Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple MSEdge opening in TCP View until I get disconnected


  • This topic is locked This topic is locked
29 replies to this topic

#1 Zanadoon

Zanadoon

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest
  • Local time:09:36 AM

Posted 02 February 2017 - 04:13 PM

I was directed to this forum from Am I Infected.     I completed the steps in preparation.  Here is what we did so far.

 

My computer seizes up and not able to use even mouse to be able to reboot.  Multiple windows are not visable in Edge but I can see in TCPView multiple active IP addresses and an established IP to Browser_broker.exe

I ran RKILL

Malwarebyes

Adwcleaner

Webroot Secure

nothing came up with all that then I ran 

Hitman and it removed some cookies.   I rebooted and still having same issue

 

 

Advised to do this and completed:

 

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd Dogbone "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:RunOnce Uninstall C:\Users\Dogbone\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 Microsoft Corporation Dogbone C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dogbone\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated All users C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-VOYAGER-HP-Dogbone Adobe Systems Incorporated Dogbone C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd Dogbone "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task HPCeeScheduleForDogbone Hewlett-Packard Dogbone C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForDogbone (null)
Yes Task {314114F8-D33E-46A5-B036-D8AC3B09659E} Microsoft Corporation Users "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/5.6.0.110.399/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
 

Uninstall these programs:

Adobe AIR Adobe Systems Incorporated 10/27/2016 23.4 MB 19.0.0.241 All users
Adobe Community Help Adobe Systems Incorporated. 10/27/2016 249 MB 3.5.23 All users
Adobe Flash Player 11 ActiveX (x64) Adobe Systems Incorporated 4/12/2013 16.6 MB 11.2.202.222 All users (Use instructions at Uninstall Flash Player for Windows
Facebook Hewlett-Packard 4/12/2013 22.8 MB 1.1.0004 All users
Facebook for HP TouchSmart Hewlett-Packard 4/12/2013 22.8 MB 1.1.0004 All users

HP Application Assistant  8/18/2015   All users

Java 8 Update 66 Oracle Corporation 12/10/2015 177 MB 8.0.660.18 All users

Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 4/12/2013 11.1 MB 15.4.5722.2 All users

 

Browser broker is part of the only browser you are using...Edge

From the web:

When you run Microsoft Edge browser and see task manager, you can notice Browser_Broker.exe process also running under Background Processes, if you close Edge browser, this process also disappears.

 

After doing the above let me know if you are still having the problem.

 

Did you purchase Webroot?

 

 

****************

I did purchase Webroot and also Malwarebytes but neither have found anything

Still having problems

Below is a partial 'picture' of what I'm talking about

I do have Satellite internet

 

 

 

After opening the Browser this is a picture of the cut and past of TCP View. 

 

OfficeClickToRun.exe 2508 TCP voyager-hp.viasatdomain 50575 a23-44-161-102.deploy.static.akamaitechnologies.com http ESTABLISHED 9 1,515 9 2,400      
OfficeClickToRun.exe 2508 TCP voyager-hp.viasatdomain 50576 199.117.103.155 http ESTABLISHED 9 1,641 25 52,870      
OfficeClickToRun.exe 2508 TCP voyager-hp.viasatdomain 50577 a23-3-96-235.deploy.static.akamaitechnologies.com http ESTABLISHED 1 202 2 6,873      
 

 

MicrosoftEdge.exe 4964 TCP voyager-hp.viasatdomain 50685 icy-veins.com http CLOSE_WAIT 1 306 5 5,229      
MicrosoftEdge.exe 4964 TCP voyager-hp.viasatdomain 50686 icy-veins.com http CLOSE_WAIT          
MicrosoftEdgeCP.exe 8604 TCP voyager-hp.viasatdomain 50581 104.43.203.255 https ESTABLISHED 6 2,498 8 6,770      
MicrosoftEdgeCP.exe 8604 TCP voyager-hp.viasatdomain 50582 a23-3-96-130.deploy.static.akamaitechnologies.com https CLOSE_WAIT 2 373 5 3,959      
MicrosoftEdgeCP.exe 8604 TCP voyager-hp.viasatdomain 50583 a23-3-96-130.deploy.static.akamaitechnologies.com https CLOSE_WAIT 2 373 5 3,960      
MicrosoftEdgeCP.exe 8604 TCP voyager-hp.viasatdomain 50586 104.43.203.255 https ESTABLISHED 3 2,387 6 6,104      
MicrosoftEdgeCP.exe 8604 TCP voyager-hp.viasatdomain 50587 104.43.203.255 https ESTABLISHED 2 430 5 5,491      
MicrosoftEdgeCP.exe 8604 TCP voyager-hp.viasatdomain 50588 104.43.203.255 https ESTABLISHED 4 1,496 6 5,960      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50589 icy-veins.com http CLOSE_WAIT          
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50590 icy-veins.com http CLOSE_WAIT 1 387 16 19,882      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50592 hwcdn.net http CLOSE_WAIT          
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50593 hwcdn.net http CLOSE_WAIT 1 422 36 46,023      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50594 icy-veins.com http CLOSE_WAIT 5 2,516 18 13,470      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50595 icy-veins.com http CLOSE_WAIT 5 2,471 36 41,118      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50596 icy-veins.com http CLOSE_WAIT 5 2,514 19 15,710      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50597 icy-veins.com http CLOSE_WAIT 4 1,989 48 58,552      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50598 icy-veins.com http CLOSE_WAIT 4 1,893 127 170,944      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50599 icy-veins.com http CLOSE_WAIT 4 1,977 122 166,902      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50600 den03s09-in-f2.1e100.net http CLOSE_WAIT          
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50601 den03s09-in-f2.1e100.net http CLOSE_WAIT 1 429 3 1,596      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50602 104.16.84.211 http CLOSE_WAIT 1 428 4 3,903      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50603 104.16.84.211 http CLOSE_WAIT 1 446 5 5,693      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50605 icy-veins.com http CLOSE_WAIT 5 2,653 13 8,230      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50606 icy-veins.com http CLOSE_WAIT 5 2,644 40 42,217      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50607 icy-veins.com http CLOSE_WAIT 5 2,509 10 6,419      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50608 icy-veins.com http CLOSE_WAIT 5 2,658 59 71,996      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50609 67-217-177-126.ash01.latisys.net http CLOSE_WAIT 1 3,144 2 932      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50610 67-217-177-126.ash01.latisys.net http CLOSE_WAIT 1 491 2 1,778      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50611 adtechus-ads-adtech-scd-blue-a.evip.aol.com http CLOSE_WAIT 2 1,072 2 1,068      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50612 adtechus-ads-adtech-scd-blue-a.evip.aol.com http CLOSE_WAIT 2 1,070 3 1,067      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50613 144.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net http CLOSE_WAIT 3 1,782 8 4,462      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50614 144.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net http CLOSE_WAIT 4 2,250 8 4,409      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50615 144.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net http CLOSE_WAIT 3 1,782 10 6,101      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50616 144.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net http CLOSE_WAIT 3 1,782 9 3,533      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50617 144.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net http CLOSE_WAIT 3 1,781 8 3,532      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50618 144.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net http CLOSE_WAIT 3 1,784 9 4,465      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50619 162.248.16.31 http CLOSE_WAIT 1 849 3 1,460      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50620 162.248.16.31 http CLOSE_WAIT 1 848 3 1,473      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50621 162.248.16.31 http CLOSE_WAIT 1 848 2 1,476      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50622 ox-173-241-242-220.xv.dc.openx.org http CLOSE_WAIT 3 2,030 3 1,927      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50623 ox-173-241-242-220.xv.dc.openx.org http CLOSE_WAIT 3 2,036 4 1,945      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50624 162.248.16.31 http CLOSE_WAIT 1 848 2 1,458      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50625 162.248.16.31 http CLOSE_WAIT 1 848 2 1,459      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50626 adtechus-ads-adtech-scd-blue-a.evip.aol.com http CLOSE_WAIT 2 1,072 3 1,068      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50627 adtechus-ads-adtech-scd-blue-a.evip.aol.com http CLOSE_WAIT 2 1,072 3 1,068      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50628 adtechus-ads-adtech-scd-blue-a.evip.aol.com http CLOSE_WAIT 2 1,072 3 1,071      
MicrosoftEdgeCP.exe 13928 TCP voyager-hp.viasatdomain 50634 ox-173-241-242-220.xv.dc.openx.org http CLOSE_WAIT 3 2,050 3 1,948  

