Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Help I maybe hacked or worse

Solved 
6K views 34 replies 2 participants last post by  kevinf80 
#1 ·
My wife was on pintrest this morning and an alarm went off and a pop up came up saying our IP server was hacked and something about drivers, to call a phone # for Microsoft support. she called gave over control to the computer to the women on the phone. My wife was informed we had 2000 threats that we should take it to a Microsoft store where they will send it out for 400 $ or she can fix it on line for 2oo$. How bad of trouble am I in ? Thanks John
 
#2 ·
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4056 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1), 1804 Mb
Hard Drives: C: Total - 461899 MB, Free - 408009 MB;
Motherboard: Dell Inc., 0F642T
Antivirus: Windows Defender, Disabled
 
#3 ·
Hello georgest and welcome to TSG,

Do not pay any monies to what is probably a scam, see if you can run the following and post the produced logs...

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin...
 
#4 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by The Keller's (administrator) on PC (30-06-2016 12:03:20)
Running from C:\Users\The Keller's\Downloads
Loaded Profiles: The Keller's (Available Profiles: The Keller's & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46361.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46361.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\RunOnce: [630_9586412520739] => C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat [378 2016-06-30] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-16] (SUPERAntiSpyware)
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [Facebook Update] => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-15] (Facebook Inc.)
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\RunOnce: [Uninstall C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-12-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-12-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-12-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\The Keller's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2009-12-25]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{37b7a07a-3710-4d09-8b93-5d3acfec840f}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{906504f6-26c5-4794-a1a3-8d0ef7f4c59a}: [DhcpNameServer] 192.168.3.1

Internet Explorer:
==================
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {AB1B001D-497F-4DBC-A159-855614095A90} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {481FB46C-95D7-455D-AE45-120F29CD2F34} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> DefaultScope {481FB46C-95D7-455D-AE45-120F29CD2F34} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> {481FB46C-95D7-455D-AE45-120F29CD2F34} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> {AB1B001D-497F-4DBC-A159-855614095A90} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-07] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: No Name -> {99E00A4C-D35E-11DD-BA95-9B6A56D89593} -> No File
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-21] (Sun Microsystems, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-3080448588-2968890734-2023774224-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\The Keller's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\The Keller's\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-05-24] (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\The Keller's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Google Search) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Skype) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-18]
CHR Extension: (Gmail) - C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-07] (SUPERAntiSpyware.com)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\Windows\System32\drivers\bcmwl63al.sys [5170176 2015-06-17] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [295216 2015-06-17] (Marvell)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 12:03 - 2016-06-30 12:04 - 00019760 _____ C:\Users\The Keller's\Downloads\FRST.txt
2016-06-30 12:03 - 2016-06-30 12:03 - 00000000 ____D C:\FRST
2016-06-30 12:00 - 2016-06-30 12:02 - 02390016 _____ (Farbar) C:\Users\The Keller's\Downloads\FRST64.exe
2016-06-30 11:58 - 2016-06-30 11:58 - 00016148 _____ C:\WINDOWS\system32\PC_The Keller's_HistoryPrediction.bin
2016-06-30 10:36 - 2016-06-30 10:36 - 00509440 _____ (Tech Support Guy System) C:\Users\The Keller's\Downloads\SysInfo.exe
2016-06-30 09:39 - 2016-06-30 09:39 - 00000000 ____D C:\WINDOWS\UpdateAssistant
2016-06-30 09:21 - 2016-06-30 09:21 - 00000453 _____ C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat
2016-06-30 09:21 - 2016-06-30 09:21 - 00000378 _____ C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
2016-06-30 08:44 - 2016-06-30 08:44 - 00000248 _____ C:\rescue.info
2016-06-30 08:44 - 2016-06-30 08:44 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - 92ebfe62-108b-4267-b9e8-1dd090c14cd7
2016-06-30 08:43 - 2016-06-30 08:43 - 00002351 _____ C:\Users\The Keller's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Consumer Support.lnk
2016-06-30 08:43 - 2016-06-30 08:43 - 00000000 ____D C:\Users\The Keller's\AppData\Local\LogMeIn Rescue Applet
2016-06-26 13:12 - 2016-06-26 13:13 - 00277928 _____ C:\WINDOWS\Minidump\062616-42890-01.dmp
2016-06-24 15:29 - 2016-06-24 15:30 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-15 11:26 - 2016-06-15 11:26 - 00277928 _____ C:\WINDOWS\Minidump\061516-38000-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 12:01 - 2011-07-09 22:44 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-30 11:22 - 2014-02-15 15:17 - 00000956 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000UA.job
2016-06-30 10:06 - 2015-07-30 18:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-30 10:06 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-30 09:23 - 2010-03-15 19:45 - 00000000 ____D C:\Users\The Keller's\Tracing
2016-06-30 09:22 - 2011-07-09 22:44 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-30 09:21 - 2015-10-26 05:59 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-06-30 09:21 - 2015-10-26 05:59 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-06-30 09:21 - 2009-12-25 08:24 - 00000000 ____D C:\Users\The Keller's\AppData\Local\SoftThinks
2016-06-30 09:21 - 2009-12-07 05:35 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-06-30 09:20 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-30 09:20 - 2011-12-19 01:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-30 09:20 - 2011-12-19 01:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-30 08:33 - 2016-03-16 19:33 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E9CAAAA-E67E-4B90-ABD8-DC6B73CB0197}
2016-06-29 14:22 - 2014-02-15 15:17 - 00000934 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000Core.job
2016-06-26 15:04 - 2011-12-19 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-26 15:02 - 2015-07-30 18:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-26 13:54 - 2015-10-26 06:11 - 00000000 ____D C:\Users\DefaultAppPool
2016-06-26 13:44 - 2012-06-23 19:09 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-26 13:44 - 2012-06-23 19:09 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-26 13:14 - 2015-10-26 05:51 - 00000000 ____D C:\Users\The Keller's
2016-06-26 13:12 - 2016-03-15 16:43 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-26 13:12 - 2010-07-12 21:49 - 571237377 _____ C:\WINDOWS\MEMORY.DMP
2016-06-24 17:40 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\rescache
2016-06-24 15:41 - 2013-08-17 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-24 15:35 - 2011-07-30 03:00 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-24 15:33 - 2015-10-26 09:42 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-15 16:40 - 2015-11-01 18:36 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-15 11:13 - 2012-04-15 15:52 - 00001419 _____ C:\Users\The Keller's\Desktop\Internet Explorer.lnk
2016-06-14 13:32 - 2015-07-30 18:43 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 13:32 - 2015-07-30 18:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-01-21 22:49 - 2012-07-31 01:45 - 0017920 _____ () C:\Users\The Keller's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\linl.exe
2016-06-30 09:21 - 2016-06-30 09:21 - 0000453 _____ () C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat
2016-06-30 09:21 - 2016-06-30 09:21 - 0000378 _____ () C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
2011-07-28 01:05 - 2011-07-28 12:40 - 0012382 ___SH () C:\Users\The Keller's\AppData\Local\t656p5fd0qyo14a4u3x3f8l6nplu
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\vbnt.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\wksp.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\wofb.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\emmn.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\euds.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\gkbq.exe
2011-07-28 01:05 - 2011-07-28 12:40 - 0012382 ___SH () C:\ProgramData\t656p5fd0qyo14a4u3x3f8l6nplu
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\xqjm.exe

