1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Help I maybe hacked or worse

Discussion in 'Virus & Other Malware Removal' started by georgest, Jun 30, 2016.

Thread Status:
Not open for further replies.
Advertisement
  1. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    My wife was on pintrest this morning and an alarm went off and a pop up came up saying our IP server was hacked and something about drivers, to call a phone # for Microsoft support. she called gave over control to the computer to the women on the phone. My wife was informed we had 2000 threats that we should take it to a Microsoft store where they will send it out for 400 $ or she can fix it on line for 2oo$. How bad of trouble am I in ? Thanks John
     
  2. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 4056 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1), 1804 Mb
    Hard Drives: C: Total - 461899 MB, Free - 408009 MB;
    Motherboard: Dell Inc., 0F642T
    Antivirus: Windows Defender, Disabled
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hello georgest and welcome to TSG,

    Do not pay any monies to what is probably a scam, see if you can run the following and post the produced logs...

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

    • Double-click to run it. When the tool opens click Yes to disclaimer.
      (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
    • Make sure Addition.txt is checkmarked under "Optional scans"
    • Press Scan button to run the tool....
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

    Thank you,

    Kevin...
     
  4. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
    Ran by The Keller's (administrator) on PC (30-06-2016 12:03:20)
    Running from C:\Users\The Keller's\Downloads
    Loaded Profiles: The Keller's (Available Profiles: The Keller's & DefaultAppPool)
    Platform: Windows 10 Home (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46361.0_x64__8wekyb3d8bbwe\HxMail.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46361.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
    HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
    HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
    HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    HKLM\...\RunOnce: [630_9586412520739] => C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat [378 2016-06-30] ()
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-16] (SUPERAntiSpyware)
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [Facebook Update] => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-15] (Facebook Inc.)
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Policies\Explorer: [HideSCAHealth] 1
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-12-07]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-12-07]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-12-07]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\The Keller's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-12-25]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
    Tcpip\..\Interfaces\{37b7a07a-3710-4d09-8b93-5d3acfec840f}: [DhcpNameServer] 192.168.0.1 205.171.2.226
    Tcpip\..\Interfaces\{906504f6-26c5-4794-a1a3-8d0ef7f4c59a}: [DhcpNameServer] 192.168.3.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
    SearchScopes: HKLM -> {AB1B001D-497F-4DBC-A159-855614095A90} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {481FB46C-95D7-455D-AE45-120F29CD2F34} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> DefaultScope {481FB46C-95D7-455D-AE45-120F29CD2F34} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> {481FB46C-95D7-455D-AE45-120F29CD2F34} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> {AB1B001D-497F-4DBC-A159-855614095A90} URL =
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-07] (Sun Microsystems, Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: No Name -> {99E00A4C-D35E-11DD-BA95-9B6A56D89593} -> No File
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-21] (Sun Microsystems, Inc.)
    Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3080448588-2968890734-2023774224-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\The Keller's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF Plugin ProgramFiles/Appdata: C:\Users\The Keller's\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-05-24] (Cisco WebEx LLC)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => No File
    CHR Plugin: (Skype Toolbars) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\The Keller's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
    CHR Profile: C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
    CHR Extension: (Google Search) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
    CHR Extension: (Skype) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-18]
    CHR Extension: (Gmail) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
    CHR HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-07] (SUPERAntiSpyware.com)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
    R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BCM43XX; C:\Windows\System32\drivers\bcmwl63al.sys [5170176 2015-06-17] (Broadcom Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [295216 2015-06-17] (Marvell)
    U3 idsvc; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-30 12:03 - 2016-06-30 12:04 - 00019760 _____ C:\Users\The Keller's\Downloads\FRST.txt
    2016-06-30 12:03 - 2016-06-30 12:03 - 00000000 ____D C:\FRST
    2016-06-30 12:00 - 2016-06-30 12:02 - 02390016 _____ (Farbar) C:\Users\The Keller's\Downloads\FRST64.exe
    2016-06-30 11:58 - 2016-06-30 11:58 - 00016148 _____ C:\WINDOWS\system32\PC_The Keller's_HistoryPrediction.bin
    2016-06-30 10:36 - 2016-06-30 10:36 - 00509440 _____ (Tech Support Guy System) C:\Users\The Keller's\Downloads\SysInfo.exe
    2016-06-30 09:39 - 2016-06-30 09:39 - 00000000 ____D C:\WINDOWS\UpdateAssistant
    2016-06-30 09:21 - 2016-06-30 09:21 - 00000453 _____ C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat
    2016-06-30 09:21 - 2016-06-30 09:21 - 00000378 _____ C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
    2016-06-30 08:44 - 2016-06-30 08:44 - 00000248 _____ C:\rescue.info
    2016-06-30 08:44 - 2016-06-30 08:44 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - 92ebfe62-108b-4267-b9e8-1dd090c14cd7
    2016-06-30 08:43 - 2016-06-30 08:43 - 00002351 _____ C:\Users\The Keller's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Consumer Support.lnk
    2016-06-30 08:43 - 2016-06-30 08:43 - 00000000 ____D C:\Users\The Keller's\AppData\Local\LogMeIn Rescue Applet
    2016-06-26 13:12 - 2016-06-26 13:13 - 00277928 _____ C:\WINDOWS\Minidump\062616-42890-01.dmp
    2016-06-24 15:29 - 2016-06-24 15:30 - 00000000 ___HD C:\$WINDOWS.~BT
    2016-06-15 11:26 - 2016-06-15 11:26 - 00277928 _____ C:\WINDOWS\Minidump\061516-38000-01.dmp