    

 

 

-----------This is still the problem I was having when it keeps knocking me offline.  Everytime I do a search.           

-----------I did not capture it All but it's at 200 and keeps going until I close out the browser or it knocks me offline

   Is it safe to use my secure sites like my bank?

-----------Task Manager Background Processes  shows duplicate MS Edge; and MS Edge Content Process

 

 

 

 

 

Okay,   I was able to complete all the steps to post here and below are the FRST and Addition txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Dogbone (administrator) on VOYAGER-HP (02-02-2017 15:49:36)
Running from C:\Users\Dogbone\Desktop
Loaded Profiles: Dogbone (Available Profiles: Dogbone & Owner & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Farbar) C:\Users\Dogbone\Desktop\FRST64 2017.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1193728 2016-08-10] (PDF Complete Inc)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\RunOnce: [Uninstall C:\Users\Dogbone\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dogbone\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152064 2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-05-19]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-05-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 99.196.99.99 99.197.99.99
Tcpip\..\Interfaces\{2134d8e5-c770-4e2c-8d9d-51da5631c6d3}: [DhcpNameServer] 99.196.99.99 99.197.99.99
Tcpip\..\Interfaces\{970dbe7d-c1ab-483b-93bc-1928617af5d4}: [DhcpNameServer] 99.196.99.99 99.197.99.99
Tcpip\..\Interfaces\{a259773f-71a3-499b-9a92-873fc12af780}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fb656f07-a170-47c6-a7c8-64ff9b7c1061}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {5DF5D17E-C6B0-4C92-84D4-6AE2401F972C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5DF5D17E-C6B0-4C92-84D4-6AE2401F972C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2785022474-3071207944-3203506637-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-05-19] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-05-19] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-05-19] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-05-19] (Webroot)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://files.pcpitstop.com/cab/pcmatic.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1449751115390
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2785022474-3071207944-3203506637-1003 -> hxxp://www.ixquick.com/
FireFox:
========
FF DefaultProfile: ej4k2l83.default
FF ProfilePath: C:\Users\Dogbone\AppData\Roaming\Mozilla\Firefox\Profiles\ej4k2l83.default [2017-02-02]
FF Extension: (Webroot Password Manager) - C:\Users\Dogbone\AppData\Roaming\Mozilla\Firefox\Profiles\ej4k2l83.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-05-19]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-22] (NVIDIA Corporation)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-13] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-22] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719040 2016-08-10] (PDF Complete Inc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208176 2015-10-13] (Broadcom Corporation.)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-03-04] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_49b226e6441043f1\nvlddmkm.sys [14145592 2016-10-23] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56376 2016-10-01] (NVIDIA Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [561672 2015-09-22] (Tempo Semiconductor Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-01-18] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2016-09-29] (Webroot)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202656 2016-05-03] (Zemana Ltd.)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-02 15:49 - 2017-02-02 15:50 - 00016513 _____ C:\Users\Dogbone\Desktop\FRST.txt
2017-02-02 15:49 - 2017-02-02 15:49 - 00000000 ____D C:\FRST
2017-02-02 15:45 - 2017-02-02 15:48 - 02420736 _____ (Farbar) C:\Users\Dogbone\Desktop\FRST64 2017.exe
2017-02-02 14:53 - 2017-02-02 14:54 - 00000219 _____ C:\Users\Dogbone\Desktop\MALWARE REMOVAL GUIDE.url
2017-02-02 12:36 - 2017-02-02 12:36 - 00001666 _____ C:\Users\Dogbone\Desktop\SCHEDULED TASKS AFTER CLEANING.txt
2017-02-02 01:00 - 2017-02-02 01:01 - 01269848 _____ (Adobe Systems Incorporated) C:\Users\Dogbone\Desktop\uninstall_flash_player.exe
2017-02-02 00:53 - 2017-02-02 00:54 - 00000165 _____ C:\Users\Dogbone\Desktop\ACTIVE X.url
2017-02-01 18:57 - 2017-02-01 18:57 - 00000000 ____D C:\Users\Dogbone\.oracle_jre_usage
2017-02-01 16:01 - 2017-02-01 16:01 - 00018384 _____ C:\Users\Dogbone\Desktop\CC Uninstalled.txt
2017-02-01 16:01 - 2017-02-01 16:01 - 00001672 _____ C:\Users\Dogbone\Desktop\CC Scheduled Tasks.txt
2017-02-01 15:59 - 2017-02-01 15:59 - 00003616 _____ C:\Users\Dogbone\Desktop\CC startup.txt
2017-02-01 15:57 - 2017-02-01 19:19 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-01 15:57 - 2017-02-01 15:58 - 00000000 ____D C:\Program Files\CCleaner
2017-02-01 15:57 - 2017-02-01 15:57 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-01 15:57 - 2017-02-01 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-01 15:55 - 2017-02-01 15:56 - 08845344 _____ (Piriform Ltd) C:\Users\Dogbone\Desktop\ccsetup526pro.exe
2017-02-01 15:37 - 2017-02-01 15:37 - 00541153 _____ C:\Users\Dogbone\Desktop\FURNICE FROM TYLER.pdf
2017-01-31 15:29 - 2017-01-31 15:29 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-01-31 15:26 - 2017-01-31 15:26 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-01-31 15:15 - 2017-01-31 15:26 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-31 15:09 - 2017-01-31 15:11 - 04015056 _____ C:\Users\Dogbone\Desktop\adwcleaner_6.043.exe
2017-01-31 14:23 - 2017-01-31 15:16 - 11581544 _____ (SurfRight B.V.) C:\Users\Dogbone\Desktop\HitmanPro_x64.exe
2017-01-31 10:23 - 2017-01-31 14:27 - 00000000 ____D C:\Users\Dogbone\Desktop\Jan 31 addon
2017-01-19 22:52 - 2017-02-02 12:15 - 00000000 ____D C:\Users\Dogbone\Desktop\COMPUTER RESEARCH
2017-01-17 13:40 - 2017-01-31 14:46 - 00003552 _____ C:\Users\Dogbone\Desktop\Rkill.txt
2017-01-16 13:15 - 2017-01-17 13:40 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dogbone\Desktop\rkill.exe
2017-01-16 12:26 - 2017-01-16 12:26 - 00000112 _____ C:\Users\Dogbone\Desktop\GEO IP.url
2017-01-16 12:22 - 2017-01-19 22:51 - 00000000 ____D C:\Users\Dogbone\Desktop\BLOOD SUGAR LOGS
2017-01-13 17:20 - 2017-01-19 23:01 - 00001611 _____ C:\Users\Dogbone\Desktop\Tcpview - Shortcut.lnk
2017-01-10 14:31 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 14:31 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 14:31 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 14:31 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 14:31 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 14:31 - 2016-12-21 02:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 14:31 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 14:31 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 14:31 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 14:31 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 14:31 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 14:31 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 14:31 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 14:31 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 14:31 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 14:31 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 14:31 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 14:31 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 14:31 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 14:31 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 14:31 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 14:31 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 14:31 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 14:31 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 14:31 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 14:31 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 14:31 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 14:31 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 14:31 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 14:31 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 14:31 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 14:31 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 14:31 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 14:31 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 14:31 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 14:31 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 14:31 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 14:31 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 14:31 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 14:31 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 14:31 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 14:31 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 14:31 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 14:31 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 14:31 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 14:31 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 14:31 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 14:31 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 14:31 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 14:31 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 14:31 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 14:31 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 14:31 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 14:31 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 14:31 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 14:31 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 14:31 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 14:31 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 14:31 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 14:31 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 14:31 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 14:31 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 14:31 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 14:31 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 14:31 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 14:31 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 14:31 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 14:31 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 14:31 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 14:31 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 14:31 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 14:31 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 14:31 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 14:31 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 