Files to move or delete:
====================
C:\ProgramData\emmn.exe
C:\ProgramData\euds.exe
C:\ProgramData\gkbq.exe
C:\ProgramData\xqjm.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-28 12:21

==================== End of FRST.txt ============================
 
#6 ·
Where is the secondary log "Addition.txt" I need to see that log... Logs are saved to this folder: C:\FRST\Logs
Is This What your looking for?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by The Keller's (2016-06-30 12:04:55)
Running from C:\Users\The Keller's\Downloads
Windows 10 Home (X64) (2015-10-26 20:39:36)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3080448588-2968890734-2023774224-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3080448588-2968890734-2023774224-503 - Limited - Disabled)
Guest (S-1-5-21-3080448588-2968890734-2023774224-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3080448588-2968890734-2023774224-1002 - Limited - Enabled)
The Keller's (S-1-5-21-3080448588-2968890734-2023774224-1000 - Administrator - Enabled) => C:\Users\The Keller's

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
EA Download Manager (HKLM-x32\...\EADM) (Version: 7.1.4.31 - Electronic Arts, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.1.1002 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateAssistant (x32 Version: 1.1.0.0 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3080448588-2968890734-2023774224-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A10B86A-E0E8-463B-93FB-77EECC2C38DB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000Core => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-15] (Facebook Inc.)
Task: {0B74971E-D338-4029-93A2-A03DEFBB01A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {0FBB1A3D-143B-4DC1-8999-50367B86946A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {15E9ED27-DB78-4BEB-9740-A6208706E5B2} - System32\Tasks\{69022E64-F08A-49A5-92B1-CC607B72B719} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-12-17] (Skype Technologies S.A.)
Task: {19AA3EDB-92DD-47B3-98BA-249DF921E1EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1BC8D5C2-1741-4148-BA46-C6CDC5B311B8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-24] (Microsoft Corporation)
Task: {1E607EAA-2CE3-474B-A43D-C48B52B34A48} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {286F54D4-5FF4-4617-878C-6750002CEEAF} - System32\Tasks\3026ed00 => C:\Users\THEKEL~1\AppData\Local\Temp\\setup190688832.exe <==== ATTENTION
Task: {2A32D939-5A38-4F46-B331-413F40203887} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {316B9756-AAB3-4EB2-857D-9ED22F0CFC56} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {3438268F-C2E5-460D-AB51-FFFA5C3F093C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {38F0862A-1691-428A-8B1D-2138A9AE11AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3A4438EF-3CA9-4092-B7BF-FE87B457BC1F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3B67DA7C-EC59-4666-A4C6-8FA813179B8B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {3B912918-B8BB-4AD1-ADC4-944A0182CCEC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {4904004A-28F3-4220-9ECA-02B6DC6B938F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51FE6E45-92F4-4F82-8F80-B6E62A031A20} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5202D0B8-6B4B-43FD-86DB-B62BFC4BD415} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5574FDEA-73EB-4FDB-99BD-A64CAE2C48C6} - System32\Tasks\{5A80DD58-4A12-4350-AB79-E3C51E4CF11D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/go/help.faq.installer?LastError=1601
Task: {55D90D41-28BE-460C-A35F-DBD16CA11EB8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {58D0AA0D-3610-4D07-87BA-F7C016E9A2DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5C72AA78-A36E-48F4-BF2D-55F26B6AF10D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6A59B8D0-15CA-416D-91B3-016C52FE0FE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {71C35807-D374-4306-8D4F-80FF1A302E31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {721964BD-2C06-4D03-816B-6E77450F241C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7A015314-4900-4015-B99B-6F1200011C3A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {82C8FE89-7AF8-4F4F-90C7-EFCDF7951A36} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {865BDC54-69DB-4989-9CC6-573868BDA9F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {8826BCDB-4FA0-44A0-B765-AA9FCE2BE29A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {883DD0C3-2FBF-4A10-9207-72F98E06A75B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000UA => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-15] (Facebook Inc.)
Task: {92805B76-A58F-42C7-B131-7B5388333E86} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {99D9D16F-F85D-4954-8348-39999FB1477A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A2A9C3D2-2884-45EB-BCE1-5A7089F42D4E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B198C427-2D45-490D-B715-FE29AEEF5669} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B2351F56-FA5F-471E-9230-F77533142BDB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\Windows\UpdateAssistant\UpdateAssistant.exe [2016-06-21] (Microsoft Corporation)
Task: {B643AB6D-FB0F-4DAC-9137-2E63F60D66C0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B744371C-81DB-4F80-8295-45C94EA5AD11} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {BEEF7539-7758-41B0-B7BE-6D44F19D85C7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C1DB9A0B-0000-46E6-A9CD-471DA9CF942E} - System32\Tasks\{3787C7B0-68D1-4A0A-98FD-B562EE09F8CA} => pcalua.exe -a D:\SetupAssistant.exe -d D:\
