-A58E-62CBE2093290} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {A906E757-8A9A-4192-B70C-1730A9887867} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {A9ADFEAE-1406-4CB9-915F-921D565C2DE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)

Task: {B09229B5-E378-41D5-8CA2-611A43F839E5} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

Task: {B1AC362E-9075-40E0-8705-5CDD8459745A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

Task: {BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {BA6EA267-2DBD-42D5-B987-923814D8794E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {BCD69540-5540-4335-A9B0-B9F3672996DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {C64A147E-CF55-4508-9E04-0FE58F89E3D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {CA517EED-B06D-4ABA-8D27-56A564AD2C82} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-14] (Microsoft Corporation)

Task: {CC50CD51-AC45-4D2E-9E12-F7E4AA31686C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)

Task: {D722159C-5E2B-49E7-91D0-1647A9D792EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

Task: {E8EA0242-3200-4E66-9192-5DB36C452B83} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)

Task: {F0F4AF61-11F5-485D-A5D5-39F3D194DB97} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)

Task: {F2A3C167-995E-4580-B160-7C9A3A741C48} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)

Task: {F58E2DE7-2081-448F-8FA6-13F8F81A1045} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleFortacti_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2013-11-28 09:03 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2016-04-18 20:50 - 2016-04-18 20:50 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-04-18 20:50 - 2016-04-18 20:50 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-05-10 13:52 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

2016-04-18 21:11 - 2016-04-18 21:12 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe

2016-04-18 21:11 - 2016-04-18 21:12 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll

2016-06-03 10:44 - 2016-06-03 10:46 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2016-06-03 10:44 - 2016-06-03 10:46 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2016-06-03 10:44 - 2016-06-03 10:46 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll

2016-04-18 21:05 - 2016-04-18 21:06 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll

2016-05-10 13:53 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-05-10 13:53 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-05-10 13:53 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-05-10 13:53 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

2013-11-28 09:02 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2013-08-07 17:27 - 2013-08-07 17:27 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

2013-11-28 08:54 - 2013-07-16 20:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2016-01-05 12:17 - 2015-12-18 18:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll

2013-11-28 09:06 - 2012-11-26 02:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll

2016-01-05 12:17 - 2014-02-18 15:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)



==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)



==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg

DNS Servers: 64.233.219.99 - 64.233.206.99

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


HKLM\...\StartupApproved\Run: => "IAStorIcon"

HKLM\...\StartupApproved\Run32: => "GrooveMonitor"

HKLM\...\StartupApproved\Run32: => "RemoteControl10"

HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"

HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "MP3 Skype recorder"

HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "OneDrive"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [uDP Query User{F4B291F4-0F58-49D2-891B-624EC6422ED5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{1D48813A-4609-48E0-A6DF-A4F9903FCF8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{9A3F8FC8-B370-45F6-A374-9434457842AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{ABE0AC04-A450-4FE5-8185-9D4D0AF27B4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{AF24421F-D254-4FA8-8D9C-AE8CCA80E175}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{A28FF453-E1F0-4638-86D4-AA250CAE430D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [{F3E662DB-681E-46AC-A9A9-714FB6D71E44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{02B32D95-B51A-4EBC-9F9F-455457C4CB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{D9F73E07-3D33-444B-861A-850ED26B370A}] => (Allow) LPort=2869

FirewallRules: [{51B1F39A-324B-49EC-8F7F-8F30DE725F1A}] => (Allow) LPort=1900

FirewallRules: [{31C755F3-231A-4743-80EE-F4DC4CE1D270}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{C916CF1A-447B-44B4-900B-EF32BF6ADA29}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{3293FA12-0732-482A-9933-02CB9FD78633}] => (Allow) C:\Users\tacti_000\AppData\Local\Chromium\Application\chrome.exe

FirewallRules: [{6619302C-429A-4D5D-8488-F1DD6B502CAF}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe

FirewallRules: [{6A555807-C02A-4E9A-9294-972FEE83A905}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{E7338802-F40B-477A-9C0D-7A2B328DA29F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Restore Points =========================


24-05-2016 16:20:59 Scheduled Checkpoint

02-06-2016 14:00:06 Scheduled Checkpoint

08-06-2016 00:34:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918

14-06-2016 22:16:20 Windows Update


==================== Faulty Device Manager Devices =============



==================== Event log errors: =========================


Application errors:

==================

Error: (06/14/2016 10:16:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.