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-30 12:01 - 2011-07-09 22:44 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-30 11:22 - 2014-02-15 15:17 - 00000956 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000UA.job
    2016-06-30 10:06 - 2015-07-30 18:42 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-06-30 10:06 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-06-30 09:23 - 2010-03-15 19:45 - 00000000 ____D C:\Users\The Keller's\Tracing
    2016-06-30 09:22 - 2011-07-09 22:44 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-30 09:21 - 2015-10-26 05:59 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-06-30 09:21 - 2015-10-26 05:59 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-06-30 09:21 - 2009-12-25 08:24 - 00000000 ____D C:\Users\The Keller's\AppData\Local\SoftThinks
    2016-06-30 09:21 - 2009-12-07 05:35 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-06-30 09:20 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-06-30 09:20 - 2011-12-19 01:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-06-30 09:20 - 2011-12-19 01:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-06-30 08:33 - 2016-03-16 19:33 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E9CAAAA-E67E-4B90-ABD8-DC6B73CB0197}
    2016-06-29 14:22 - 2014-02-15 15:17 - 00000934 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000Core.job
    2016-06-26 15:04 - 2011-12-19 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-06-26 15:02 - 2015-07-30 18:25 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-06-26 13:54 - 2015-10-26 06:11 - 00000000 ____D C:\Users\DefaultAppPool
    2016-06-26 13:44 - 2012-06-23 19:09 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-26 13:44 - 2012-06-23 19:09 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-06-26 13:14 - 2015-10-26 05:51 - 00000000 ____D C:\Users\The Keller's
    2016-06-26 13:12 - 2016-03-15 16:43 - 00000000 ____D C:\WINDOWS\Minidump
    2016-06-26 13:12 - 2010-07-12 21:49 - 571237377 _____ C:\WINDOWS\MEMORY.DMP
    2016-06-24 17:40 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\rescache
    2016-06-24 15:41 - 2013-08-17 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-06-24 15:35 - 2011-07-30 03:00 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-06-24 15:33 - 2015-10-26 09:42 - 00000000 ___DC C:\WINDOWS\Panther
    2016-06-15 16:40 - 2015-11-01 18:36 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-06-15 11:13 - 2012-04-15 15:52 - 00001419 _____ C:\Users\The Keller's\Desktop\Internet Explorer.lnk
    2016-06-14 13:32 - 2015-07-30 18:43 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-06-14 13:32 - 2015-07-30 18:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2010-01-21 22:49 - 2012-07-31 01:45 - 0017920 _____ () C:\Users\The Keller's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\linl.exe
    2016-06-30 09:21 - 2016-06-30 09:21 - 0000453 _____ () C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat
    2016-06-30 09:21 - 2016-06-30 09:21 - 0000378 _____ () C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
    2011-07-28 01:05 - 2011-07-28 12:40 - 0012382 ___SH () C:\Users\The Keller's\AppData\Local\t656p5fd0qyo14a4u3x3f8l6nplu
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\vbnt.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\wksp.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\wofb.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\emmn.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\euds.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\gkbq.exe
    2011-07-28 01:05 - 2011-07-28 12:40 - 0012382 ___SH () C:\ProgramData\t656p5fd0qyo14a4u3x3f8l6nplu
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\xqjm.exe