Task: {CCC210B1-EC65-4535-9301-FDADEED27698} - System32\Tasks\DDTS3SJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {DE576C43-A280-4A0B-9059-5FA87E6F042B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E1D26EC5-AF3E-41DD-85BD-19A4D1C8C3B6} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: {E4FB54EA-5B75-45A9-B3F7-E3237D477484} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E79D0E21-F3C6-4503-86AB-C4675435EF41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EF8987D2-E1E2-460A-8C2A-E9DD64487A92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F3B10CC9-69DF-4C33-9C1E-6723EC65E128} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FE73AA41-347D-44F6-9517-B0F21BFA483C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000Core.job => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3080448588-2968890734-2023774224-1000UA.job => C:\Users\The Keller's\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\The Keller's\Desktop\Live PC Help.lnk -> hxxp://www.thephonesupport.com/?src=dtop (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2009-12-07 05:31 - 2009-07-16 21:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2009-12-07 05:31 - 2009-07-16 21:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2016-04-19 08:51 - 2016-03-16 00:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2009-12-07 05:36 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2016-04-19 08:51 - 2016-03-16 00:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 04:38 - 2016-05-26 04:38 - 00959168 _____ () C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-11-01 17:06 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 23:13 - 2015-07-09 23:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2016-01-12 18:26 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 18:26 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-12 18:26 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-01 17:06 - 2015-09-17 01:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2009-06-18 23:46 - 2009-06-18 23:46 - 00494064 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2016-04-04 10:26 - 2016-04-04 10:26 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-04-04 10:26 - 2016-04-04 10:26 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-07 18:06 - 2016-03-07 18:10 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2016-05-26 04:38 - 2016-05-26 04:38 - 00679624 _____ () C:\Users\The Keller's\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B1B1363B-1CB2-4EB5-BC46-EF52F8F18A13}] => (Allow) C:\Users\The Keller's\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{9AE544C4-4A39-4507-B958-ED12197A8A05}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86D0781A-4007-48DD-AED8-8A99E9C7FA30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6FDAD21E-473D-4D3A-A9C1-96CEA2FA7B2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D598881F-D197-40AD-B974-8AC82BB3079C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E8A3EE9-6B59-44A6-8ACD-7AC6AA0774C9}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{7B63D211-84F0-418D-BD53-D5E7A7C0AD37}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{CB7CBD19-8EC5-4FA3-8289-EDADCB0BFE15}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{F3C99BD2-9A73-46EA-9237-5972E0E21FD2}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{9AB1CFDD-8487-4195-A2DB-69CF94B3EDCF}] => (Allow) LPort=37677
FirewallRules: [{1FC25DFC-7D45-4368-AE74-2CB300E2BEE5}] => (Allow) LPort=37676
FirewallRules: [{F7F3FB7B-F96E-4385-AFCC-FFA19CF95E16}] => (Allow) LPort=37676
FirewallRules: [{17259C8D-EC67-44AF-88F0-955382028227}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E4E11EBB-4CA8-4BDF-8EFA-6638DF6E5B97}] => (Allow) LPort=37675
FirewallRules: [{5A1E5EF2-E53A-4325-A032-93DBF3A8BB65}] => (Allow) LPort=37674
FirewallRules: [{221B8FA0-BF10-43E0-AEFB-0B7AF6FFB788}] => (Allow) LPort=37674
FirewallRules: [{2AF60DAC-FE4D-4A10-9174-F4ECD15AF8F2}] => (Allow) LPort=443
FirewallRules: [{5CCE3FB1-FF81-4F27-8BC9-9B417A6A05E6}] => (Allow) LPort=443
FirewallRules: [{E151BB46-C5BE-4EDB-99B0-C5FD710BCAE6}] => (Allow) LPort=37675
FirewallRules: [{3988D703-6A3B-4232-9E2F-C2001C696D34}] => (Allow) LPort=37674
FirewallRules: [{51475DBF-B7B1-48A7-8837-65C613414FB0}] => (Allow) LPort=37674
FirewallRules: [{30FCCDF2-FA0D-46BE-9E56-EB35DA8B532F}] => (Allow) LPort=443
FirewallRules: [{D63EF430-52C6-4CDD-B21C-30912B7038E0}] => (Allow) LPort=443
FirewallRules: [{A8677778-7117-4CB6-B551-087629EE825E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{DE595209-3501-4465-9133-4EB7C7BB0976}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{372478AF-8AD9-4FB3-81EC-C41DA674460C}] => (Allow) svchost.exe
FirewallRules: [{0A7A2739-5EF2-4545-8AE4-2C99FCCBDC30}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98B3884D-AC11-47F3-8414-4F846CCE6692}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{958AA819-6C18-4889-B436-33AD2FFAE4FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{44F96E36-11F2-4631-AA1B-C436D97CF138}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{2E4CF679-669F-4628-A687-5A67DE543C15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2016 09:27:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/30/2016 09:23:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Exception code: 0xc000041d
Fault offset: 0x000000000000cae5
Faulting process id: 0x404
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report Id: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5