System Error:

Access is denied.

.


Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 1100) (User: )

Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object.

at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)

at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)


Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 401) (User: )

Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]


Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 1101) (User: )

Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]


Error: (06/14/2016 01:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa

Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a

Exception code: 0xe06d7363

Fault offset: 0x000bdae8

Faulting process id: 0x1a70

Faulting application start time: 0xIEXPLORE.EXE0

Fault

Share this post


Link to post
Share on other sites

Please go to one of the below sites to scan the following files:

Virus Total (Recommended)

jotti.org

VirScan

click on Browse, and upload the following file for analysis:

 

C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE

 

 

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

 

 

 

~~~~~~~~~~~~~~~~~~

 

Running from C:\Users\tacti_000\Downloads

 

It's best we move Farbar's to desktop.

 

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

 

start

CreateRestorePoint:

CloseProcesses:

HKLM-x32\...\Run: [] => [X]

SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =

Task: {07DEEDD2-16C9-490B-A73F-2B2190810079} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {2F896C0F-E7F7-41C5-84C0-176BEFE21143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {4A1C8436-5E1B-41D7-9F17-E8CAF8428E11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {69366F22-A166-447F-873D-7F13E35F2718} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

Task: {6EA1074E-1992-4271-856B-ECCFB880591E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {82D4BAB0-7437-4713-BACF-2BD10FDD8F74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {9AF879BA-F78C-4833-A58E-62CBE2093290} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {BA6EA267-2DBD-42D5-B987-923814D8794E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {BCD69540-5540-4335-A9B0-B9F3672996DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {C64A147E-CF55-4508-9E04-0FE58F89E3D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {F58E2DE7-2081-448F-8FA6-13F8F81A1045} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

 

BY4dvz9.pngAdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click A49sxPr.pngScan.
  • Upon completion, click 6cyn5v5.pngLogfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
  • Click MqHawIb.pngClean.
  • Follow the prompts and allow your computer to reboot.
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

 

 

 

 

======================================================

 

 

 

Please download Junkware Removal Tool

or from here http://downloads.malwarebytes.org/file/jrt

to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
******

please post

file scanned for analysis

Fixlog.txt

AdwCleaner[C1].txt

JRT.txt

Share this post


Link to post
Share on other sites

I can't seem to find the "UNINST~1.EXE" part of C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE. I find a UNINST.DAT file, would that be it, though it isn't an exe file?

 

CORRECTION: I'm running Windows 10.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016

Ran by tacti_000 (2016-06-15 13:11:19) Run:1
Running from C:\Users\tacti_000\Desktop
Loaded Profiles: tacti_000 (Available Profiles: tacti_000)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
Task: {07DEEDD2-16C9-490B-A73F-2B2190810079} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2F896C0F-E7F7-41C5-84C0-176BEFE21143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4A1C8436-5E1B-41D7-9F17-E8CAF8428E11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {69366F22-A166-447F-873D-7F13E35F2718} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6EA1074E-1992-4271-856B-ECCFB880591E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {82D4BAB0-7437-4713-BACF-2BD10FDD8F74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9AF879BA-F78C-4833-A58E-62CBE2093290} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BA6EA267-2DBD-42D5-B987-923814D8794E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BCD69540-5540-4335-A9B0-B9F3672996DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C64A147E-CF55-4508-9E04-0FE58F89E3D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F58E2DE7-2081-448F-8FA6-13F8F81A1045} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07DEEDD2-16C9-490B-A73F-2B2190810079}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DEEDD2-16C9-490B-A73F-2B2190810079}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F896C0F-E7F7-41C5-84C0-176BEFE21143}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F896C0F-E7F7-41C5-84C0-176BEFE21143}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A1C8436-5E1B-41D7-9F17-E8CAF8428E11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1C8436-5E1B-41D7-9F17-E8CAF8428E11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69366F22-A166-447F-873D-7F13E35F2718}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69366F22-A166-447F-873D-7F13E35F2718}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EA1074E-1992-4271-856B-ECCFB880591E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EA1074E-1992-4271-856B-ECCFB880591E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82D4BAB0-7437-4713-BACF-2BD10FDD8F74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82D4BAB0-7437-4713-BACF-2BD10FDD8F74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AF879BA-F78C-4833-A58E-62CBE2093290}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AF879BA-F78C-4833-A58E-62CBE2093290}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA6EA267-2DBD-42D5-B987-923814D8794E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA6EA267-2DBD-42D5-B987-923814D8794E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCD69540-5540-4335-A9B0-B9F3672996DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD69540-5540-4335-A9B0-B9F3672996DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C64A147E-CF55-4508-9E04-0FE58F89E3D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C64A147E-CF55-4508-9E04-0FE58F89E3D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F58E2DE7-2081-448F-8FA6-13F8F81A1045}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F58E2DE7-2081-448F-8FA6-13F8F81A1045}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 