    Files to move or delete:
    ====================
    C:\ProgramData\emmn.exe
    C:\ProgramData\euds.exe
    C:\ProgramData\gkbq.exe
    C:\ProgramData\xqjm.exe


    Some zero byte size files/folders:
    ==========================
    C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-06-28 12:21

    ==================== End of FRST.txt ============================
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Where is the secondary log "Addition.txt" I need to see that log... Logs are saved to this folder: C:\FRST\Logs
     
  6. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    Is This What your looking for?

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
    Ran by The Keller's (2016-06-30 12:04:55)
    Running from C:\Users\The Keller's\Downloads
    Windows 10 Home (X64) (2015-10-26 20:39:36)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3080448588-2968890734-2023774224-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3080448588-2968890734-2023774224-503 - Limited - Disabled)
    Guest (S-1-5-21-3080448588-2968890734-2023774224-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3080448588-2968890734-2023774224-1002 - Limited - Enabled)
    The Keller's (S-1-5-21-3080448588-2968890734-2023774224-1000 - Administrator - Enabled) => C:\Users\The Keller's

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
    AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
    Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
    EA Download Manager (HKLM-x32\...\EADM) (Version: 7.1.4.31 - Electronic Arts, Inc.)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.1.1002 - SUPERAntiSpyware.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    UpdateAssistant (x32 Version: 1.1.0.0 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A10B86A-E0E8-463B-93FB-77EECC2C38DB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000Core => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-15] (Facebook Inc.)
    Task: {0B74971E-D338-4029-93A2-A03DEFBB01A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {0FBB1A3D-143B-4DC1-8999-50367B86946A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {15E9ED27-DB78-4BEB-9740-A6208706E5B2} - System32\Tasks\{69022E64-F08A-49A5-92B1-CC607B72B719} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-12-17] (Skype Technologies S.A.)
    Task: {19AA3EDB-92DD-47B3-98BA-249DF921E1EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {1BC8D5C2-1741-4148-BA46-C6CDC5B311B8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-24] (Microsoft Corporation)
    Task: {1E607EAA-2CE3-474B-A43D-C48B52B34A48} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {286F54D4-5FF4-4617-878C-6750002CEEAF} - System32\Tasks\3026ed00 => C:\Users\THEKEL~1\AppData\Local\Temp\\setup190688832.exe <==== ATTENTION
    Task: {2A32D939-5A38-4F46-B331-413F40203887} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {316B9756-AAB3-4EB2-857D-9ED22F0CFC56} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {3438268F-C2E5-460D-AB51-FFFA5C3F093C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {38F0862A-1691-428A-8B1D-2138A9AE11AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {3A4438EF-3CA9-4092-B7BF-FE87B457BC1F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {3B67DA7C-EC59-4666-A4C6-8FA813179B8B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {3B912918-B8BB-4AD1-ADC4-944A0182CCEC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {4904004A-28F3-4220-9ECA-02B6DC6B938F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {51FE6E45-92F4-4F82-8F80-B6E62A031A20} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {5202D0B8-6B4B-43FD-86DB-B62BFC4BD415} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {5574FDEA-73EB-4FDB-99BD-A64CAE2C48C6} - System32\Tasks\{5A80DD58-4A12-4350-AB79-E3C51E4CF11D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/go/help.faq.installer?LastError=1601
    Task: {55D90D41-28BE-460C-A35F-DBD16CA11EB8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {58D0AA0D-3610-4D07-87BA-F7C016E9A2DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {5C72AA78-A36E-48F4-BF2D-55F26B6AF10D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {6A59B8D0-15CA-416D-91B3-016C52FE0FE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {71C35807-D374-4306-8D4F-80FF1A302E31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {721964BD-2C06-4D03-816B-6E77450F241C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {7A015314-4900-4015-B99B-6F1200011C3A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {82C8FE89-7AF8-4F4F-90C7-EFCDF7951A36} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {865BDC54-69DB-4989-9CC6-573868BDA9F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {8826BCDB-4FA0-44A0-B765-AA9FCE2BE29A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {883DD0C3-2FBF-4A10-9207-72F98E06A75B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000UA => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-15] (Facebook Inc.)
    Task: {92805B76-A58F-42C7-B131-7B5388333E86} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {99D9D16F-F85D-4954-8348-39999FB1477A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {A2A9C3D2-2884-45EB-BCE1-5A7089F42D4E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B198C427-2D45-490D-B715-FE29AEEF5669} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {B2351F56-FA5F-471E-9230-F77533142BDB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\Windows\UpdateAssistant\UpdateAssistant.exe [2016-06-21] (Microsoft Corporation)
    Task: {B643AB6D-FB0F-4DAC-9137-2E63F60D66C0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {B744371C-81DB-4F80-8295-45C94EA5AD11} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {BEEF7539-7758-41B0-B7BE-6D44F19D85C7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {C1DB9A0B-0000-46E6-A9CD-471DA9CF942E} - System32\Tasks\{3787C7B0-68D1-4A0A-98FD-B562EE09F8CA} => pcalua.exe -a D:\SetupAssistant.exe -d D:\
    Task: {CCC210B1-EC65-4535-9301-FDADEED27698} - System32\Tasks\DDTS3SJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