Error: (06/30/2016 09:22:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Exception code: 0xc0000005
Fault offset: 0x000000000000cae5
Faulting process id: 0x404
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report Id: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5

Error: (06/26/2016 01:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Exception code: 0xc000041d
Fault offset: 0x000000000000cae5
Faulting process id: 0xfa4
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report Id: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5

Error: (06/26/2016 01:16:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Exception code: 0xc0000005
Fault offset: 0x000000000000cae5
Faulting process id: 0xfa4
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report Id: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5

Error: (06/20/2016 10:02:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Exception code: 0xc000041d
Fault offset: 0x000000000000cae5
Faulting process id: 0x19c0
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report Id: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5

Error: (06/20/2016 10:02:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Faulting module name: sttray64.exe, version: 1.0.6217.0, time stamp: 0x4a490274
Exception code: 0xc0000005
Fault offset: 0x000000000000cae5
Faulting process id: 0x19c0
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report Id: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5

Error: (06/17/2016 04:35:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/17/2016 04:35:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/17/2016 04:35:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (06/30/2016 11:52:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 10 for x64-based Systems (KB3106246).

Error: (06/30/2016 09:39:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

Error: (06/30/2016 09:30:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/30/2016 09:21:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/30/2016 09:20:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/30/2016 09:20:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:12:11 AM on ‎6/‎30/‎2016 was unexpected.

Error: (06/30/2016 09:10:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/30/2016 08:50:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/30/2016 08:45:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/30/2016 08:35:19 AM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: The following service has repeatedly stopped responding to service control requests: Windows Update

Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.

You may have to restart the computer in safe mode before you can disable the service.

CodeIntegrity:
===================================
Date: 2016-06-30 11:56:57.701
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.526
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.492
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.452
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.416
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-30 11:56:57.334
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 71%
Total physical RAM: 4056.36 MB
Available physical RAM: 1154.4 MB
Total Virtual: 8152.36 MB
Available Virtual: 5118.33 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:398.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 75349890)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

======
 
#7 ·
Thanks for those logs, couple of things to do before we continue...

1. System Restore is turned off, please turn that back on...
2. There are two outdated versions of Java installed, please UNinstall them both asap... Java(TM) 6 Update 14 and Java(TM) 6 Update 26
3. Ad-Aware Antivirus and AdAwareUpdater A second AV will clash, unless you intend that to be your default AV please UNinstall....

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....

Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin....
 

Attachments

#8 ·
ok, I right clicked start , system, system properties then under protection settings . there is recovery , I can highlight but can't change to on. I then tried configure another window and under restore settings, I can't turn on system protection on or undo disable system protection. like I'm locked out


