Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 DllHost.exe error being reported.


  • This topic is locked This topic is locked
10 replies to this topic

#1 tadlington

tadlington

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 06 November 2015 - 07:04 AM

Windows 10  DllHost.exe error being reported

Hi there,

I am trying to help a colleague who is having trouble with his laptop.  He recently upgraded the OS to Windows 10 and sometime after that Internet explorer and Windows Edge stopped working reliably.  Google Chrome works fine. The laptop is also running very slowly.  I have carried out the recommended maintenance steps such as defrag and chkdsk etc.

 

I have also run a full scan using McAfee and Malwarebytes.  The later found something called PUP.Optional.TweakBit and these threats have been quarantined.

 

I have noticed a critical Application Error in Event Viewer DllHost.exe is continually being reported along with warnings and information notices.

 

Generally with the way the laptop is behaving I think there may be some malicious software still running.

 

I have posted the scan logs below.

 

Any help and advice will be most welcome.

 

Many thanks,

Tony.

=========================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015

Ran by Stevie (administrator) on STEVIE-PC (06-11-2015 11:50:25)

Running from C:\Users\Stevie\Downloads

Loaded Profiles: UpdatusUser & Stevie (Available Profiles: UpdatusUser & Stevie)

Platform: Windows 10 Pro (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe

(O2Micro International) C:\Windows\System32\o2flash.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\PremierColor\dthtml.exe

(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

() C:\Windows\SysWOW64\srvany.exe

(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Microsoft Corporation) C:\Windows\hh.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [745288 2015-06-25] (Alps Electric Co., Ltd.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-21] (IDT, Inc.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8925184 2014-01-15] (Dell Inc.)

HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-09] (Wave Systems Corp.)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-01] ()

HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)

HKLM-x32\...\Run: [DT DL2] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-07-23] (Portrait Displays, Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-3678175132-4020689451-848652562-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-3678175132-4020689451-848652562-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)

Lsa: [Authentication Packages] msv1_0 wvauth

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stevie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll [2015-09-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stevie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll [2015-09-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stevie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll [2015-09-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)

ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-09] (Wave Systems Corp.)

ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-09] (Wave Systems Corp.)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stevie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll [2015-09-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stevie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll [2015-09-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stevie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll [2015-09-29] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-25]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: 0.0.0.1     mssplus.mcafee.com

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{069edec2-7645-440f-8210-f2c0a916f157}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{3b61e7b5-21f9-4bd2-a56f-418dde1b7fca}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{4cb2d023-579f-42c7-b834-7bfda0cb6f18}: [DhcpNameServer] 169.4.68.58 169.4.68.68

Tcpip\..\Interfaces\{9a9aa4e1-0058-48a7-9730-e3cd1ddd66eb}: [DhcpNameServer] 172.20.10.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3678175132-4020689451-848652562-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/

HKU\S-1-5-21-3678175132-4020689451-848652562-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com

URLSearchHook: HKU\S-1-5-21-3678175132-4020689451-848652562-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

URLSearchHook: HKU\S-1-5-21-3678175132-4020689451-848652562-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

SearchScopes: HKU\S-1-5-21-3678175132-4020689451-848652562-1001 -> DefaultScope {2590B8FC-4F11-49F6-9762-65D371D54F63} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB105D20140712&p={searchTerms}

SearchScopes: HKU\S-1-5-21-3678175132-4020689451-848652562-1001 -> {2590B8FC-4F11-49F6-9762-65D371D54F63} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB105D20140712&p={searchTerms}

SearchScopes: HKU\S-1-5-21-3678175132-4020689451-848652562-1001 -> {3DF77C93-6F10-4155-B657-B9339B51613C} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)

BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-31] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)

BHO-x32: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()

Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)

Toolbar: HKLM-x32 - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)

Toolbar: HKU\S-1-5-21-3678175132-4020689451-848652562-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)

DPF: HKLM-x32 {493ACF15-5CD9-4474-82A6-91670C3DD66E} hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/event/ieatgpc1.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-03] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-03] (McAfee, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-03] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-03] (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.)

 

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)

FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-28] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-28] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-05] [not signed]

 

Chrome:

=======

CHR DefaultSearchURL: Default -> hxxp://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms}

CHR DefaultSearchKeyword: Default -> mcafee

CHR Profile: C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (SiteAdvisor) - C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-15]

CHR Extension: (BT Toolbar) - C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-07-27] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION

CHR Extension: (Chrome Web Store Payments) - C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-06]

CHR HKU\S-1-5-21-3678175132-4020689451-848652562-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-06]

CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx [2014-02-07]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 0169561446809486mcinstcleanup; C:\WINDOWS\TEMP\016956~1.EXE [882000 2015-07-23] (McAfee, Inc.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96120 2015-06-25] (Alps Electric Co., Ltd.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)

S3 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)

R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-07-23] (Portrait Displays, Inc.)

S2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] ()

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-11] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-03] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)

R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)

R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-09-29] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-11-01] (NVIDIA Corporation)

R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)

R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]

R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] () [File not signed]

R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-10-26] (IBM Corp.)

S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-09-29] (Microsoft Corporation)

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-09-29] (Microsoft Corporation)

R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6177280 2014-01-15] (Dell Inc.) [File not signed]

S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)

R3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-09-29] (OSR Open Systems Resources, Inc.)

S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()

R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-11-02] (Intel Corporation)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-03] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-09-29] (Microsoft Corporation)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-09-30] (IBM Corp.)