968.2 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 13:11:51 ====
# AdwCleaner v5.200 - Logfile created 15/06/2016 at 13:19:29
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-15.1 [server]
# Operating system : Windows 10 Home (X64)
# Username : tacti_000 - OFFICE
# Running from : C:\Users\tacti_000\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : updateTask
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKCU\Software\darwendlm
[-] Key Deleted : HKCU\Software\distromatic
[-] Key Deleted : HKCU\Software\yahooprovidedsearch
***** [ Web browsers ] *****
[-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.lastActivePing", "1462763279639");
[-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[-] [C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\tacti_000\AppData\Local\Chromium\User Data\Default\Web Data] [search Provider] Deleted : search provided by yahoo
[-] [C:\Users\tacti_000\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_15_48_ssg01&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0FyCyBtCtAtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByC0C0Bzy0DyB0EtGtBtByD0BtGyEzz0BtBtGyDtA0D0BtG0E0C0DzztA0CtAyB0CyCtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtB0DtAtA0D0D0EtGyByD0C0FtGyEzz0BtCtGzy0DyCyCtGtC0EtCzy0CyEtB0ByE0F0Czz2QtN0A0LzuyE%26cr%3D1586293862%26a%3Dwncy_dwndlm_15_48_ssg01%26os%3DWindows%2B8&uref=chmm
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2721 bytes] - [15/06/2016 13:19:29]
C:\AdwCleaner\AdwCleaner[s1].txt - [2952 bytes] - [15/06/2016 13:16:29]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2867 bytes] ##########
Edited by tacticaltal

Share this post


Link to post
Share on other sites

C:\Users\TACTI_~1\AppData\Local\{D3C7E~1

See if you can locate it in this folder.

 

 

 

 

 

Open Malwarebytes Anti-Malware

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs, followed by the first Scan Log.
  • Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

     

After running the above scan, please tell me how the computer is now.

Share this post


Link to post
Share on other sites

I wasn't able to find that folder. Here's the log from MalwareBytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/15/2016
Scan Time: 10:01 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.15.06
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: tacti_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304991
Time Elapsed: 5 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],

Files: 21
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\HowToRemove.html, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\chromium-min.jpg, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\control panel-min-min.JPG, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\down.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\ff menu.JPG, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\ff search engine-min.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\hp-min ff.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\hp-min ie.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\search engine.gif, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\setup pages.gif, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\sp-min.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\start-min.jpg, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\up.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\config.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\data, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\info.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\install.log, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\Sqlite3.dll, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\STTL.DAT, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\TTL.DAT, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],
PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\uninst.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25],

Physical Sectors: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

How is the computer now?

 

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

 

GzlsbnV.pngESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

     

Share this post


Link to post
Share on other sites

I haven't had enough time to run eset yet, and the computer is doing a bit better, but I'm still having issues with a "low on memory" error. I don't know if this is malware or if it's a valid error. It's very annoying to have to reboot all the time.

Share this post


Link to post
Share on other sites

You know, it could be hardware or software.

 

When you see this happen, right click on the tool bar and bring up task manager.

(Ok, having a moment here your windows 10) then go to either Details or Performance?, and see if you can detect which process is hogging all the resources or CPU?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...