    Task: {DE576C43-A280-4A0B-9059-5FA87E6F042B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {E1D26EC5-AF3E-41DD-85BD-19A4D1C8C3B6} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe
    Task: {E4FB54EA-5B75-45A9-B3F7-E3237D477484} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {E79D0E21-F3C6-4503-86AB-C4675435EF41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {EF8987D2-E1E2-460A-8C2A-E9DD64487A92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F3B10CC9-69DF-4C33-9C1E-6723EC65E128} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {FE73AA41-347D-44F6-9517-B0F21BFA483C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000Core.job => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000UA.job => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\The Keller's\Desktop\Live PC Help.lnk -> hxxp://www.thephonesupport.com/?src=dtop (No File)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2009-12-07 05:31 - 2009-07-16 21:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    2009-12-07 05:31 - 2009-07-16 21:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
    2016-04-19 08:51 - 2016-03-16 00:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2009-12-07 05:36 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2016-04-19 08:51 - 2016-03-16 00:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-05-26 04:38 - 2016-05-26 04:38 - 00959168 _____ () C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
    2015-11-01 17:06 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-07-09 23:13 - 2015-07-09 23:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
    2016-01-12 18:26 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-12 18:26 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-12 18:26 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-11-01 17:06 - 2015-09-17 01:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2009-06-18 23:46 - 2009-06-18 23:46 - 00494064 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2016-04-04 10:26 - 2016-04-04 10:26 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-04-04 10:26 - 2016-04-04 10:26 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2016-03-07 18:06 - 2016-03-07 18:10 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2015-09-10 01:08 - 2015-09-10 01:08 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
    2016-05-26 04:38 - 2016-05-26 04:38 - 00679624 _____ () C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
    DNS Servers: 192.168.0.1 - 205.171.2.226
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\StartupApproved\Run: => "Facebook Update"
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{B1B1363B-1CB2-4EB5-BC46-EF52F8F18A13}] => (Allow) C:\Users\The Keller's\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
    FirewallRules: [{9AE544C4-4A39-4507-B958-ED12197A8A05}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{86D0781A-4007-48DD-AED8-8A99E9C7FA30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6FDAD21E-473D-4D3A-A9C1-96CEA2FA7B2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D598881F-D197-40AD-B974-8AC82BB3079C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0E8A3EE9-6B59-44A6-8ACD-7AC6AA0774C9}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [{7B63D211-84F0-418D-BD53-D5E7A7C0AD37}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{CB7CBD19-8EC5-4FA3-8289-EDADCB0BFE15}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [TCP Query User{F3C99BD2-9A73-46EA-9237-5972E0E21FD2}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [{9AB1CFDD-8487-4195-A2DB-69CF94B3EDCF}] => (Allow) LPort=37677
    FirewallRules: [{1FC25DFC-7D45-4368-AE74-2CB300E2BEE5}] => (Allow) LPort=37676
    FirewallRules: [{F7F3FB7B-F96E-4385-AFCC-FFA19CF95E16}] => (Allow) LPort=37676
    FirewallRules: [{17259C8D-EC67-44AF-88F0-955382028227}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{E4E11EBB-4CA8-4BDF-8EFA-6638DF6E5B97}] => (Allow) LPort=37675
    FirewallRules: [{5A1E5EF2-E53A-4325-A032-93DBF3A8BB65}] => (Allow) LPort=37674
    FirewallRules: [{221B8FA0-BF10-43E0-AEFB-0B7AF6FFB788}] => (Allow) LPort=37674
    FirewallRules: [{2AF60DAC-FE4D-4A10-9174-F4ECD15AF8F2}] => (Allow) LPort=443
    FirewallRules: [{5CCE3FB1-FF81-4F27-8BC9-9B417A6A05E6}] => (Allow) LPort=443
    FirewallRules: [{E151BB46-C5BE-4EDB-99B0-C5FD710BCAE6}] => (Allow) LPort=37675
    FirewallRules: [{3988D703-6A3B-4232-9E2F-C2001C696D34}] => (Allow) LPort=37674
    FirewallRules: [{51475DBF-B7B1-48A7-8837-65C613414FB0}] => (Allow) LPort=37674
    FirewallRules: [{30FCCDF2-FA0D-46BE-9E56-EB35DA8B532F}] => (Allow) LPort=443
    FirewallRules: [{D63EF430-52C6-4CDD-B21C-30912B7038E0}] => (Allow) LPort=443
    FirewallRules: [{A8677778-7117-4CB6-B551-087629EE825E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
    FirewallRules: [{DE595209-3501-4465-9133-4EB7C7BB0976}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{372478AF-8AD9-4FB3-81EC-C41DA674460C}] => (Allow) svchost.exe
    FirewallRules: [{0A7A2739-5EF2-4545-8AE4-2C99FCCBDC30}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{98B3884D-AC11-47F3-8414-4F846CCE6692}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{958AA819-6C18-4889-B436-33AD2FFAE4FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    FirewallRules: [{44F96E36-11F2-4631-AA1B-C436D97CF138}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
    FirewallRules: [{2E4CF679-669F-4628-A687-5A67DE543C15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/30/2016 09:27:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (06/30/2016 09:23:29 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Exception code: 0xc000041d
    Fault offset: 0x000000000000cae5
    Faulting process id: 0x404
    Faulting application start time: 0xsttray64.exe0
    Faulting application path: sttray64.exe1
    Faulting module path: sttray64.exe2
    Report Id: sttray64.exe3
    Faulting package full name: sttray64.exe4
    Faulting package-relative application ID: sttray64.exe5