14:31 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 14:31 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 14:31 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 14:31 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 14:31 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 14:31 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 14:31 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 14:31 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 14:31 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 14:31 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 14:31 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 14:31 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 14:31 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 14:31 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 14:31 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 14:31 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 14:31 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 14:31 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 14:31 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 14:31 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 14:31 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 14:31 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 14:31 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 14:31 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 14:31 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 14:31 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 14:31 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 14:31 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 14:31 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 14:31 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 14:31 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 14:31 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 14:31 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 14:31 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 14:31 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 14:31 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 14:31 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 14:31 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 14:31 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 14:31 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 14:31 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 14:31 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 14:31 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 14:31 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 14:31 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 14:31 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 14:31 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 14:31 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 14:31 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 14:31 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 14:31 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 14:31 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 14:31 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 14:31 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 14:31 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 14:31 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 14:31 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 14:31 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 14:31 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 14:31 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 14:31 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 14:31 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 14:31 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 14:31 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 14:31 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 14:31 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 14:31 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 14:31 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 14:31 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 14:31 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 14:31 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 14:31 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 14:31 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 14:31 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 14:31 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 14:31 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 14:31 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 14:31 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 14:31 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 14:31 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 14:31 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 14:31 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 14:31 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 14:31 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 14:31 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 14:31 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 14:31 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 14:31 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 14:31 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 14:31 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 14:31 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 14:31 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 14:31 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 14:31 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 14:31 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 14:31 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 14:31 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 14:31 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-08 01:40 - 2017-01-25 23:54 - 00001034 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-02 14:59 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-02 14:37 - 2015-08-20 00:01 - 00000000 ____D C:\Users\Dogbone\AppData\Local\Packages
2017-02-02 13:18 - 2016-10-27 02:41 - 00000000 ____D C:\Users\Dogbone
2017-02-02 13:10 - 2016-10-27 02:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-02 12:39 - 2016-09-03 15:18 - 00574976 ___SH C:\Users\Dogbone\Desktop\Thumbs.db
2017-02-02 12:09 - 2016-11-02 23:19 - 00003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDogbone
2017-02-02 12:09 - 2016-11-02 23:19 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDogbone.job
2017-02-02 12:00 - 2016-10-27 03:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-02 12:00 - 2016-05-03 22:27 - 00000119 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-02 12:00 - 2015-12-10 09:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-02 12:00 - 2015-11-16 19:06 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-02 12:00 - 2013-04-12 17:23 - 00000000 ____D C:\ProgramData\PDFC
2017-02-02 01:08 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-02 01:02 - 2015-12-10 09:40 - 00000000 ____D C:\ProgramData\WRData
2017-02-02 01:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-02 01:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-02 00:52 - 2015-08-20 01:09 - 00000000 ____D C:\Users\Dogbone\AppData\Local\Battle.net
2017-02-01 19:58 - 2015-08-20 01:13 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-02-01 19:48 - 2015-08-20 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-01 19:06 - 2013-04-12 17:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-01 19:03 - 2016-10-27 06:34 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-01 19:03 - 2015-09-22 20:10 - 00000000 ____D C:\Users\Dogbone\AppData\Roaming\Ventrilo
2017-02-01 19:03 - 2015-08-19 17:36 - 00000000 ____D C:\Users\Dogbone\AppData\Local\CrashDumps
2017-02-01 18:58 - 2013-04-12 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-02-01 18:56 - 2015-08-18 21:39 - 00000000 ____D C:\Users\Dogbone\AppData\Local\Adobe
2017-02-01 18:56 - 2013-04-12 17:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-01 18:52 - 2016-10-27 03:00 - 00003148 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-01 18:52 - 2016-10-27 03:00 - 00002828 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-VOYAGER-HP-Dogbone
2017-02-01 18:52 - 2016-10-27 03:00 - 00002438 _____ C:\WINDOWS\System32\Tasks\{314114F8-D33E-46A5-B036-D8AC3B09659E}
2017-01-31 20:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-31 15:14 - 2016-05-06 10:52 - 00000000 ____D C:\AdwCleaner
2017-01-30 12:36 - 2015-08-24 19:21 - 00000000 ____D C:\Users\Dogbone\Documents\A - BILLS AND CHECKBOOK
2017-01-19 23:07 - 2015-09-11 13:25 - 00000000 ____D C:\Users\Dogbone\Documents\RECEIPTS
2017-01-19 23:05 - 2016-04-01 21:00 - 00000000 ____D C:\Users\Dogbone\Documents\HEALTH
2017-01-19 23:01 - 2016-10-27 17:00 - 00000988 _____ C:\Users\Dogbone\Desktop\Ventrilo.lnk
2017-01-19 23:01 - 2016-05-03 22:04 - 00001902 _____ C:\Users\Dogbone\Desktop\iExplore - Shortcut.lnk
2017-01-18 01:17 - 2016-05-19 19:05 - 00193072 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-01-18 01:17 - 2016-05-19 19:05 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-01-18 01:17 - 2016-05-19 19:05 - 00126696 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-01-17 13:44 - 2015-10-28 12:42 - 00000000 ____D C:\Users\Dogbone\Documents\COMPUTER
2017-01-13 11:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 10:17 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-12 23:30 - 2016-10-27 02:40 - 03937126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-12 08:38 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-12 08:37 - 2015-08-23 15:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-11 12:29 - 2015-08-20 00:01 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 12:23 - 2016-10-27 02:35 - 00352248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 02:35 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 02:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 02:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 02:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 02:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 02:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-10 14:48 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 14:46 - 2015-08-18 13:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 14:45 - 2015-08-18 13:22 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 20:56 - 2016-09-30 16:41 - 00000000 ____D C:\Users\Dogbone\Documents\BLOOD SUGAR
==================== Files in the root of some directories =======
2015-12-10 09:41 - 2016-05-19 19:06 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-07-01 10:13 - 2016-07-01 10:13 - 0007606 _____ () C:\Users\Dogbone\AppData\Local\Resmon.ResmonCfg
2015-08-21 12:26 - 2015-12-09 09:27 - 0002395 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-28 13:22
==================== End of FRST.txt ============================