Thanks John
 
#11 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by The Keller's (2016-07-01 12:00:09) Run:1
Running from C:\Users\The Keller's\Downloads
Loaded Profiles: The Keller's (Available Profiles: The Keller's & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\RunOnce: [630_9586412520739] => C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat [378 2016-06-30] ()
C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat
C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
C:\rescue.info
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\linl.exe
2016-06-30 09:21 - 2016-06-30 09:21 - 0000453 _____ () C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat
2016-06-30 09:21 - 2016-06-30 09:21 - 0000378 _____ () C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat
2011-07-28 01:05 - 2011-07-28 12:40 - 0012382 ___SH () C:\Users\The Keller's\AppData\Local\t656p5fd0qyo14a4u3x3f8l6nplu
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\vbnt.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\wksp.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\Users\The Keller's\AppData\Local\wofb.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\emmn.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\euds.exe
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\gkbq.exe
2011-07-28 01:05 - 2011-07-28 12:40 - 0012382 ___SH () C:\ProgramData\t656p5fd0qyo14a4u3x3f8l6nplu
2011-07-28 01:05 - 2011-07-28 01:05 - 0000000 _____ () C:\ProgramData\xqjm.exe
C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
Task: {1E607EAA-2CE3-474B-A43D-C48B52B34A48} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {286F54D4-5FF4-4617-878C-6750002CEEAF} - System32\Tasks\3026ed00 => C:\Users\THEKEL~1\AppData\Local\Temp\\setup190688832.exe <==== ATTENTION
C:\Users\THEKEL~1\AppData\Local\Temp\\setup190688832.exe
Task: {2A32D939-5A38-4F46-B331-413F40203887} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3A4438EF-3CA9-4092-B7BF-FE87B457BC1F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4904004A-28F3-4220-9ECA-02B6DC6B938F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5C72AA78-A36E-48F4-BF2D-55F26B6AF10D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {82C8FE89-7AF8-4F4F-90C7-EFCDF7951A36} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A2A9C3D2-2884-45EB-BCE1-5A7089F42D4E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DE576C43-A280-4A0B-9059-5FA87E6F042B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EF8987D2-E1E2-460A-8C2A-E9DD64487A92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FE73AA41-347D-44F6-9517-B0F21BFA483C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\630_9586412520739 => value removed successfully
C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat => moved successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat => moved successfully
"C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat" => not found.
C:\rescue.info => moved successfully
C:\Users\The Keller's\AppData\Local\linl.exe => moved successfully
"C:\Users\The Keller's\AppData\Local\LMIR0001.tmp.bat" => not found.
"C:\Users\The Keller's\AppData\Local\LMIR0001.tmp_r.bat" => not found.
C:\Users\The Keller's\AppData\Local\t656p5fd0qyo14a4u3x3f8l6nplu => moved successfully
C:\Users\The Keller's\AppData\Local\vbnt.exe => moved successfully
C:\Users\The Keller's\AppData\Local\wksp.exe => moved successfully
C:\Users\The Keller's\AppData\Local\wofb.exe => moved successfully
C:\ProgramData\emmn.exe => moved successfully
C:\ProgramData\euds.exe => moved successfully
C:\ProgramData\gkbq.exe => moved successfully
C:\ProgramData\t656p5fd0qyo14a4u3x3f8l6nplu => moved successfully
C:\ProgramData\xqjm.exe => moved successfully
C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E607EAA-2CE3-474B-A43D-C48B52B34A48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E607EAA-2CE3-474B-A43D-C48B52B34A48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{286F54D4-5FF4-4617-878C-6750002CEEAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{286F54D4-5FF4-4617-878C-6750002CEEAF}" => key removed successfully
C:\WINDOWS\System32\Tasks\3026ed00 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3026ed00" => key removed successfully
"C:\Users\THEKEL~1\AppData\Local\Temp\\setup190688832.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A32D939-5A38-4F46-B331-413F40203887}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A32D939-5A38-4F46-B331-413F40203887}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A4438EF-3CA9-4092-B7BF-FE87B457BC1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4438EF-3CA9-4092-B7BF-FE87B457BC1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4904004A-28F3-4220-9ECA-02B6DC6B938F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4904004A-28F3-4220-9ECA-02B6DC6B938F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C72AA78-A36E-48F4-BF2D-55F26B6AF10D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C72AA78-A36E-48F4-BF2D-55F26B6AF10D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82C8FE89-7AF8-4F4F-90C7-EFCDF7951A36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82C8FE89-7AF8-4F4F-90C7-EFCDF7951A36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2A9C3D2-2884-45EB-BCE1-5A7089F42D4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2A9C3D2-2884-45EB-BCE1-5A7089F42D4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE576C43-A280-4A0B-9059-5FA87E6F042B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE576C43-A280-4A0B-9059-5FA87E6F042B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF8987D2-E1E2-460A-8C2A-E9DD64487A92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF8987D2-E1E2-460A-8C2A-E9DD64487A92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE73AA41-347D-44F6-9517-B0F21BFA483C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE73AA41-347D-44F6-9517-B0F21BFA483C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3080448588-2968890734-2023774224-1000\Software\Classes\.exe" => key removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 348341 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57048026 B
Java, Flash, Steam htmlcache => 189958 B
Windows/system/drivers => 48769836 B
Edge => 290484861 B
Chrome => 508951660 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 72376 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 66016 B
NetworkService => 0 B
The Keller's => 209129787 B
DefaultAppPool => 66228 B

RecycleBin => 81866 B
EmptyTemp: => 1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:02:48 ====

windows 10 upgraded when i ran fix

thanks john
 
#13 ·
# AdwCleaner v5.201 - Logfile created 01/07/2016 at 15:11:04
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 10 Home (X64)
# Username : The Keller's - PC
# Running from : C:\Users\The Keller's\Downloads\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\EmailNotifier
[#] Folder Deleted : C:\ProgramData\Application Data\Ask
[#] Folder Deleted : C:\ProgramData\Application Data\EmailNotifier
[-] Folder Deleted : C:\Program Files (x86)\Uniblue
[-] Folder Deleted : C:\Users\The Keller's\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\The Keller's\AppData\LocalLow\EmailNotifier
[-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\K9AMW
[-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\Uniblue

***** [ Files ] *****

[-] File Deleted : C:\Users\The Keller's\Desktop\Live PC Help.lnk
[-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\K9Tools
[-] Key Deleted : HKLM\SOFTWARE\K9Tools
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****

[-] [C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2478 bytes] - [01/07/2016 15:11:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [2550 bytes] - [01/07/2016 15:01:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2624 bytes] ##########
 
#14 ·
# AdwCleaner v5.201 - Logfile created 01/07/2016 at 15:11:04
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 10 Home (X64)
# Username : The Keller's - PC
# Running from : C:\Users\The Keller's\Downloads\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\EmailNotifier
[#] Folder Deleted : C:\ProgramData\Application Data\Ask
[#] Folder Deleted : C:\ProgramData\Application Data\EmailNotifier
[-] Folder Deleted : C:\Program Files (x86)\Uniblue
[-] Folder Deleted : C:\Users\The Keller's\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\The Keller's\AppData\LocalLow\EmailNotifier
[-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\K9AMW
[-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\Uniblue