    Error: (06/30/2016 09:22:59 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Exception code: 0xc0000005
    Fault offset: 0x000000000000cae5
    Faulting process id: 0x404
    Faulting application start time: 0xsttray64.exe0
    Faulting application path: sttray64.exe1
    Faulting module path: sttray64.exe2
    Report Id: sttray64.exe3
    Faulting package full name: sttray64.exe4
    Faulting package-relative application ID: sttray64.exe5

    Error: (06/26/2016 01:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Exception code: 0xc000041d
    Fault offset: 0x000000000000cae5
    Faulting process id: 0xfa4
    Faulting application start time: 0xsttray64.exe0
    Faulting application path: sttray64.exe1
    Faulting module path: sttray64.exe2
    Report Id: sttray64.exe3
    Faulting package full name: sttray64.exe4
    Faulting package-relative application ID: sttray64.exe5

    Error: (06/26/2016 01:16:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Exception code: 0xc0000005
    Fault offset: 0x000000000000cae5
    Faulting process id: 0xfa4
    Faulting application start time: 0xsttray64.exe0
    Faulting application path: sttray64.exe1
    Faulting module path: sttray64.exe2
    Report Id: sttray64.exe3
    Faulting package full name: sttray64.exe4
    Faulting package-relative application ID: sttray64.exe5

    Error: (06/20/2016 10:02:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Exception code: 0xc000041d
    Fault offset: 0x000000000000cae5
    Faulting process id: 0x19c0
    Faulting application start time: 0xsttray64.exe0
    Faulting application path: sttray64.exe1
    Faulting module path: sttray64.exe2
    Report Id: sttray64.exe3
    Faulting package full name: sttray64.exe4
    Faulting package-relative application ID: sttray64.exe5