 

 

 

Here is the Addition FIle

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Dogbone (02-02-2017 15:50:19)
Running from C:\Users\Dogbone\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-27 08:06:02)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2785022474-3071207944-3203506637-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2785022474-3071207944-3203506637-503 - Limited - Disabled)
Dogbone (S-1-5-21-2785022474-3071207944-3203506637-1003 - Administrator - Enabled) => C:\Users\Dogbone
Guest (S-1-5-21-2785022474-3071207944-3203506637-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2785022474-3071207944-3203506637-1002 - Limited - Enabled)
Owner (S-1-5-21-2785022474-3071207944-3203506637-1005 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2600 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
2600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
2600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Ansel (Version: 375.63 - NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9482 - K-NFB Reading Technology, Inc.)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.9 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Windows Driver Package - NVIDIA (nvlddmkm) Display  (07/22/2015 10.18.13.5362) (HKLM\...\48DE2EE8CC7BE5E664866426EA660A7040D056AA) (Version: 07/22/2015 10.18.13.5362 - NVIDIA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {042344B2-80F6-4214-93B6-29B2DE51EF10} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {04348BDF-EBDA-4329-AFA1-9FBDC6263BF2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B303F2E-EAA8-4CD6-8D3B-7BBF1A22D0ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {1611D121-7B64-40AF-BF38-1F74EB55E852} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {218CA032-9F1C-4429-93AB-1B735E0F04AF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {35FA3322-1292-4DB0-B960-CBEF29046E4C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {45DF079D-3D8C-46C9-AAAF-2284EDF64E80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {4D0FF355-5DFF-4978-B15D-94DD0B644C67} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4E377430-67D8-4792-85FA-180207148C31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {5A42811C-45AA-4B33-8945-1B20A5CF4FDC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {5BADE7AF-E2D5-4E64-80DB-3BA95A45A422} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-12] (Adobe Systems Incorporated)
Task: {5F02B3BC-4F3F-4713-B4CF-A92CE505CA17} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {71FA6689-4987-49CF-9E2D-C6D001032601} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {73B79E09-060B-420C-9E07-6CB8A0FF35CB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {814E6DAD-55EB-440F-A8C4-C2539C81CCC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {862FCEA9-5FD9-4975-9C31-2A719169BB58} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {89A17677-59F5-434B-9248-445146887D6A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8E57071A-613D-4E1F-80E0-D955725C58F6} - System32\Tasks\{314114F8-D33E-46A5-B036-D8AC3B09659E} => launchwinapp.exe hxxp://ui.skype.com/ui/0/5.6.0.110.399/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {9695DE37-9381-4035-B6F8-6D87A95ACD84} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9AB9104D-D336-4C67-A7B3-19C1141932CA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {A7FCFDE0-7B73-4AB6-8391-388204C9EA76} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A8DADF29-6409-4ACD-BB62-B2ED483E1FC3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B90B3A32-D90E-418B-9CF2-FBE32EEDC5A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {BDD24FCC-D8E6-453C-9B62-9A3925E7ABCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {C33A8D5A-9B4A-403C-9DAC-C74D6D66A849} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C4535B3A-90BA-4974-BEFC-60461E871949} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D0AD9605-DCBD-4C14-ADA0-7E034F7FE915} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {D7E0CF17-06D5-44F2-B771-80EF50DB8F9A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9DBEA6A-3973-4C77-AA14-45BB43A0DDD9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA8317C0-F9F6-4136-9D31-B55F53C08A4D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBB2270E-8D38-4611-923A-54DAA084D826} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E03820A8-5DB7-4080-A9AF-094B3DDCACA3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E56D6C7F-BB0C-44A8-95C5-AE89C41F0918} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {E64FDCEB-A2A5-491F-80F3-C43EA2EBBB04} - System32\Tasks\HPCeeScheduleForDogbone => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E6EA1A8D-2205-4D27-8335-4518DB80492D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {F245C407-79D9-4F1C-9758-651D2E6B7731} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F389EE74-EC8A-447F-8394-81F4CC0CB124} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {FB854D10-422C-4F76-86B3-A4C34B702A21} - System32\Tasks\AdobeAAMUpdater-1.0-VOYAGER-HP-Dogbone => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {FEB9045D-BAC8-46BA-8A23-F6A9EDF4B12E} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\AJU_SMT => "C:\Users\Dogbone\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\AJU_SMT" [Argument = /F]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDogbone.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 12:14 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-24 17:20 - 2016-09-24 17:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-27 02:37 - 2016-10-22 01:04 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 12:14 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-27 03:10 - 2016-10-27 03:10 - 00959168 _____ () C:\Users\Dogbone\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-16 13:15 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-10-27 06:28 - 2016-10-27 06:28 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 14:31 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 14:31 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 14:31 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 14:31 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 14:31 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 14:31 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 14:31 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-11-07 17:14 - 2013-11-07 17:14 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2011-06-21 10:42 - 2011-06-21 10:42 - 01075200 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\ACE.dll
2013-11-07 17:13 - 2013-11-07 17:13 - 00045048 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\archive.dll
2016-12-01 03:59 - 2016-12-01 03:59 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 99.196.99.99 - 99.197.99.99
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CalendarSynchService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "HPSYSDRV"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "NETGEAR USB Control Center"
HKLM\...\StartupApproved\Run32: => "PDF Complete"
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2785022474-3071207944-3203506637-1003\...\StartupApproved\Run: => "Uninstall C:\Users\Dogbone\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [{EF31A09B-54B0-4E51-8FD1-C941F6B9D934}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
==================== Restore Points =========================
18-01-2017 00:58:21 Scheduled Checkpoint
26-01-2017 11:28:29 Scheduled Checkpoint
31-01-2017 15:24:27 Checkpoint by HitmanPro
01-02-2017 18:55:47 Removed Facebook for HP TouchSmart.
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2017 03:41:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Instantiating VSS server
Error: (02/02/2017 03:41:14 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
   Instantiating VSS server
Error: (02/02/2017 03:00:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Instantiating VSS server
Error: (02/02/2017 03:00:46 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
   Instantiating VSS server
Error: (02/02/2017 12:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WRSA.exe, version: 9.0.15.40, time stamp: 0x587d005b
Faulting module name: WRSA.exe, version: 9.0.15.40, time stamp: 0x587d005b
Exception code: 0xc0000005
Fault offset: 0x000fb82f
Faulting process id: 0x4c0
Faulting application start time: 0x01d27d75daa44506
Faulting application path: C:\Program Files\Webroot\WRSA.exe
Faulting module path: C:\Program Files\Webroot\WRSA.exe
Report Id: 8aa8f427-0bc0-4ef2-a0bb-3800fac2548e
Faulting package full name:
Faulting package-relative application ID:
Error: (02/01/2017 06:55:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/31/2017 03:24:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/31/2017 03:24:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ddfa46ca-a021-4744-9121-0406a78afca1}
Error: (01/28/2017 12:49:52 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/28/2017 12:49:52 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {9D8A562A-A964-4414-88E4-528664CAF418}