***** [ Files ] *****

[-] File Deleted : C:\Users\The Keller's\Desktop\Live PC Help.lnk
[-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\K9Tools
[-] Key Deleted : HKLM\SOFTWARE\K9Tools
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****

[-] [C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2478 bytes] - [01/07/2016 15:11:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [2550 bytes] - [01/07/2016 15:01:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2624 bytes] ##########
 
#15 ·
is there any way to see if that person did any thing while in our computer.
Were there any threating viruses on my computer. What can I do to get system restore to work?
on edge if I scroll the curser changes to scroll arrows but does not scroll . it does in crome.In edge I went to tools and enabled scroll and will not scroll


Thanks John
 
#16 ·
We have removed all entries related to the remote access, I do not believe there are any remnants left. I would recommend that you do change any/all passwords used on this system, specifically any with financial implications....

Regarding System Restore, do the following:

Type or copy/paste regedit into the search box, select enter. Registry Editor should open, expand the following keys:

HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows NT > SystemRestore

Do not expand the System Restore folder, instead "Right Click" on that folder and select "Export" a copy of that key will be exported to a place of your choice... So name the file and export to your Desktop or a folder of your choice...

I want you to zip up that file and attach to your next reply... Right click on the file, select > Send to > Compressed (zipped) Folder....

For the scroll issue navigate settings>devices>mouse and touch pad>scroll inactive windows turn that swictch OFF Re-boot your system, navigate to the same setting and turn the swich back ON... Does that help?

In your reply let me see the log from Sophos, also attach the zipped reg key...

Thank you,

Kevin...
 
#17 ·
Ok, I did regedit and got to >Windows NT>then my options were Terminal Services and Window File Protection and that's it. As far as the scroll II did as you said and its the same it shows scroll but nothing moves.
# AdwCleaner v5.201 - Logfile created 01/07/2016 at 15:11:04
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 10 Home (X64)
# Username : The Keller's - PC
# Running from : C:\Users\The Keller's\Downloads\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\EmailNotifier
[#] Folder Deleted : C:\ProgramData\Application Data\Ask
[#] Folder Deleted : C:\ProgramData\Application Data\EmailNotifier
[-] Folder Deleted : C:\Program Files (x86)\Uniblue
[-] Folder Deleted : C:\Users\The Keller's\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\The Keller's\AppData\LocalLow\EmailNotifier
[-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\K9AMW
[-] Folder Deleted : C:\Users\The Keller's\AppData\Roaming\Uniblue

***** [ Files ] *****

[-] File Deleted : C:\Users\The Keller's\Desktop\Live PC Help.lnk
[-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\K9Tools
[-] Key Deleted : HKLM\SOFTWARE\K9Tools
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****

[-] [C:\Users\The Keller's\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2478 bytes] - [01/07/2016 15:11:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [2550 bytes] - [01/07/2016 15:01:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2624 bytes] ##########
2016-07-02 17:32:21.668 Sophos Virus Removal Tool version 2.5.5
2016-07-02 17:32:21.668 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-07-02 17:32:21.668 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-07-02 17:32:21.668 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-07-02 17:32:21.684 Checking for updates...
2016-07-02 17:32:34.340 Update progress: proxy server not available
2016-07-02 17:32:55.971 Option all = no
2016-07-02 17:32:55.971 Option recurse = yes
2016-07-02 17:32:55.971 Option archive = no
2016-07-02 17:32:55.971 Option service = yes
2016-07-02 17:32:55.971 Option confirm = yes
2016-07-02 17:32:55.971 Option sxl = yes
2016-07-02 17:32:55.971 Option max-data-age = 35
2016-07-02 17:32:55.971 Option EnableSafeClean = yes
2016-07-02 17:32:57.127 Option vdl-logging = yes
2016-07-02 17:32:57.143 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-07-02 17:32:57.143 Machine ID: f18cb9627dc04bef8246fe55e461ead4
2016-07-02 17:32:57.284 Component SVRTcli.exe version 2.5.5
2016-07-02 17:32:57.284 Component control.dll version 2.5.5
2016-07-02 17:32:57.284 Component SVRTservice.exe version 2.5.5
2016-07-02 17:32:57.284 Component engine\osdp.dll version 1.44.1.2250
2016-07-02 17:32:57.284 Component engine\veex.dll version 3.65.0.2250
2016-07-02 17:32:57.284 Component engine\savi.dll version 9.0.1.2250
2016-07-02 17:32:57.315 Component rkdisk.dll version 1.5.30.0
2016-07-02 17:32:57.315 Version info: Product version 2.5.5
2016-07-02 17:32:57.315 Version info: Detection engine 3.65.0
2016-07-02 17:32:57.315 Version info: Detection data 5.26
2016-07-02 17:32:57.315 Version info: Build date 4/5/2016
2016-07-02 17:32:57.315 Version info: Data files added 558
2016-07-02 17:32:57.315 Version info: Last successful update 7/1/2016 4:56:48 PM
2016-07-02 17:33:21.777 Downloading updates...
2016-07-02 17:33:21.777 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-07-02 17:33:21.777 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-07-02 17:33:21.777 Update progress: [I49502] Found supplement IDE527 LATEST
2016-07-02 17:33:21.777 Update progress: [I49502] Found supplement IDE528 LATEST
2016-07-02 17:33:21.777 Update progress: [I49502] Found supplement IDE529 LATEST
2016-07-02 17:33:21.777 Update progress: [I49502] Found supplement IDE530 LATEST
2016-07-02 17:33:21.777 Update progress: [I49502] Found supplement IDE531 LATEST
2016-07-02 17:33:21.777 Update progress: [I49502] Found supplement IDE532 LATEST
2016-07-02 17:33:21.777 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-07-02 17:33:21.777 Update progress: [I19463] Syncing product SAVIW32 70
2016-07-02 17:33:21.777 Update progress: [I19463] Syncing product IDE527 142
2016-07-02 17:33:32.543 Error level 1
2016-07-02 17:33:35.543 Update progress: [I19463] Syncing product IDE528 127
2016-07-02 17:33:35.543 Update progress: [I19463] Syncing product IDE529 135
2016-07-02 17:33:35.543 Update progress: [I19463] Syncing product IDE530 165
2016-07-02 17:33:35.653 Update error: cancelled synchronise