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-10-26] (IBM Corp.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-10-26] (IBM Corp.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-10-26] (IBM Corp.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-10-26] (IBM Corp.)

R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

U3 idsvc; no ImagePath

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

U3 wpcsvc; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-06 11:50 - 2015-11-06 11:50 - 00030963 _____ C:\Users\Stevie\Downloads\FRST.txt

2015-11-06 11:50 - 2015-11-06 11:50 - 00000000 ____D C:\FRST

2015-11-06 11:49 - 2015-11-06 11:49 - 02198528 _____ (Farbar) C:\Users\Stevie\Downloads\FRST64.exe

2015-11-06 11:36 - 2015-11-06 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-11-06 11:32 - 2015-11-06 11:32 - 00016148 _____ C:\WINDOWS\system32\STEVIE-PC_Stevie_HistoryPrediction.bin

2015-11-06 10:30 - 2015-11-06 10:31 - 00000000 ____D C:\Users\Stevie\Desktop\SysinternalsSuite

2015-11-06 09:44 - 2015-11-06 09:44 - 00606643 _____ C:\Users\Stevie\Downloads\Autoruns.zip

2015-11-06 08:59 - 2015-11-06 08:59 - 00000000 ____D C:\Users\Stevie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad

2015-11-05 16:45 - 2015-11-05 16:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\TweakBit

2015-11-05 16:04 - 2015-11-06 11:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-11-05 16:03 - 2015-11-05 16:05 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-11-05 16:03 - 2015-11-05 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-11-05 16:03 - 2015-11-05 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-11-05 16:03 - 2015-11-05 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-11-05 16:03 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-11-05 16:03 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-11-05 16:03 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2015-11-05 16:02 - 2015-11-05 16:03 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Stevie\Downloads\mbam-setup-sem-2.1.6.1022.exe

2015-11-05 13:55 - 2015-11-05 16:42 - 00000000 ____D C:\ProgramData\TweakBit

2015-11-05 13:55 - 2015-11-05 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit

2015-11-05 13:55 - 2015-11-05 13:55 - 00001249 _____ C:\Users\Stevie\Desktop\TweakBit PCRepairKit.lnk

2015-11-05 13:55 - 2015-11-05 13:55 - 00000000 ____D C:\Program Files (x86)\TweakBit

2015-11-05 13:54 - 2015-11-05 13:54 - 00421520 _____ (TweakBit) C:\Users\Stevie\Downloads\dllhost.exe-repairkit.exe

2015-11-01 08:45 - 2015-10-27 23:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2015-11-01 08:45 - 2015-10-27 23:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2015-11-01 08:45 - 2015-10-21 12:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

2015-11-01 08:45 - 2015-10-21 12:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

2015-11-01 08:45 - 2015-10-21 12:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2015-11-01 08:45 - 2015-10-21 12:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-11-01 08:45 - 2015-10-21 12:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-11-01 08:45 - 2015-10-21 12:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2015-11-01 08:45 - 2015-10-21 11:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2015-11-01 08:45 - 2015-10-21 11:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2015-11-01 08:45 - 2015-10-21 11:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2015-11-01 08:45 - 2015-10-21 11:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2015-11-01 08:45 - 2015-10-21 11:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-11-01 08:45 - 2015-10-21 11:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll

2015-11-01 08:45 - 2015-10-21 11:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2015-11-01 08:45 - 2015-10-21 11:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-11-01 08:45 - 2015-10-21 11:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll

2015-11-01 08:45 - 2015-10-21 11:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2015-11-01 08:45 - 2015-10-21 11:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll

2015-11-01 08:45 - 2015-10-21 11:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2015-11-01 08:45 - 2015-10-21 11:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2015-11-01 08:45 - 2015-10-21 11:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll

2015-11-01 08:45 - 2015-10-21 11:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll

2015-11-01 08:45 - 2015-10-21 05:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2015-11-01 08:45 - 2015-10-21 05:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-11-01 08:45 - 2015-10-21 05:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-11-01 08:45 - 2015-10-21 05:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2015-11-01 08:45 - 2015-10-21 05:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2015-11-01 08:45 - 2015-10-21 05:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2015-11-01 08:45 - 2015-10-21 05:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-11-01 08:45 - 2015-10-21 05:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll

2015-11-01 08:45 - 2015-10-21 04:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

2015-11-01 08:45 - 2015-10-21 04:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2015-11-01 08:45 - 2015-10-21 04:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll

2015-11-01 08:45 - 2015-10-10 07:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-11-01 08:45 - 2015-10-06 03:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2015-11-01 08:45 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2015-11-01 08:45 - 2015-10-01 04:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2015-11-01 08:45 - 2015-10-01 04:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2015-11-01 08:45 - 2015-10-01 04:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2015-11-01 08:45 - 2015-10-01 04:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2015-11-01 08:45 - 2015-10-01 04:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-11-01 08:45 - 2015-10-01 03:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2015-11-01 08:45 - 2015-09-25 04:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2015-11-01 08:45 - 2015-09-25 04:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2015-11-01 08:45 - 2015-09-25 03:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-11-01 08:45 - 2015-09-25 03:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2015-11-01 08:45 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2015-11-01 08:45 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-11-01 08:45 - 2015-09-25 03:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll

2015-11-01 08:45 - 2015-09-25 03:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll

2015-11-01 08:45 - 2015-09-25 03:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-11-01 08:45 - 2015-09-25 03:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2015-11-01 08:45 - 2015-09-25 03:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-11-01 08:45 - 2015-09-25 03:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2015-11-01 08:45 - 2015-09-25 03:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2015-11-01 08:45 - 2015-09-25 03:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-11-01 08:45 - 2015-09-25 03:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2015-11-01 08:45 - 2015-09-25 03:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2015-11-01 08:45 - 2015-09-25 03:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2015-11-01 08:45 - 2015-09-25 03:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-11-01 08:45 - 2015-09-25 03:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2015-11-01 08:45 - 2015-09-25 03:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2015-11-01 08:45 - 2015-09-25 03:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2015-11-01 08:45 - 2015-09-25 03:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll

2015-11-01 08:45 - 2015-09-25 03:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll

2015-11-01 08:45 - 2015-09-25 02:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2015-11-01 08:45 - 2015-09-25 02:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2015-11-01 08:45 - 2015-09-25 02:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll

2015-11-01 08:45 - 2015-09-25 02:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2015-11-01 08:45 - 2015-09-25 02:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll

2015-11-01 08:45 - 2015-09-25 02:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll

2015-11-01 08:45 - 2015-09-25 02:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2015-11-01 08:45 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2015-11-01 08:45 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll

2015-11-01 08:45 - 2015-09-25 02:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-11-01 08:45 - 2015-09-25 02:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-11-01 08:45 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2015-11-01 08:45 - 2015-09-25 02:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-11-01 08:45 - 2015-09-25 02:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2015-11-01 08:45 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2015-11-01 08:45 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2015-11-01 08:45 - 2015-09-25 02:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-11-01 08:45 - 2015-09-25 02:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2015-11-01 08:45 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2015-11-01 08:45 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll

2015-11-01 08:45 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll

2015-11-01 08:45 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll

2015-11-01 08:45 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

2015-11-01 08:45 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll

2015-11-01 08:45 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2015-11-01 08:45 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2015-10-15 19:23 - 2015-11-06 11:50 - 00005004 _____ C:\WINDOWS\System32\Tasks\WSCEAA

2015-10-11 09:38 - 2015-10-11 09:38 - 22915568 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 17846272 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 11905432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 11053048 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 10574992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 08528896 _____ (Intel Corporation) C:\WINDOWS\system32\ig7icd64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 06513648 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig7icd32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 04371888 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 04369816 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 04025864 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 03672344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 02506960 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 02037232 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 01995760 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 01793024 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 01768432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 01470472 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 01156000 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 01151840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00970656 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 00866824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00661000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00618992 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00617992 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00556960 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 00554928 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 00469216 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00444832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 00410528 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 00409520 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 00394224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00387056 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00378824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00374272 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00357912 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00329216 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00316245 _____ C:\WINDOWS\system32\DisplayAudiox64.cab

2015-10-11 09:38 - 2015-10-11 09:38 - 00296944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00291744 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 00265712 _____ C:\WINDOWS\system32\igfxCPL.cpl

2015-10-11 09:38 - 2015-10-11 09:38 - 00232960 _____ C:\WINDOWS\system32\igdde64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00230384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00229664 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00225288 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00216552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4276.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00199088 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00194560 _____ C:\WINDOWS\SysWOW64\igdde32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00194368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00193536 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00192520 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00188884 _____ C:\WINDOWS\system32\resTHA.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00181524 _____ C:\WINDOWS\system32\resELL.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00177300 _____ C:\WINDOWS\system32\resRUS.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00172528 _____ C:\WINDOWS\system32\igdail64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00169368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00165808 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe

2015-10-11 09:38 - 2015-10-11 09:38 - 00163840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00163044 _____ C:\WINDOWS\system32\resARA.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00162500 _____ C:\WINDOWS\system32\resHEB.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00162484 _____ C:\WINDOWS\system32\resJPN.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00157860 _____ C:\WINDOWS\system32\resHUN.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00157844 _____ C:\WINDOWS\system32\resFRA.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00156100 _____ C:\WINDOWS\system32\resKOR.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00156020 _____ C:\WINDOWS\system32\resDEU.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00155988 _____ C:\WINDOWS\system32\resITA.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00155828 _____ C:\WINDOWS\system32\resROM.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00155716 _____ C:\WINDOWS\system32\resESN.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00155268 _____ C:\WINDOWS\system32\resPLK.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00155172 _____ C:\WINDOWS\system32\resSKY.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00154980 _____ C:\WINDOWS\system32\resNLD.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00154372 _____ C:\WINDOWS\system32\resPTB.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00154260 _____ C:\WINDOWS\system32\resTRK.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00154212 _____ C:\WINDOWS\system32\resCSY.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00154096 _____ C:\WINDOWS\SysWOW64\igdail32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00154084 _____ C:\WINDOWS\system32\resPTG.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00153620 _____ C:\WINDOWS\system32\resFIN.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00153236 _____ C:\WINDOWS\system32\resHRV.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00152772 _____ C:\WINDOWS\system32\resSVE.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00152644 _____ C:\WINDOWS\system32\resSLV.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00151668 _____ C:\WINDOWS\system32\resNOR.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00151156 _____ C:\WINDOWS\system32\resDAN.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00149812 _____ C:\WINDOWS\system32\resENU.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00148052 _____ C:\WINDOWS\system32\resCHT.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00147188 _____ C:\WINDOWS\system32\resCHS.cui