System errors:
=============
Error: (02/02/2017 12:00:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/02/2017 12:00:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/02/2017 01:03:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/01/2017 07:06:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/01/2017 07:06:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/01/2017 11:53:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/31/2017 10:05:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/31/2017 03:39:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/31/2017 03:30:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/31/2017 01:04:30 PM) (Source: DCOM) (EventID: 10016) (User: VOYAGER-HP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user VOYAGER-HP\Dogbone SID (S-1-5-21-2785022474-3071207944-3203506637-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
  Date: 2016-10-29 03:09:55.062
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:55.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:55.055
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:54.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:54.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:54.315
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:53.572
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:53.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:53.565
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-10-29 03:09:51.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16323.45 MB
Available physical RAM: 14014.74 MB
Total Virtual: 17347.45 MB
Available Virtual: 14545.18 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:910.36 GB) (Free:822.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:20.49 GB) (Free:2.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9B5BA8BF)
Partition: GPT.
==================== End of Addition.txt ============================

 

 

 

 

Thank you for any help you can provide.

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:36 AM

Posted 02 February 2017 - 06:40 PM

Welcome.

 

Perhaps the issue is not malware related, but hardware.

Perform a clean boot and test the computer.

Let me know if by disabling Startup Programs and Services the conditions improve.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Zanadoon

Zanadoon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest
  • Local time:09:36 AM

Posted 03 February 2017 - 01:01 PM

Okay,  I did perform a clean boot. 

You only see this in TCPView, it's not in task manager.  When I open a site other than bleeping computer, I get several edges opening as in sometimes up to 900.  I'm pretty sure it's maybe information gathering for marketing purposes.    I tracked 1 of the IP to Markmonitor.com.

Here is a screen shot.  You might need a magnifying glass, I did.

 

It won't let me cut and paste the screen print from a Word doc.



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:36 AM

Posted 03 February 2017 - 02:31 PM

Lets attempt to reset Microsoft Edge and see if it helps.

  1. Navigate to the location:

    C:\Users\Dogbone\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe

     

     

  2. Delete everything in this folder.

  3. Type Windows Powershell in the search box.

  4. Right click on Windows Powershell and select Run as administrator.

At the Powershell prompt, copy and paste the following command. (If you see two lines, all of it is a single command)

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" –Verbose}

 

Type exit once finished to exit powershell.

 

Let me know the outcome.


Edited by JSntgRvr, 03 February 2017 - 02:35 PM.
Include info

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Zanadoon

Zanadoon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest
  • Local time:09:36 AM

Posted 06 February 2017 - 02:38 AM

Yesterday and today my mouse froze up I finnally was able to close everything out and start over.  I run a Razer mouse that has to be connected to a cloud for the settings.  Also I use Ventrillo for communication when I am gaming.   I stopped everything and came back here.

 

I completed all the steps as above.

Here is the PS cut and paste    I have a 64 bit system and not sure why it keeps loading programs in 32.

 

PS C:\WINDOWS\system32> Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevel
opmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" –Verbose}
VERBOSE: Performing the operation "Register package" on target
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppXManifest.xml".
VERBOSE: Operation completed for: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppXManifest.xml
PS C:\WINDOWS\system32>

 

 

Also,  here is a whois of one of the several edge windows opened.   This was captured prior to the steps you had me take.