    Error: (06/20/2016 10:02:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
    Exception code: 0xc0000005
    Fault offset: 0x000000000000cae5
    Faulting process id: 0x19c0
    Faulting application start time: 0xsttray64.exe0
    Faulting application path: sttray64.exe1
    Faulting module path: sttray64.exe2
    Report Id: sttray64.exe3
    Faulting package full name: sttray64.exe4
    Faulting package-relative application ID: sttray64.exe5

    Error: (06/17/2016 04:35:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
    Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (06/17/2016 04:35:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (06/17/2016 04:35:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
    Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (06/30/2016 11:52:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 10 for x64-based Systems (KB3106246).

    Error: (06/30/2016 09:39:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    %%1 = Incorrect function.


    Error: (06/30/2016 09:30:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (06/30/2016 09:21:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (06/30/2016 09:20:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
    %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Error: (06/30/2016 09:20:26 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:12:11 AM on ‎6/‎30/‎2016 was unexpected.

    Error: (06/30/2016 09:10:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Group Policy Client service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (06/30/2016 08:50:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Group Policy Client service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (06/30/2016 08:45:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Group Policy Client service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (06/30/2016 08:35:19 AM) (Source: Service Control Manager) (EventID: 7046) (User: )
    Description: The following service has repeatedly stopped responding to service control requests: Windows Update

    Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.

    You may have to restart the computer in safe mode before you can disable the service.


    CodeIntegrity:
    ===================================
    Date: 2016-06-30 11:56:57.701
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.652
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.616
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.559
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.526
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.492
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.452
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.416
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.380
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-30 11:56:57.334
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
    Percentage of memory in use: 71%
    Total physical RAM: 4056.36 MB
    Available physical RAM: 1154.4 MB
    Total Virtual: 8152.36 MB
    Available Virtual: 5118.33 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:398.41 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 75349890)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

    ======
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Thanks for those logs, couple of things to do before we continue...

    1. System Restore is turned off, please turn that back on...
    2. There are two outdated versions of Java installed, please UNinstall them both asap... Java(TM) 6 Update 14 and Java(TM) 6 Update 26
    3. Ad-Aware Antivirus and AdAwareUpdater A second AV will clash, unless you intend that to be your default AV please UNinstall....

    Next,

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    Please open Malwarebytes Anti-Malware.

    • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
    • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
    • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the Scan is complete Apply Actions to any found entries.
    • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
    • After the restart once you are back at your desktop, open MBAM once more.

    To get the log from Malwarebytes do the following:

    • Click on the History tab > Application Logs.
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

    Next,

    Download AdwCleaner by Xplode onto your Desktop.

    • Double click on Adwcleaner.exe to run the tool.
    • Click on the Scan in the Actions box
    • Please wait fot the scan to finish..
    • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
    • Click on the Cleaning box.
    • Next click OK on the "Closing Programs" pop up box.
    • Click OK on the Information box & again OK to allow the necessary reboot
    • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

    Next,

    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
    • If no threats were found please confirm that result....

    Let me see those logs, also give an update on any remaining issues or concerns....

    Thank you,

    Kevin....
     

    Attached Files:

  8. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    ok, I right clicked start , system, system properties then under protection settings . there is recovery , I can highlight but can't change to on. I then tried configure another window and under restore settings, I can't turn on system protection on or undo disable system protection. like I'm locked out


    Thanks John
     
  9. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    I also slid the arrow over 15% under disc space usage


    thanks John
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Just leave system restore for now and continue with the other steps....
     