2015-10-11 09:38 - 2015-10-11 09:38 - 00143368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00109064 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00102912 _____ C:\WINDOWS\system32\IccLibDll_x64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00096752 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00078336 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00069616 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00020976 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00015344 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00013824 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll

2015-10-11 09:38 - 2015-10-11 09:38 - 00002560 _____ C:\WINDOWS\system32\iglhxs64.vp

2015-10-10 13:36 - 2015-10-10 13:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2015-10-10 11:13 - 2015-10-10 11:13 - 00000000 ____D C:\Users\Stevie\AppData\Local\MicrosoftEdge

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-06 11:48 - 2013-03-29 09:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-11-06 11:32 - 2015-10-02 06:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee

2015-11-06 11:32 - 2015-07-06 09:44 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon

2015-11-06 11:31 - 2013-06-11 09:43 - 00000000 ____D C:\Program Files (x86)\McAfee

2015-11-06 11:13 - 2013-12-03 17:51 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cef0503dcf32c9.job

2015-11-06 11:00 - 2015-07-10 12:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log

2015-11-06 10:59 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru

2015-11-06 09:36 - 2013-04-27 10:50 - 00000000 ____D C:\Users\Stevie\Documents\Outlook Files

2015-11-06 09:35 - 2013-05-06 12:02 - 00000000 ____D C:\Users\Stevie\AppData\Local\9CE2176B-FC04-4561-93C3-DD6BE12C7931.aplzod

2015-11-06 09:00 - 2013-05-09 16:48 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-11-06 08:57 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-11-06 08:56 - 2015-09-28 20:05 - 00000000 ____D C:\ProgramData\NVIDIA

2015-11-06 08:56 - 2015-09-28 20:01 - 00012492 _____ C:\WINDOWS\PFRO.log

2015-11-06 08:56 - 2015-07-10 09:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI

2015-11-05 14:57 - 2013-06-11 09:35 - 00000000 ____D C:\ProgramData\McAfee

2015-11-05 14:53 - 2013-12-30 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2015-11-05 14:46 - 2015-09-28 20:09 - 00000000 ___RD C:\Users\Stevie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-11-05 14:23 - 2013-05-06 14:42 - 00000000 ____D C:\Users\Stevie\AppData\Local\Microsoft Help

2015-11-05 14:11 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-11-05 13:51 - 2015-09-28 20:08 - 01005642 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-11-05 13:43 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-11-03 13:33 - 2014-12-26 11:01 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2015-11-03 13:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache

2015-11-03 08:19 - 2013-06-11 09:35 - 00000000 ____D C:\Program Files\Common Files\McAfee

2015-11-03 08:18 - 2015-07-10 11:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

2015-11-01 14:54 - 2013-04-03 17:21 - 00000000 ____D C:\Program Files\Microsoft Office 15

2015-11-01 14:53 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2015-11-01 14:46 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-11-01 13:48 - 2015-09-29 06:33 - 00000000 ____D C:\Users\Stevie\AppData\Local\Packages

2015-11-01 08:54 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-11-01 08:53 - 2013-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-11-01 08:47 - 2013-05-11 09:30 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-10-31 12:14 - 2013-05-09 16:48 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-31 07:03 - 2015-09-29 04:57 - 00000000 ____D C:\Windows.old

2015-10-26 00:01 - 2015-06-06 12:36 - 00139896 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys

2015-10-26 00:01 - 2013-12-30 14:58 - 00394584 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys

2015-10-24 09:36 - 2013-05-09 16:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-10-24 09:23 - 2015-09-29 06:33 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

2015-10-16 03:10 - 2015-10-03 02:35 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-10-16 03:10 - 2015-10-03 02:35 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-11 09:40 - 2015-07-10 12:20 - 00021139 _____ C:\WINDOWS\setupact.log

2015-10-11 09:38 - 2015-09-28 20:06 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL

2015-10-11 09:38 - 2015-09-28 20:06 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL

2015-10-11 09:38 - 2015-07-30 21:46 - 12335600 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll

2015-10-11 09:38 - 2015-07-30 21:46 - 04637640 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll

2015-10-11 09:38 - 2015-07-30 21:46 - 00042232 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll

2015-10-11 09:38 - 2015-07-30 21:45 - 03797424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys

2015-10-11 09:38 - 2015-07-30 21:45 - 00680432 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll

2015-10-11 09:38 - 2015-07-30 21:45 - 00541600 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe

2015-10-11 09:38 - 2015-07-30 21:45 - 00395168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe

2015-10-11 09:38 - 2015-07-30 21:45 - 00330136 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe

2015-10-11 09:38 - 2015-07-30 21:45 - 00285184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll

2015-10-11 09:38 - 2015-07-30 21:45 - 00262640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll

2015-10-11 09:38 - 2015-07-30 21:45 - 00258456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe

2015-10-11 09:38 - 2015-07-30 21:45 - 00205728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe

2015-10-11 09:38 - 2015-07-30 21:45 - 00039424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll

2015-10-10 11:41 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase

 

==================== Files in the root of some directories =======

 

2013-05-06 09:09 - 2013-05-06 09:09 - 0038370 _____ () C:\Users\Stevie\AppData\Roaming\Comma Separated Values.ADR

2015-07-27 14:49 - 2015-07-27 14:49 - 0000017 _____ () C:\Users\Stevie\AppData\Local\resmon.resmoncfg