 

 

Domain ID: 73065676_DOMAIN_NET-VRSN

Registrar WHOIS Server: whois.godaddy.com

Registrar URL: http://www.godaddy.com

Update Date: 2011-01-10T16:39:27Z

Creation Date: 2001-06-23T07:24:57Z

Registrar Registration Expiration Date: 2021-06-23T07:24:57Z

Registrar: GoDaddy.com, LLC

Registrar IANA ID: 146

Registrar Abuse Contact Email: abuse@godaddy.com

Registrar Abuse Contact Phone: +1.4806242505

Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited

Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited

Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited

Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited

Registry Registrant ID: Not Available From Registry

Registrant Name: Domain Administrator

Registrant Organization: Limelight Networks

Registrant Street: 222 S Mill Avenue

Registrant Street: Suite 800

Registrant City: Tempe

Registrant State/Province: Arizona

Registrant Postal Code: 85281

Registrant Country: US

Registrant Phone: +1.6028505000

Registrant Phone Ext:

Registrant Fax:

Registrant Fax Ext:

Registrant Email: domain@llnw.com

Registry Admin ID: Not Available From Registry

Admin Name: Domain Administrator

Admin Organization: Limelight Networks

Admin Street: 222 S Mill Avenue

Admin Street: Suite 800

Admin City: Tempe

Admin State/Province: Arizona

Admin Postal Code: 85281

Admin Country: US

Admin Phone: +1.6028505000

Admin Phone Ext:

Admin Fax:

Admin Fax Ext:

Admin Email: domain@llnw.com

Registry Tech ID: Not Available From Registry

Tech Name: Domain Administrator

Tech Organization: Limelight Networks

Tech Street: 222 S Mill Avenue

Tech Street: Suite 800

Tech City: Tempe

Tech State/Province: Arizona

Tech Postal Code: 85281

Tech Country: US

Tech Phone: +1.6028505000

Tech Phone Ext:

Tech Fax:

Tech Fax Ext:

Tech Email: domain@llnw.com

Name Server: DNS.LAX.LLNS.NET

Name Server: DNS.SJC.LLNS.NET

Name Server: DNS.LGA.LLNS.NET

Name Server: DNS.IAD.LLNS.NET

DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2017-02-06T05:00:00Z <<<

 

For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en

 

The data contained in GoDaddy.com, LLC's WhoIs database,

while believed by the company to be reliable, is provided "as is"

with no guarantee or warranties regarding its accuracy.  This

information is provided for the sole purpose of assisting you

in obtaining information about domain name registration records.

Any use of this data for any other purpose is expressly forbidden without the prior written

permission of GoDaddy.com, LLC.  By submitting an inquiry,

you agree to these terms of usage and limitations of warranty.  In particular,

you agree not to use this data to allow, enable, or otherwise make possible,

dissemination or collection of this data, in part or in its entirety, for any

purpose, such as the transmission of unsolicited advertising and

and solicitations of any kind, including spam.  You further agree

not to use this data to enable high volume, automated or robotic electronic

processes designed to collect or compile this data for any purpose,

including mining this data for your own personal or commercial purposes.

 

Please note: the registrant of the domain name is specified

in the "registrant" section.  In most cases, GoDaddy.com, LLC

is not the registrant of domain names listed in this database.

 

 

Below was captured after I completed your suggestions,   so  It's still happening.   I'm on a metered connection so it just keeps opening more connections until I get locked up or disconnected.

 

 

 

Domain ID: 2914642_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2013-06-17T15:30:42Z
Creation Date: 1998-08-18T04:00:00Z
Registrar Registration Expiration Date: 2017-08-17T04:00:00Z
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email: domainabuse@tucows.com
Registrar Abuse Contact Phone: +1.4165350123
Reseller: Akamai Technologies
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Registry Registrant ID:
Registrant Name: Hostmaster Billing
Registrant Organization: Akamai Technologies, inc.
Registrant Street: 8 Cambridge Center
Registrant City: Cambridge
Registrant State/Province: MA
Registrant Postal Code: 02142
Registrant Country: US
Registrant Phone: +1.6174443000
Registrant Phone Ext:
Registrant Fax: +1.6174443001
Registrant Fax Ext:
Registrant Email: hostmaster-billing@akamai.com
Registry Admin ID:
Admin Name: Hostmaster Billing
Admin Organization: Akamai Technologies, inc.
Admin Street: 8 Cambridge Center
Admin City: Cambridge
Admin State/Province: MA
Admin Postal Code: 02142
Admin Country: US
Admin Phone: +1.6174443000
Admin Phone Ext:
Admin Fax: +1.6174443001
Admin Fax Ext:
Admin Email: hostmaster-billing@akamai.com
Registry Tech ID:
Tech Name: Hostmaster Billing
Tech Organization: Akamai Technologies, inc.
Tech Street: 8 Cambridge Center
Tech City: Cambridge
Tech State/Province: MA
Tech Postal Code: 02142
Tech Country: US
Tech Phone: +1.6174443000
Tech Phone Ext:
Tech Fax: +1.6174443001
Tech Fax Ext:
Tech Email: hostmaster-billing@akamai.com
Name Server: P6.AKAMAISTREAM.NET
Name Server: P7.AKAMAISTREAM.NET
Name Server: P8.AKAMAISTREAM.NET
Name Server: AX0.AKAMAISTREAM.NET
Name Server: NS6-32.AKAMAISTREAM.NET
Name Server: AX2.AKAMAISTREAM.NET
Name Server: AX3.AKAMAISTREAM.NET
Name Server: NS2-32.AKAMAISTREAM.NET
Name Server: NS3-32.AKAMAISTREAM.NET
Name Server: P5.AKAMAISTREAM.NET
Name Server: AX1.AKAMAISTREAM.NET
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2013-06-17T15:30:42Z <<<
"For more information on Whois status codes, please visit https://icann.org/epp"
Registration Service Provider:
    Akamai Technologies, hostmaster@akamai.com
    617-444-3000
    This company may be contacted for domain login/passwords,
    DNS/Nameserver changes, and general domain support questions.
The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
for information purposes only, and may be used to assist you in obtaining
information about or related to a domain name's registration record.
Tucows makes this information available "as is," and does not guarantee its
accuracy.
By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (B) enable high volume, automated, electronic processes that
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.
The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of Tucows.
Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this
policy.
Tucows reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY.  LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.

 

 

 

  

Thank you,   I'll check back with you.


Edited by Zanadoon, 06 February 2017 - 02:54 AM.


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:36 AM

Posted 06 February 2017 - 10:00 AM

Lets reset the TCIP:

Download the attached file [attachment=190079:fixlist.txt] and save it in the same directory FRST64 is saved.
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Zanadoon

Zanadoon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest
  • Local time:09:36 AM

Posted 06 February 2017 - 03:39 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Dogbone (06-02-2017 15:35:41) Run:1
Running from C:\Users\Dogbone\Desktop\FRST64
Loaded Profiles: Dogbone (Available Profiles: Dogbone & Owner & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Type C:\resettcpip.txt
*****************

========= netsh advfirewall reset =========
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========
Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset C:\resettcpip.txt =========
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= Type C:\resettcpip.txt =========
The system cannot find the file specified.
========= End of CMD: =========

==== End of Fixlog 15:35:42 ====


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:36 AM

Posted 06 February 2017 - 04:03 PM

Any improvement?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:36 AM

Posted 06 February 2017 - 04:15 PM

There are signs of Permissions problems. Lets address that.