2016-07-02 17:34:05.654 Scan cancelled by user.
2016-07-02 17:34:05.654

------------------------------------------------------------

2016-07-02 17:42:34.880 Sophos Virus Removal Tool version 2.5.5
2016-07-02 17:42:34.880 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-07-02 17:42:34.880 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-07-02 17:42:34.880 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-07-02 17:42:34.880 Checking for updates...
2016-07-02 17:42:34.927 Update progress: proxy server not available
2016-07-02 17:42:36.302 Downloading updates...
2016-07-02 17:42:36.318 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-07-02 17:42:36.318 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-07-02 17:42:36.318 Update progress: [I49502] Found supplement IDE527 LATEST
2016-07-02 17:42:36.318 Update progress: [I49502] Found supplement IDE528 LATEST
2016-07-02 17:42:36.318 Update progress: [I49502] Found supplement IDE529 LATEST
2016-07-02 17:42:36.318 Update progress: [I49502] Found supplement IDE530 LATEST
2016-07-02 17:42:36.318 Update progress: [I49502] Found supplement IDE531 LATEST
2016-07-02 17:42:36.318 Update progress: [I49502] Found supplement IDE532 LATEST
2016-07-02 17:42:36.318 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-07-02 17:42:36.318 Update progress: [I19463] Syncing product SAVIW32 70
2016-07-02 17:42:36.318 Update progress: [I19463] Syncing product IDE527 142
2016-07-02 17:42:36.318 Update progress: [I19463] Syncing product IDE528 127
2016-07-02 17:42:36.318 Update progress: [I19463] Syncing product IDE529 135
2016-07-02 17:42:36.318 Update progress: [I19463] Syncing product IDE530 165
2016-07-02 17:42:37.068 Installing updates...
2016-07-02 17:42:48.818 Option all = no
2016-07-02 17:42:50.324 Option recurse = yes
2016-07-02 17:42:50.324 Option archive = no
2016-07-02 17:42:50.324 Option service = yes
2016-07-02 17:42:50.324 Option confirm = yes
2016-07-02 17:42:50.324 Option sxl = yes
2016-07-02 17:42:50.324 Option max-data-age = 35
2016-07-02 17:42:50.324 Option EnableSafeClean = yes
2016-07-02 17:42:50.324 Option vdl-logging = yes
2016-07-02 17:42:50.324 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-07-02 17:42:50.324 Machine ID: f18cb9627dc04bef8246fe55e461ead4
2016-07-02 17:42:50.324 Component SVRTcli.exe version 2.5.5
2016-07-02 17:42:50.324 Component control.dll version 2.5.5
2016-07-02 17:42:50.324 Component SVRTservice.exe version 2.5.5
2016-07-02 17:42:50.324 Component engine\osdp.dll version 1.44.1.2250
2016-07-02 17:42:50.324 Component engine\veex.dll version 3.65.0.2250
2016-07-02 17:42:50.324 Component engine\savi.dll version 9.0.1.2250
2016-07-02 17:42:50.324 Component rkdisk.dll version 1.5.30.0
2016-07-02 17:42:50.324 Version info: Product version 2.5.5
2016-07-02 17:42:50.324 Version info: Detection engine 3.65.0
2016-07-02 17:42:50.324 Version info: Detection data 5.26
2016-07-02 17:42:50.324 Version info: Build date 4/5/2016
2016-07-02 17:42:50.324 Version info: Data files added 558
2016-07-02 17:42:50.324 Version info: Last successful update 7/1/2016 4:56:48 PM
2016-07-02 17:42:50.324 Error level 1
2016-07-02 17:42:50.683 Update progress: [I19463] Syncing product IDE531 1
2016-07-02 17:42:50.683 Update progress: [I19463] Syncing product IDE532 1
2016-07-02 17:42:50.808 Update successful
2016-07-02 17:43:04.793 Option all = no
2016-07-02 17:43:04.793 Option recurse = yes
2016-07-02 17:43:04.793 Option archive = no
2016-07-02 17:43:04.793 Option service = yes
2016-07-02 17:43:04.793 Option confirm = yes
2016-07-02 17:43:04.793 Option sxl = yes
2016-07-02 17:43:04.793 Option max-data-age = 35
2016-07-02 17:43:04.793 Option EnableSafeClean = yes
2016-07-02 17:43:05.397 Option vdl-logging = yes
2016-07-02 17:43:05.413 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-07-02 17:43:05.413 Machine ID: f18cb9627dc04bef8246fe55e461ead4
2016-07-02 17:43:05.413 Component SVRTcli.exe version 2.5.5
2016-07-02 17:43:05.413 Component control.dll version 2.5.5
2016-07-02 17:43:05.413 Component SVRTservice.exe version 2.5.5
2016-07-02 17:43:05.413 Component engine\osdp.dll version 1.44.1.2250
2016-07-02 17:43:05.413 Component engine\veex.dll version 3.65.0.2250
2016-07-02 17:43:05.413 Component engine\savi.dll version 9.0.1.2250
2016-07-02 17:43:05.413 Component rkdisk.dll version 1.5.30.0
2016-07-02 17:43:05.413 Version info: Product version 2.5.5
2016-07-02 17:43:05.413 Version info: Detection engine 3.65.0
2016-07-02 17:43:05.413 Version info: Detection data 5.26
2016-07-02 17:43:05.413 Version info: Build date 4/5/2016
2016-07-02 17:43:05.413 Version info: Data files added 563
2016-07-02 17:43:05.413 Version info: Last successful update 7/2/2016 1:42:50 PM