2013-04-03 18:29 - 2013-06-11 09:51 - 0001182 _____ () C:\ProgramData\hpzinstall.log

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-31 06:57

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015

Ran by Stevie (2015-11-06 11:51:20)

Running from C:\Users\Stevie\Downloads

Windows 10 Pro (X64) (2015-09-29 06:33:25)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3678175132-4020689451-848652562-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3678175132-4020689451-848652562-503 - Limited - Disabled)

Guest (S-1-5-21-3678175132-4020689451-848652562-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3678175132-4020689451-848652562-1003 - Limited - Enabled)

Stevie (S-1-5-21-3678175132-4020689451-848652562-1001 - Administrator - Enabled) => C:\Users\Stevie

UpdatusUser (S-1-5-21-3678175132-4020689451-848652562-1000 - Limited - Enabled) => C:\Users\UpdatusUser

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

AutoCAD LT 2011 - English (HKLM\...\AutoCAD LT 2011 - English) (Version: 18.1.49.0 - Autodesk)

AutoCAD LT 2011 - English (Version: 18.1.49.0 - Autodesk) Hidden

AutoCAD LT 2011 Language Pack - English (Version: 18.1.49.0 - Autodesk) Hidden

Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)

Basic PAYE Tools (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 15.1.15162.94 - HM Revenue & Customs)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )

BT Toolbar (HKLM-x32\...\bttb) (Version: 1.0.0.43 - )

Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden

Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden

Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden

Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00001.021 - Dell Inc.)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.103 - ALPS ELECTRIC CO., LTD.)

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)

DellAccess (Version: 01.03.00.046 - Wave Systems Corp.) Hidden

DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden

DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.215 - Dell Inc.)

EMBASSY Client Core (Version: 01.03.00.092 - Wave Systems Corp.) Hidden

ERAS Connector (Version: 02.09.05.0330 - Wave Systems Corp) Hidden

Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)

Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden

GemPcCCID (Version: 2.0.1 - Gemalto) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)

iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel® Network Connections 17.2.154.0 (HKLM\...\PROSetDX) (Version: 17.2.154.0 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)

iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.)

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.199 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden

NVIDIA 3D Vision Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.62 - NVIDIA Corporation)

NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)

NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)

O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.)

O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.44 - O2Micro International LTD.) Hidden

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden

Parrot Software Update Tool (HKLM-x32\...\Parrot Flash Update Wizard) (Version:  - )

PBA Driver (Version: 1.0.1.7 - Dell Inc.) Hidden

PDF Pro 10 (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 10.8.0000 - PDF Pro Software)

PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1050.0 - Passmark Software)

Preboot Manager (Version: 03.05.00.026 - Wave Systems Corp.) Hidden

PremierColor (HKLM-x32\...\{8BEF0E8C-85BD-4680-B808-4313E89BCDA2}) (Version: 2.00.053 - Portrait Displays, Inc.)

Private Information Manager (Version: 07.03.00.016 - Wave Systems Corp.) Hidden

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Rapport (x32 Version: 3.5.1507.84 - Trusteer) Hidden

Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden

SDK (x32 Version: 2.31.009 - Portrait Displays, Inc.) Hidden

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SI TSS (Version: 2.1.41 - Security Innovation) Hidden

Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.83040 - Sonos, Inc.)

SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden

ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)

TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

toolkit32for64bit (x32 Version: 7.68.85.0013 - Wave Systems Corp) Hidden

Trusted Drive Manager (Version: 5.0.0.304 - Wave Systems Corp.) Hidden

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.84 - Trusteer)

Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden

Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden

Wave Infrastructure Installer (Version: 07.68.85.0014 - Wave Systems Corp) Hidden

Wave Support Software Installer (Version: 05.15.00.021 - Wave Systems Corp) Hidden

WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3678175132-4020689451-848652562-1001_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2011\acadltficn.dll (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-3678175132-4020689451-848652562-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-3678175132-4020689451-848652562-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD LT 2011\acadlt.exe (Autodesk, Inc.)

 

==================== Restore Points =========================

 

05-11-2015 14:51:30 Installed Rapport

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2015-09-25 14:58 - 00000856 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

0.0.0.1   mssplus.mcafee.com

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0A10B8AC-3ED8-4967-B528-47E40504FB80} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)

Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {1667DF4B-EA49-449A-B7C0-F4CEE5336BD9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {19254F1C-3004-4D71-A6C6-88A6CE80A2CC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {1B103B80-6197-4B31-825C-8219CA8B2189} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {25804AE0-DE32-41E0-A86D-B18E530D49B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {27412A7E-2A8A-4452-88EA-ABF1C486B7EE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {276E116B-3E84-4F94-A095-1704DC37EEA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {3B84A226-09E8-4C98-AECC-BD2D94E06E82} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {450BD58A-50A5-4D64-BEBF-9AC4AD3D6E16} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)

Task: {49072A42-1C33-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {4919C44B-2411-4DE0-8A96-39883A5F71A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {49C3CE6D-CD78-4B90-B514-D88C35CD1DDF} - System32\Tasks\TweakBit\PCRepairKit\Start PCRepairKit automatic scanning => C:\Program Files (x86)\TweakBit\PCRepairKit\PCRepairKit.exe [2015-08-05] (TweakBit) <==== ATTENTION

Task: {4E0A97BB-D761-4594-BAEE-D2DD15A03B04} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)

Task: {4F30713E-7584-456D-85B8-8A9C79CBC837} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

Task: {4FA6046F-7278-466F-B50B-B6086B476C12} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)

Task: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {5D032CD9-0177-404A-965C-D3A5116CAE17} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {721F5CA8-67F2-45BB-99AD-33301709F0A9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {73E70BCF-F1D4-433B-B480-71467F5A7E8C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-01] (Microsoft Corporation)

Task: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {7940F3E8-1C9D-478E-97D4-DDA348A89EC0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

Task: {85E5D9E6-82C1-4749-9E16-7594CAAB6257} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-10-17] (Wave Systems Corp.)

Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION

Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {95AC0316-6268-4274-AECF-7DEC3704A5BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)

Task: {98C71DD4-BD0B-439D-A6F6-6E60597E04BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {99E5F2DC-C6C4-4BF7-AE40-DD02E885C5C9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {9EA764D4-90D5-4C3D-9927-6B031CA17296} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {A3CE510E-1371-45EB-855C-71D204CB414E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {A5E61D41-23E0-40AC-8A90-D8D018BEA13A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {A6B923C7-FD82-4E0E-9E76-958A2554F94A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {A8A2826F-8AAD-41F0-AE38-548961EAC50B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {C2F8F724-F009-4CC3-B35A-0FDA61D6F3AE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe

Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {D165E359-03E6-4BD7-995B-D4B9E6286BA4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {D938FB09-22B0-4F1D-97FD-0897F5BF6B10} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {DB42F1A9-6960-4394-96D0-66FFAAB37011} - System32\Tasks\GoogleUpdateTaskMachineUA1cef0503dcf32c9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {F897A742-B962-4045-BF81-0203361AA765} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-09-01] (McAfee, Inc.)

Task: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cef0503dcf32c9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-09-29 04:56 - 2015-09-29 04:56 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll

2015-09-28 20:05 - 2015-07-23 01:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-03-29 09:35 - 2012-07-23 21:42 - 00080976 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll

2015-09-29 04:56 - 2015-09-29 04:57 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-05-29 17:58 - 2015-10-07 19:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2012-11-23 21:34 - 2012-11-23 21:34 - 00020480 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe

2015-10-01 22:56 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-10-01 22:56 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2015-03-18 03:22 - 2015-09-01 16:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-03-29 09:35 - 2012-07-23 21:42 - 00268368 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll

2015-10-01 22:56 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-07-10 10:59 - 2015-07-10 10:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll

2015-10-01 22:56 - 2015-09-17 05:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-10-01 22:56 - 2015-09-17 05:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-10-01 22:56 - 2015-09-17 05:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-10-01 22:56 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2013-03-29 09:35 - 2012-07-23 21:42 - 00132688 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

2013-03-29 09:35 - 2012-07-23 21:42 - 00137808 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe

2013-11-24 14:24 - 2003-04-18 12:36 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe

2015-07-10 11:00 - 2015-07-10 11:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll

2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2013-03-29 09:35 - 2012-07-23 21:42 - 00079440 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

2013-03-29 09:35 - 2012-07-23 21:21 - 00180224 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll

2015-10-31 12:14 - 2015-10-20 14:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll

2015-10-31 12:14 - 2015-10-20 14:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

2015-11-03 04:42 - 2015-11-03 04:42 - 00172544 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e6a3d77e2530f0f484a9437f97326e19\IsdiInterop.ni.dll

2013-03-29 09:25 - 2012-05-30 18:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2015-09-15 13:25 - 2015-09-15 13:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-11-21 14:09 - 2014-11-21 14:09 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2013-09-01 08:37 - 2012-10-20 08:06 - 00687856 _____ () C:\Program Files (x86)\PDF Pro 10\js32.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3678175132-4020689451-848652562-1000\Control Panel\Desktop\\Wallpaper ->

HKU\S-1-5-21-3678175132-4020689451-848652562-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Stevie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Stevie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Settings.lnk => C:\Windows\pss\Smart Settings.lnk.Startup

MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

MSCONFIG\startupreg: DBRMTray => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

MSCONFIG\startupreg: DFEPApplication => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe

MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

MSCONFIG\startupreg: vspdfprsrv.exe => C:\Program Files (x86)\PDF Pro 10\vspdfprsrv.exe --background

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{EDCACA88-5711-469D-BBC5-E1588CDF2E32}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{C58722F5-8A10-4C0C-89AA-C2D7DC10BC1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{17DC1956-A3C6-43F4-9760-C72FC39E8675}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8E03DCAB-4963-44B6-9238-6BE9393C13DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{433A1F76-20C6-4A4D-8D85-4BF406F92805}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{9A2BB4A1-753C-4C68-ABCC-E91C2724B8B3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{D7D683C4-3BF8-456A-B5F3-2B000AAD4CB8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{F4808A08-AACF-46AC-90C8-4043D8CE4C63}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{09265108-7403-4712-9178-1C6A516E3746}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [UDP Query User{F3392AC9-FDD3-4048-B9C1-EDE5A54EEB89}C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => (Allow) C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe

FirewallRules: [TCP Query User{D103ECAD-F39A-44BB-8A7A-8E4809F4F28E}C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => (Allow) C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe

FirewallRules: [{2050265B-8D3B-4ACA-AB9D-23399B1AB3B3}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe

FirewallRules: [{8016A4E6-DFCC-4BF7-A1B1-E1CAC55B2A2A}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe

FirewallRules: [{C3CD78B3-F4C0-49DC-8227-5F474D129070}] => (Allow) C:\Program Files (x86)\bttb\dtuser.exe

FirewallRules: [{E413DB59-78A5-419B-813F-A8BF0501DC2A}] => (Allow) C:\Program Files (x86)\bttb\dtuser.exe

FirewallRules: [{385F8ED1-F138-44E0-B922-AB798D325193}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe

FirewallRules: [{936E92D1-9721-4EE2-B168-498A70D530A2}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe

FirewallRules: [{F2B519C6-74A4-4B03-AEA5-3F54D17CEC87}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

FirewallRules: [{B9EA6230-3E86-49B8-AFDB-26F558CFAA80}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

FirewallRules: [{25734BF6-E59C-4C36-AFA2-5D800732988F}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe

FirewallRules: [{0236BB3C-3D62-48A1-BE83-DA17AFC03F1B}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe

FirewallRules: [{B25843B2-3AA8-4595-BFD7-3C5DD6B3208D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{BE870CE5-D894-4350-81A4-62EF3504F50E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{EA3B39F7-7CCA-40CE-BCE0-4D72C64D1F19}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{E917036B-D7D3-4EFB-A450-F9C05D6194B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{FE950344-EFF6-4907-906B-A33C5534CB09}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{07861716-AA82-469D-B5AB-59F5A3F96483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{D782560F-6FE0-49DB-BDA1-EA33FED61BF7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{C6EA207E-74D2-4888-A7C3-12A3D7D6BDDC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{BBBCB4A2-5C6B-478C-B9A1-0F06E654F390}] => (Allow) LPort=1900

FirewallRules: [{626ADF2F-A1C2-4DF3-A3C8-86C1B055D4EC}] => (Allow) LPort=2869

FirewallRules: [{C109085D-3878-4CEF-9603-CDD0763CB566}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{43714F7E-9AF0-4BEE-AA33-440047406290}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

Name:

Description:

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer:

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart Plus B209a-m

Description: Photosmart Plus B209a-m

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP Deskjet F4500

Description: HP Deskjet F4500

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Hewlett-Packard

Service: StillCam

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/06/2015 11:50:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0x2560

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:50:18 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0x26a8

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:50:16 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0x24c4

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:49:24 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0x2744

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:49:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0x1124

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:49:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0xf1c

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:49:16 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0x21a0

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0xfec

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:49:10 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0x1bc8

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (11/06/2015 11:49:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39e9

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92

Exception code: 0xc0000409

Fault offset: 0x0000000000083837

Faulting process id: 0x7dc

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

 

System errors:

=============

Error: (11/06/2015 11:34:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Boot Delay Start Service service failed to start due to the following error:

%%1053

 

Error: (11/06/2015 11:34:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.

 

Error: (11/06/2015 11:34:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Interactive Services Detection service terminated with the following error:

%%1

 

Error: (11/06/2015 11:31:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Boot Delay Start Service service failed to start due to the following error:

%%1053

 

Error: (11/06/2015 11:31:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.

 

Error: (11/06/2015 11:31:50 AM) (Source: DCOM) (EventID: 10010) (User: Stevie-PC)

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (11/06/2015 11:31:25 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}

 

Error: (11/06/2015 11:31:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Platform Services service failed to start due to the following error:

%%1053

 

Error: (11/06/2015 11:31:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

 

Error: (11/06/2015 11:31:25 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}

 

 

CodeIntegrity:

===================================

  Date: 2015-11-03 08:14:13.251

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 08:14:13.216

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 08:14:13.168

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 08:14:13.065

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 08:14:13.005

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 08:14:12.911

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 08:14:12.102

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 08:14:11.942

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 04:40:26.809

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-11-03 04:40:26.773

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i7-3740QM CPU @ 2.70GHz

Percentage of memory in use: 14%

Total physical RAM: 32673.61 MB

Available physical RAM: 27950.77 MB

Total Virtual: 65441.61 MB

Available Virtual: 61227.95 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:919.71 GB) (Free:792.36 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: B44F8C81)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=11.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 08 November 2015 - 10:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO-x32: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
Toolbar: HKLM-x32 - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
CHR Extension: (BT Toolbar) - C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-07-27] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx [2014-02-07]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {19254F1C-3004-4D71-A6C6-88A6CE80A2CC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1B103B80-6197-4B31-825C-8219CA8B2189} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {25804AE0-DE32-41E0-A86D-B18E530D49B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {27412A7E-2A8A-4452-88EA-ABF1C486B7EE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3B84A226-09E8-4C98-AECC-BD2D94E06E82} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4919C44B-2411-4DE0-8A96-39883A5F71A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5D032CD9-0177-404A-965C-D3A5116CAE17} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {721F5CA8-67F2-45BB-99AD-33301709F0A9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9EA764D4-90D5-4C3D-9927-6B031CA17296} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8A2826F-8AAD-41F0-AE38-548961EAC50B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D938FB09-22B0-4F1D-97FD-0897F5BF6B10} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
C:\Program Files (x86)\bttb
C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Clean this cache.

How to clear cache and browsing history with Microsoft Edge
http://www.techulator.com/resources/14556-How-to-clear-cache-and-browsing-history-with-Microsoft-Edge.aspx

===

Restart the computer normally to reset the registry.

How is the computer running now?