 

Download and install Windows Repair:
http://www.tweaking.com/content/page/windows_repair_all_in_one.html

When Windows Repair opens, go thru the steps, until you reach the Repairs options tab, then click on Open Repairs. It will backup the Registry. Once completed, unselect all the boxes except for the following:

- Reset Registry Permissions
- Reset File Permissions
- Reset Service Permissions
- Register System Files
- Repair WMI
- Repair Windows Firewall
- Repair Windows Updates
- Repair Volume Shadow Copy Service


Then click Start Repairs. Once it's finished, restart your computer. A log should be produced. Please post it on your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Zanadoon

Zanadoon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest
  • Local time:09:36 AM

Posted 06 February 2017 - 05:26 PM

That download redirected to  'reimageplus.com'  and Malwarebytes blocked it.



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:36 AM

Posted 06 February 2017 - 05:46 PM

Lets run some anti-malware programs first.

 

Please download Junkware Removal Tool to your Desktop.
 

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

 

 

Download AdwCleaner from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Windows 10, Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

AdwScan.jpg?


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

 

  • Download RogueKiller (by tigzy) on the desktop
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan. Once finished, click on Report

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Zanadoon

Zanadoon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest
  • Local time:09:36 AM

Posted 07 February 2017 - 03:30 PM

Here are the reports.

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by Dogbone (Administrator) on Tue 02/07/2017 at 13:59:29.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 0
 

Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{5DF5D17E-C6B0-4C92-84D4-6AE2401F972C} (Registry Key)
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/07/2017 at 14:00:19.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

# AdwCleaner v6.043 - Logfile created 07/02/2017 at 14:20:00
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Local]
# Operating System : Windows 10 Pro  (X64)
# Username : Dogbone - VOYAGER-HP
# Running from : C:\Users\Dogbone\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
***** [ Folders ] *****
 
***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
 
***** [ Web browsers ] *****
 
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
:: " Image File Execution Options" keys deleted
:: "Prefetch" files deleted
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1275 Bytes] - [06/02/2017 00:39:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [905 Bytes] - [07/02/2017 14:20:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [792 Bytes] - [06/05/2016 10:53:03]
C:\AdwCleaner\AdwCleaner[S2].txt - [1213 Bytes] - [31/01/2017 15:08:27]
C:\AdwCleaner\AdwCleaner[S3].txt - [1291 Bytes] - [31/01/2017 15:14:19]
C:\AdwCleaner\AdwCleaner[S4].txt - [1365 Bytes] - [06/02/2017 00:38:58]
C:\AdwCleaner\AdwCleaner[S5].txt - [1510 Bytes] - [07/02/2017 14:19:47]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1341 Bytes] ##########

 

 

 

 

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Dogbone [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/07/2017 14:55:50 (Duration : 00:17:12)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2785022474-3071207944-3203506637-1003\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2785022474-3071207944-3203506637-1003\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2785022474-3071207944-3203506637-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2785022474-3071207944-3203506637-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2785022474-3071207944-3203506637-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2785022474-3071207944-3203506637-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60ZF5A0 SCSI Disk Device +++++
--- User ---
[MBR] 0ff8816e491142025faae3e0a1bdff3f
[BSP] 0b0c87c12f7568b439ee5aedde8f8386 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 932211 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1909637120 | Size: 450 MB
4 - Basic data partition | Offset (sectors): 1910558720 | Size: 20979 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HP Photosmart 2610x USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

 

 

I downloaded an 'Addon'  to put in my User Interface on a game I play.   It had redirected me to a site I wasn't familiar with but I thought it was all monitored by the site I always go to which was curse.com for gaming.   But that's when all these issues started cropping up.

 

Thank you for your help.   I'll check back here shortly.


Edited by Zanadoon, 07 February 2017 - 03:35 PM.


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:36 AM

Posted 07 February 2017 - 05:31 PM

I downloaded an 'Addon' to put in my User Interface on a game I play. It had redirected me to a site I wasn't familiar with but I thought it was all monitored by the site I always go to which was curse.com for gaming. But that's when all these issues started cropping up.

 

That is where most users get infected.

 

Select all found by RogueKiller and click on Remove selected.

 

Lets try this again:

 

There are signs of Permissions problems. Lets address that.

 

Download and install Windows Repair:
http://www.tweaking.com/content/page/windows_repair_all_in_one.html

When Windows Repair opens, go thru the steps, until you reach the Repairs options tab, then click on Open Repairs. It will backup the Registry. Once completed, unselect all the boxes except for the following:

- Reset Registry Permissions
- Reset File Permissions
- Reset Service Permissions
- Register System Files
- Repair WMI
- Repair Windows Firewall
- Repair Windows Updates
- Repair Volume Shadow Copy Service


Then click Start Repairs. Once it's finished, restart your computer. A log should be produced. Please post it on your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Zanadoon

Zanadoon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest
  • Local time:09:36 AM

Posted 08 February 2017 - 04:13 PM

Hi there,

 

There is a log for each item you listed above.   I'll try to paste them in order.  I did each step the program suggested prior to the repair.

 

 

 

Tweaking.com - Windows Repair v3.9.25
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Pro
OS Architecture: 64-bit
OS Version: 10.0.14393.693
OS Service Pack:
Computer Name: VOYAGER-HP
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Dogbone
Current Profile SID: S-1-5-21-2785022474-3071207944-3203506637-1003
Current Profile Classes: S-1-5-21-2785022474-3071207944-3203506637-1003_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Dogbone\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:05:44
Process Count: 34
Commit Total: 994.02 MB
Commit Limit: 16.94 GB
Commit Peak: 1.56 GB
Handle Count: 12581
Kernel Total: 338.61 MB
Kernel Paged: 221.45 MB
Kernel Non Paged: 117.15 MB
System Cache: 548.53 MB
Thread Count: 602
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.94 GB
Memory Used: 1.10 GB(6.9116%)
Memory Avail.: 14.84 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.94 GB
Memory Used: 930.19 MB(5.6985%)
Memory Avail.: 15.03 GB
--------------------------------------------------------------------------------
Starting Repairs...
   Started at (2/8/2017 3:16:10 PM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 89
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (2/8/2017 3:16:13 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0.22 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done,  2.89 seconds.
   Running Repair Under System Account
   Done (2/8/2017 3:16:57 PM)
Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (2/8/2017 3:16:57 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\default.7z
Done,  0.14 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\profile.7z
Done,  0.16 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files.7z
Done,  0.34 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files_x86.7z
Done,  0.14 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\programdata.7z
Done,  0.16 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\windows.7z
Done,  1.59 seconds.
   Running Repair Under Current User Account
   Done (2/8/2017 3:30:39 PM)
03 - Reset Service Permissions
   Start (2/8/2017 3:30:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/8/2017 3:30:47 PM)
04 - Register System Files
   Start (2/8/2017 3:30:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/8/2017 3:31:21 PM)
05 - Repair WMI
   Start (2/8/2017 3:31:21 PM)
   Starting Security Center So We Can Export The Security Info.
   Exporting Antivirus Info...
   Exporting 3rd Party Firewall Info...
   Running Repair Under Current User Account
   Done (2/8/2017 3:34:49 PM)
06 - Repair Windows Firewall
   Start (2/8/2017 3:34:49 PM)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.16 seconds.
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/8/2017 3:35:18 PM)
17 - Repair Windows Updates
   Start (2/8/2017 3:35:18 PM)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.14 seconds.
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (2/8/2017 3:35:36 PM)
19 - Repair Volume Shadow Copy Service
   Start (2/8/2017 3:35:36 PM)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.14 seconds.
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/8/2017 3:35:55 PM)
Cleaning up empty logs...
All Selected Repairs Done.
   Done at (2/8/2017 3:35:55 PM)
   Total Repair Time: 00:19:46