  11. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
    Ran by The Keller's (2016-07-01 12:00:09) Run:1
    Running from C:\Users\The Keller's\Downloads
    Loaded Profiles: The Keller's (Available Profiles: The Keller's & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\RunOnce: [630_9586412520739] => C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat [378 2016-06-30] ()
    C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
    U3 idsvc; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath
    C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat
    C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
    C:\rescue.info
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\linl.exe
    2016-06-30 09:21 - 2016-06-30 09:21 - 0000453 _____ () C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat
    2016-06-30 09:21 - 2016-06-30 09:21 - 0000378 _____ () C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
    2011-07-28 01:05 - 2011-07-28 12:40 - 0012382 ___SH () C:\Users\The Keller's\AppData\Local\t656p5fd0qyo14a4u3x3f8l6nplu
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\vbnt.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\wksp.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\wofb.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\emmn.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\euds.exe
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\gkbq.exe
    2011-07-28 01:05 - 2011-07-28 12:40 - 0012382 ___SH () C:\ProgramData\t656p5fd0qyo14a4u3x3f8l6nplu
    2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\xqjm.exe
    C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    Task: {1E607EAA-2CE3-474B-A43D-C48B52B34A48} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {286F54D4-5FF4-4617-878C-6750002CEEAF} - System32\Tasks\3026ed00 => C:\Users\THEKEL~1\AppData\Local\Temp\\setup190688832.exe <==== ATTENTION
    C:\Users\THEKEL~1\AppData\Local\Temp\\setup190688832.exe
    Task: {2A32D939-5A38-4F46-B331-413F40203887} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {3A4438EF-3CA9-4092-B7BF-FE87B457BC1F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {4904004A-28F3-4220-9ECA-02B6DC6B938F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5C72AA78-A36E-48F4-BF2D-55F26B6AF10D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {82C8FE89-7AF8-4F4F-90C7-EFCDF7951A36} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A2A9C3D2-2884-45EB-BCE1-5A7089F42D4E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {DE576C43-A280-4A0B-9059-5FA87E6F042B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {EF8987D2-E1E2-460A-8C2A-E9DD64487A92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {FE73AA41-347D-44F6-9517-B0F21BFA483C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    CMD: ipconfig /flushdns
    EmptyTemp:
    end



    *****************

    Error: (0) Failed to create a restore point.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\630_9586412520739 => value removed successfully
    C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat => moved successfully
    idsvc => service removed successfully
    wfpcapture => service removed successfully
    wpcsvc => service removed successfully
    C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat => moved successfully
    "C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat" => not found.
    C:\rescue.info => moved successfully
    C:\Users\The Keller's\AppData\Local\linl.exe => moved successfully
    "C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat" => not found.
    "C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat" => not found.
    C:\Users\The Keller's\AppData\Local\t656p5fd0qyo14a4u3x3f8l6nplu => moved successfully
    C:\Users\The Keller's\AppData\Local\vbnt.exe => moved successfully
    C:\Users\The Keller's\AppData\Local\wksp.exe => moved successfully
    C:\Users\The Keller's\AppData\Local\wofb.exe => moved successfully
    C:\ProgramData\emmn.exe => moved successfully
    C:\ProgramData\euds.exe => moved successfully
    C:\ProgramData\gkbq.exe => moved successfully
    C:\ProgramData\t656p5fd0qyo14a4u3x3f8l6nplu => moved successfully
    C:\ProgramData\xqjm.exe => moved successfully
    C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E607EAA-2CE3-474B-A43D-C48B52B34A48}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E607EAA-2CE3-474B-A43D-C48B52B34A48}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{286F54D4-5FF4-4617-878C-6750002CEEAF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{286F54D4-5FF4-4617-878C-6750002CEEAF}" => key removed successfully
    C:\WINDOWS\System32\Tasks\3026ed00 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3026ed00" => key removed successfully
    "C:\Users\THEKEL~1\AppData\Local\Temp\\setup190688832.exe" => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A32D939-5A38-4F46-B331-413F40203887}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A32D939-5A38-4F46-B331-413F40203887}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A4438EF-3CA9-4092-B7BF-FE87B457BC1F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4438EF-3CA9-4092-B7BF-FE87B457BC1F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4904004A-28F3-4220-9ECA-02B6DC6B938F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4904004A-28F3-4220-9ECA-02B6DC6B938F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C72AA78-A36E-48F4-BF2D-55F26B6AF10D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C72AA78-A36E-48F4-BF2D-55F26B6AF10D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82C8FE89-7AF8-4F4F-90C7-EFCDF7951A36}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82C8FE89-7AF8-4F4F-90C7-EFCDF7951A36}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2A9C3D2-2884-45EB-BCE1-5A7089F42D4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2A9C3D2-2884-45EB-BCE1-5A7089F42D4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE576C43-A280-4A0B-9059-5FA87E6F042B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE576C43-A280-4A0B-9059-5FA87E6F042B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF8987D2-E1E2-460A-8C2A-E9DD64487A92}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF8987D2-E1E2-460A-8C2A-E9DD64487A92}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE73AA41-347D-44F6-9517-B0F21BFA483C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE73AA41-347D-44F6-9517-B0F21BFA483C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\exefile" => key removed successfully
    "HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\.exe" => key removed successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 348341 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57048026 B
    Java, Flash, Steam htmlcache => 189958 B
    Windows/system/drivers => 48769836 B
    Edge => 290484861 B
    Chrome => 508951660 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 72376 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 128 B
    systemprofile32 => 128 B
    LocalService => 66016 B
    NetworkService => 0 B
    The Keller's => 209129787 B
    DefaultAppPool => 66228 B