#3 tadlington

tadlington
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 08 November 2015 - 03:32 PM

Hi nasdaq,

 

Thank you very much for helping me with this problem.

 

​I have followed your instructions as requested.  Unfortunately,  there does not appear to be any improvement with the operation  of the computer.

 

I have also just noticed a worrying symptom.  When I started Outlook the computer was continually contacting a web site... comms.ice.org.uk.  The only way I could stop Outlook was by using Task Manager.

 

I have posted the Fixlog.txt file as requested.

 

Once again... thank you for all your help.

 

Kind regards,

 

Tony.

 

==============================================

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015

Ran by Stevie (2015-11-08 19:51:17) Run:1
Running from C:\Users\Stevie\Downloads
Loaded Profiles: UpdatusUser & Stevie (Available Profiles: UpdatusUser & Stevie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
BHO-x32: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
Toolbar: HKLM-x32 - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
CHR Extension: (BT Toolbar) - C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-07-27] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx [2014-02-07]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {19254F1C-3004-4D71-A6C6-88A6CE80A2CC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1B103B80-6197-4B31-825C-8219CA8B2189} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {25804AE0-DE32-41E0-A86D-B18E530D49B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {27412A7E-2A8A-4452-88EA-ABF1C486B7EE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3B84A226-09E8-4C98-AECC-BD2D94E06E82} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4919C44B-2411-4DE0-8A96-39883A5F71A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5D032CD9-0177-404A-965C-D3A5116CAE17} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {721F5CA8-67F2-45BB-99AD-33301709F0A9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9EA764D4-90D5-4C3D-9927-6B031CA17296} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8A2826F-8AAD-41F0-AE38-548961EAC50B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D938FB09-22B0-4F1D-97FD-0897F5BF6B10} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
C:\Program Files (x86)\bttb
C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} => value removed successfully
HKCR\Wow6432Node\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} => key not found. 
C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg <==== ATTENTION => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg" => key removed successfully
C:\Program Files (x86)\bttb\toolbar.crx => moved successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19254F1C-3004-4D71-A6C6-88A6CE80A2CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19254F1C-3004-4D71-A6C6-88A6CE80A2CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B103B80-6197-4B31-825C-8219CA8B2189}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B103B80-6197-4B31-825C-8219CA8B2189}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25804AE0-DE32-41E0-A86D-B18E530D49B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25804AE0-DE32-41E0-A86D-B18E530D49B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27412A7E-2A8A-4452-88EA-ABF1C486B7EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27412A7E-2A8A-4452-88EA-ABF1C486B7EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B84A226-09E8-4C98-AECC-BD2D94E06E82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B84A226-09E8-4C98-AECC-BD2D94E06E82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4919C44B-2411-4DE0-8A96-39883A5F71A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4919C44B-2411-4DE0-8A96-39883A5F71A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D032CD9-0177-404A-965C-D3A5116CAE17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D032CD9-0177-404A-965C-D3A5116CAE17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{721F5CA8-67F2-45BB-99AD-33301709F0A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{721F5CA8-67F2-45BB-99AD-33301709F0A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EA764D4-90D5-4C3D-9927-6B031CA17296}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EA764D4-90D5-4C3D-9927-6B031CA17296}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8A2826F-8AAD-41F0-AE38-548961EAC50B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8A2826F-8AAD-41F0-AE38-548961EAC50B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D938FB09-22B0-4F1D-97FD-0897F5BF6B10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D938FB09-22B0-4F1D-97FD-0897F5BF6B10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
C:\Program Files (x86)\bttb => moved successfully
C:\Users\Stevie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg => moved successfully
EmptyTemp: => 299.5 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:53:47 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 09 November 2015 - 08:44 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
process;
installer-list;
installedprogs;
startupall;
firefoxlook; 
chromelook;
srinfo;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

#5 tadlington

tadlington
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 09 November 2015 - 10:59 AM

Hi Nasdaq,

 

I have followed your instructions and have attached the zoek-results as requested.

 

I did struggle to shut down McAfee Security Center as it appears to be a later version than the one in the instructions.  However I managed to stop both the Firewall and Anti Virus systems.

 

Many thanks,

 

Tony.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 09 November 2015 - 01:51 PM

I'm missing the attached file.

#7 tadlington

tadlington
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 09 November 2015 - 02:34 PM

Sorry nasdsaq... Not quite sure what happened there.  

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 10 November 2015 - 09:25 AM

Your log is clean.

Have a look at this topic. It may be the fix for Outlook you are looking for.

http://www.msoutlook.info/question/720

Keep me posted.

#9 tadlington

tadlington
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 13 November 2015 - 11:54 AM

Hi nasdaq,

Thanks for all your help. It is good to know that the logs are clean.

The advice given in the post you supplied did in fact fix Outlook.

Unfortunately, I'm still not able to run Edge or Internet Explorer on his machine. I can only assume that this is a fault with the OS rather that any malicious software running. I am researching if I can do anything to repair the system to allow theses to run.

Once again, thank you for all the help and advice.

Kind regards,

Tony..

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 14 November 2015 - 09:13 AM

I did not upgrade to Windows 10 so I cannot help you much with this.

I Googled this string unable to run Edge to find out you are not alone.

See what you can do to correct this issue.

You may also start a new topic in the Windows 10 Forum.
http://www.bleepingcomputer.com/forums/f/229/windows-10-support/

May be someone will be able to help.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 20 November 2015 - 08:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users