...YOU MUST RESTART YOUR SYSTEM...

 

 

 

 

 

ERROR: Writing SD to <machine\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: The handle is invalid.
ERROR: Writing SD to <machine\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: The handle is invalid.
ERROR: Writing SD to <machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: The handle is invalid.
ERROR: Writing SD to <machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: The handle is invalid.
 

 

 

Vector smash protection is enabled.
Vector smash protection is enabled.
Vector smash protection is enabled.
Vector smash protection is enabled.
 



#15 Zanadoon

Zanadoon
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest
  • Local time:09:36 AM

Posted 08 February 2017 - 04:23 PM

It's not letting me post the logs so I'm breaking them up into smaller posts.

 

 

The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
The Volume Shadow Copy service is stopping.
The Volume Shadow Copy service was stopped successfully.
The Microsoft Software Shadow Copy Provider service is stopping.
The Microsoft Software Shadow Copy Provider service was stopped successfully.
 

 

 

The Windows Firewall service is stopping.
The Windows Firewall service was stopped successfully.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Base Filtering Engine service is stopping.
The Base Filtering Engine service was stopped successfully.
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Windows Firewall service is stopping.
The Windows Firewall service was stopped successfully.
The Internet Connection Sharing (ICS) service is stopping.
The Internet Connection Sharing (ICS) service was stopped successfully.
The Base Filtering Engine service is stopping.
The Base Filtering Engine service was stopped successfully.
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS

 

 

________

 

 

 

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig FAILED 5:
Access is denied.
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The Application Identity service is not started.
More help is available by typing NET HELPMSG 3521.
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Modules Installer service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
The system cannot find the file specified.
Could Not Find C:\ProgramData\Microsoft\Network\Downloader\qmgr*.dat
Deleted file - C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.jfm
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb000C9.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb000CA.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb000CB.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbres00001.jrs
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbres00002.jrs
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log
Deleted file - C:\WINDOWS\SoftwareDistribution\SLS\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782\sls.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SLS\7971F918-A847-4430-9279-4A52D1EFE18D\sls.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SLS\855E8A7C-ECB4-4CA3-B045-1DFA50104289\sls.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SLS\9482F4B4-E343-43B6-B170-9A65BC822C77\sls.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\sls.cab
Deleted file - C:\WINDOWS\system32\catroot2\dberr.txt
Deleted file - C:\WINDOWS\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
Deleted file - C:\WINDOWS\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
Deleted file - C:\WINDOWS\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Deleted file - C:\WINDOWS\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
Deleted file - C:\WINDOWS\system32\config\txr\{b794f0b1-4b5d-11e6-80e4-e41d2d719790}.TxR.0.regtrans-ms
Deleted file - C:\WINDOWS\system32\config\txr\{b794f0b1-4b5d-11e6-80e4-e41d2d719790}.TxR.1.regtrans-ms
Deleted file - C:\WINDOWS\system32\config\txr\{b794f0b1-4b5d-11e6-80e4-e41d2d719790}.TxR.2.regtrans-ms
Deleted file - C:\WINDOWS\system32\config\txr\{b794f0b1-4b5d-11e6-80e4-e41d2d719790}.TxR.3.regtrans-ms
Deleted file - C:\WINDOWS\system32\config\txr\{b794f0b1-4b5d-11e6-80e4-e41d2d719790}.TxR.blf
C:\WINDOWS\system32\config\txr\{b794f0b2-4b5d-11e6-80e4-e41d2d719790}.TM.blf
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\config\txr\{b794f0b2-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\config\txr\{b794f0b2-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.
Deleted file - C:\WINDOWS\system32\SMI\Store\Machine\SCHEMA.DAT{b794f0dd-4b5d-11e6-80e4-e41d2d719790}.TM.blf
Deleted file - C:\WINDOWS\system32\SMI\Store\Machine\SCHEMA.DAT{b794f0dd-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\WINDOWS\system32\SMI\Store\Machine\SCHEMA.DAT{b794f0dd-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000002.regtrans-ms
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.blf
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.regtrans-ms
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
File not found - C:\WINDOWS\SysWoW64\catroot2\*.*
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig FAILED 5:
Access is denied.
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig FAILED 5:
Access is denied.
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The Application Identity service is not started.
More help is available by typing NET HELPMSG 3521.
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Modules Installer service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
The system cannot find the file specified.
Could Not Find C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr*.dat
Could Not Find C:\ProgramData\Microsoft\Network\Downloader\qmgr*.dat
Path not found - C:\WINDOWS\SoftwareDistribution
The system cannot find the file specified.
The system cannot find the file specified.
Path not found - C:\WINDOWS\system32\catroot2
The system cannot find the file specified.
The system cannot find the file specified.
C:\WINDOWS\system32\config\txr\{b794f0b2-4b5d-11e6-80e4-e41d2d719790}.TM.blf
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\config\txr\{b794f0b2-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\config\txr\{b794f0b2-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.
File not found - C:\WINDOWS\system32\SMI\Store\Machine\*.TM*
File not found - C:\WINDOWS\system32\SMI\Store\Machine\*.blf
File not found - C:\WINDOWS\system32\SMI\Store\Machine\*.regtrans-ms
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.TM*
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.blf
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.regtrans-ms
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
Path not found - C:\WINDOWS\SysWoW64\catroot2
The system cannot find the file specified.
The system cannot find the file specified.
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig FAILED 5:
Access is denied.
 

 

 

LAST POST TO FOLLOW






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users