2016-07-02 18:11:04.934 Contents of SafeClean bin directory:
2016-07-02 18:11:04.934 {
2016-07-02 18:11:04.934 RecordID : "0000000000000001",
2016-07-02 18:11:04.934 ItemType : "1",
2016-07-02 18:11:04.934 Location : "C:\Users\The Keller's\AppData\Roaming\Microsoft\Windows\Templates\",
2016-07-02 18:11:04.934 FileName : "t656p5fd0qyo14a4u3x3f8l6nplu",
2016-07-02 18:11:04.934 ThreatName : "Mal/FakeAvCn-C",
2016-07-02 18:11:04.934 Checksum : "d3f0802a7170c524c661ac7944479bc6fd759577a2315f58f985e3f6aae2cdf7",
2016-07-02 18:11:04.934 TimeStamp : "Fri Jul 01 21:49:54 2016"
2016-07-02 18:11:04.934 }
2016-07-02 18:11:04.934 Error level 0

2016-07-02 18:11:04.934 Scan cancelled by user.
2016-07-02 18:11:04.934

------------------------------------------------------------

2016-07-02 18:11:46.923 Sophos Virus Removal Tool version 2.5.5
2016-07-02 18:11:46.923 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-07-02 18:11:46.923 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-07-02 18:11:46.923 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-07-02 18:11:46.939 Checking for updates...
2016-07-02 18:11:46.954 Update progress: proxy server not available
2016-07-02 18:12:45.649 Update not required
2016-07-02 18:12:56.164 Option all = no
2016-07-02 18:12:56.164 Option recurse = yes
2016-07-02 18:12:56.164 Option archive = no
2016-07-02 18:12:56.164 Option service = yes
2016-07-02 18:12:56.164 Option confirm = yes
2016-07-02 18:12:56.164 Option sxl = yes
2016-07-02 18:12:56.164 Option max-data-age = 35
2016-07-02 18:12:56.164 Option EnableSafeClean = yes
2016-07-02 18:12:56.789 Option vdl-logging = yes
2016-07-02 18:12:56.805 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-07-02 18:12:56.805 Machine ID: f18cb9627dc04bef8246fe55e461ead4
2016-07-02 18:12:56.805 Component SVRTcli.exe version 2.5.5
2016-07-02 18:12:56.805 Component control.dll version 2.5.5
2016-07-02 18:12:56.805 Component SVRTservice.exe version 2.5.5
2016-07-02 18:12:56.805 Component engine\osdp.dll version 1.44.1.2250
2016-07-02 18:12:56.805 Component engine\veex.dll version 3.65.0.2250
2016-07-02 18:12:56.805 Component engine\savi.dll version 9.0.1.2250
2016-07-02 18:12:56.805 Component rkdisk.dll version 1.5.30.0
2016-07-02 18:12:56.805 Version info: Product version 2.5.5
2016-07-02 18:12:56.805 Version info: Detection engine 3.65.0
2016-07-02 18:12:56.805 Version info: Detection data 5.26
2016-07-02 18:12:56.805 Version info: Build date 4/5/2016
2016-07-02 18:12:56.805 Version info: Data files added 563
2016-07-02 18:12:56.805 Version info: Last successful update 7/2/2016 1:42:50 PM
2016-07-02 18:13:14.086 Error level 1

2016-07-02 18:13:14.086 Scan completed.
2016-07-02 18:13:14.086

------------------------------------------------------------
Thanks
John
 
#21 ·
Run the following and post the produced log...

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Thank you,

Kevin...
 
#22 ·
Farbar Service Scanner Version: 27-01-2016
Ran by The Keller's (administrator) on 02-07-2016 at 17:18:59
Running from "C:\Users\The Keller's\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
#24 ·
Hi I've tried option 3 several times and just not getting it. It reads

C;\user's\The Keller's>
then I copy and paste sfc /scannow
and hit enter then it drops down and says
"you must be an administrator running a consolesessionin order to use the sfc utility"
what am I doing wrong

thanks
John
 
#26 ·
Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\WINDOWS\system32>
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top