    RecycleBin => 81866 B
    EmptyTemp: => 1 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:02:48 ====

    windows 10 upgraded when i ran fix

    thanks john
     
  12. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 6/15/2016 11:26 AM, SYSTEM, PC, Protection, ServiceCanRun, 13,
    Protection, 6/15/2016 11:26 AM, SYSTEM, PC, Protection, Malware Protection, Stopping,
    Protection, 6/15/2016 11:26 AM, SYSTEM, PC, Protection, Malware Protection, Stopped,

    (end)
     
  13. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    # AdwCleaner v5.201 - Logfile created 01/07/2016 at 15:11:04
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-06-30.2 [Server]
    # Operating system : Windows 10 Home (X64)
    # Username : The Keller's - PC
    # Running from : C:\Users\The Keller's\Downloads\adwcleaner_5.201.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\Ask
    [-] Folder Deleted : C:\ProgramData\EmailNotifier
    [#] Folder Deleted : C:\ProgramData\Application Data\Ask
    [#] Folder Deleted : C:\ProgramData\Application Data\EmailNotifier
    [-] Folder Deleted : C:\Program Files (x86)\Uniblue
    [-] Folder Deleted : C:\Users\The Keller's\AppData\Local\PackageAware
    [-] Folder Deleted : C:\Users\The Keller's\AppData\LocalLow\EmailNotifier
    [-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\K9AMW
    [-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\Uniblue

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\The Keller's\Desktop\Live PC Help.lnk
    [-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
    [-] Key Deleted : HKCU\Software\K9Tools
    [-] Key Deleted : HKLM\SOFTWARE\K9Tools
    [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

    ***** [ Web browsers ] *****

    [-] [C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [2478 bytes] - [01/07/2016 15:11:04]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2550 bytes] - [01/07/2016 15:01:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2624 bytes] ##########
     
  14. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    # AdwCleaner v5.201 - Logfile created 01/07/2016 at 15:11:04
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-06-30.2 [Server]
    # Operating system : Windows 10 Home (X64)
    # Username : The Keller's - PC
    # Running from : C:\Users\The Keller's\Downloads\adwcleaner_5.201.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\Ask
    [-] Folder Deleted : C:\ProgramData\EmailNotifier
    [#] Folder Deleted : C:\ProgramData\Application Data\Ask
    [#] Folder Deleted : C:\ProgramData\Application Data\EmailNotifier
    [-] Folder Deleted : C:\Program Files (x86)\Uniblue
    [-] Folder Deleted : C:\Users\The Keller's\AppData\Local\PackageAware
    [-] Folder Deleted : C:\Users\The Keller's\AppData\LocalLow\EmailNotifier
    [-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\K9AMW
    [-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\Uniblue

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\The Keller's\Desktop\Live PC Help.lnk
    [-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
    [-] Key Deleted : HKCU\Software\K9Tools
    [-] Key Deleted : HKLM\SOFTWARE\K9Tools
    [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

    ***** [ Web browsers ] *****

    [-] [C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [2478 bytes] - [01/07/2016 15:11:04]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2550 bytes] - [01/07/2016 15:01:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2624 bytes] ##########
     
  15. georgest

    georgest Thread Starter

    Joined:
    Feb 1, 2005
    Messages:
    37
    is there any way to see if that person did any thing while in our computer.
    Were there any threating viruses on my computer. What can I do to get system restore to work?
    on edge if I scroll the curser changes to scroll arrows but does not scroll . it does in crome.In edge I went to tools and enabled scroll and will not scroll


    Thanks John
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1173793

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice