Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown virus. trojan, spyware with pop up ads


  • This topic is locked This topic is locked
10 replies to this topic

#1 maroper

maroper

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 02 August 2017 - 10:14 PM

I am having annoying pop up ads in the bottom right hand corner.  They say the ads are from Jester Cade.  None of them look threatening, just ads from stores and companies wanting you to purchase.  Also when I have been browsing and I close out all of the windows, there will usually be a site up that I did not click on.
 
I hope I have run the Farbar Recover Scan correctly.  I copied and pasted the whole log
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Roper (02-08-2017 23:05:08)
Running from C:\Users\Roper\Downloads
Windows 8.1 (Update) (X64) (2014-03-08 00:56:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-439927380-4214821038-373526042-500 - Administrator - Disabled)
Guest (S-1-5-21-439927380-4214821038-373526042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-439927380-4214821038-373526042-1003 - Limited - Enabled)
Roper (S-1-5-21-439927380-4214821038-373526042-1001 - Administrator - Enabled) => C:\Users\Roper
wvrma_000 (S-1-5-21-439927380-4214821038-373526042-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{90881C8E-6C4F-4662-9923-85AFCA058C44}) (Version: 2.0.1.7 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{09A8EA8A-9C9D-45E4-B20C-3F13C2CCD32C}) (Version: 7.3.0.3830 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4945.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-439927380-4214821038-373526042-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Radialpoint Security Advisor 2.5.15 (HKLM-x32\...\RadialpointSecurityAdvisorService_is1) (Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Radialpoint Servicepoint Dashboard Extensions version 16.5.3.40126 (HKLM-x32\...\RadialpointServicepointDashboardExtensions_is1) (Version: 16.5.3.40126 - )
RealDownloader (HKLM-x32\...\{115CCDDD-8728-4789-983D-D041A8E02316}) (Version: 18.1.8.212 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{30f9b8e2-1723-49b3-a51a-6b1701314fd9}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{4602B6EE-69EC-4548-B271-94D43CAA6C6F}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.8 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Souptoys (HKLM-x32\...\Souptoys) (Version: 1.6.0.8 - Souptoys Pty Ltd.)
SSA Benefit Calculator (HKLM-x32\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.15.0002 - Social Security Administration)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (HKLM-x32\...\{CEF8613C-08DD-4092-9445-C3EBE9C81C37}) (Version: 18.1.8 - RealNetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windstream Broadband Check-up Center (HKLM-x32\...\Windstream_BCUC) (Version:  - )
Windstream Diagnostic Tools 3.0.21 (HKLM-x32\...\RadialpointHomeSecurityDashboard_is1) (Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
Windstream Setup Assistant (HKLM-x32\...\Windstream-Windstream Setup Assistant) (Version: 8.3.1.7 - Windstream)
Windstream Support Center (HKLM-x32\...\Windstream-Windstream Support Center) (Version: 9.0.1.51 - Windstream Communications)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2013-09-05] (Qualcomm®Atheros®)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (Cyberlink)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2013-09-05] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-06-13] (RealNetworks, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02D7A4BA-F8ED-496D-B116-05D5ADBFF68B} - System32\Tasks\AdobeAAMUpdater-1.0-DesktopComputer-Roper => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {04D4A17F-AF4F-4311-B348-2935F99C9A00} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-07-12] (Microsoft Corporation)
Task: {0B840CE6-2C0E-4A83-8A70-281875BAABE7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {0C8B947A-1755-42B3-9279-250D22B9F4E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {12966106-7A2D-4DC1-A77E-24535DA7E33E} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {23831D7D-5693-4D29-8B5E-3A3186D8236A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {39227DEB-8CFD-4264-87D4-29864B15F3E9} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [2017-06-02] ()
Task: {5AB23410-70B7-4CC2-BE45-DD7DBC00304A} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {62A0CD56-F228-4033-A428-4C9D4EC83F23} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {753C6ED3-71A6-4B0F-9804-6B4BBCF45E1E} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
Task: {7E22E021-8633-4678-A918-369AAD7E8741} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8528A9D9-FFAF-4E75-811C-56D7AE41737C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {87C8647D-6BB4-4F82-A918-2A328DA07E75} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {8935B5BB-D8AF-4AAC-AEA7-B05CE201C17A} - System32\Tasks\{6C283F1F-4796-4F7D-A25E-470F0A5B2306} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\3D Home Architect\Home Design SE 6\Bin\Runlink.exe" -d C:\Users\Roper\Desktop
Task: {8FD61769-66D4-4601-842C-86E59A946D65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {94D263AB-2C1A-4277-AD5C-A22C8A25FCBB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-28] (Dell Inc.)
Task: {9CFBEB9F-2FC2-491F-B69F-CCC1D30B5EF4} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\Roper\AppData\Local\Temp\IHU2CD4.tmp.exe <==== ATTENTION
Task: {A3A49409-B6D7-4B70-9128-652C4D8E499F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CC7F6F88-885A-4B84-BC44-3DA7C802F8BC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-439927380-4214821038-373526042-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-06-02] (RealNetworks, Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D76E637A-07CF-4D4A-84CA-D86E2ADDB228} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {E12C4D9B-34E7-4913-BF4F-F6894AAC94BA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {EDA9CA03-5005-4F2E-A814-934AA5D5EB96} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F0EF6A06-57D6-4FEB-A354-2373F88A3C2E} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\Roper\AppData\Local\Temp\IHU2D61.tmp.exe <==== ATTENTION
Task: {F3226CF7-A7CC-4AEB-B9D0-72A1AB59E7D2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-439927380-4214821038-373526042-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-06-02] (RealNetworks, Inc.)
Task: {F385F00F-0178-4C9B-90D3-641F8EC68376} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-06-21] (Microsoft Corporation)
Task: {F5A9F3D5-D7A1-4D9A-B3DC-61171BAFF338} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {FAAEEE90-920F-446C-90E4-CA2B23C2E3CD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-13 18:46 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-22 15:40 - 2013-08-22 15:40 - 000016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2015-06-03 19:53 - 2015-06-03 19:53 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-06-21 22:59 - 2017-06-21 22:59 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-25 02:22 - 2015-08-09 04:50 - 000404376 _____ () C:\Windows\system32\igfxTray.exe
2013-09-05 03:20 - 2013-09-05 03:20 - 000011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 03:17 - 2013-09-05 03:17 - 000086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 03:24 - 2013-09-05 03:24 - 000012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-06-03 19:52 - 2015-06-03 19:52 - 031400608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-06-02 16:53 - 2017-06-02 16:53 - 001297648 _____ () C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
2017-06-26 21:31 - 2017-06-22 23:21 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 21:31 - 2017-06-22 23:21 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2015-08-09 04:52 - 2015-08-09 04:52 - 017973744 _____ () C:\Windows\SYSTEM32\igd11dxva64.dll
2014-04-01 19:08 - 2014-04-01 19:08 - 000244736 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2014-04-01 19:08 - 2014-04-01 19:08 - 000271360 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2014-04-01 19:08 - 2014-04-01 19:08 - 000237056 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 09:55 - 2013-04-24 09:55 - 001581056 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 18:55 - 2013-04-18 18:55 - 000068608 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2014-01-11 10:49 - 2013-03-04 23:40 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 15:41 - 2013-03-05 15:41 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-06-13 06:51 - 2017-06-13 06:51 - 000101256 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll
2015-06-09 22:36 - 2015-06-09 22:36 - 036732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2014-01-11 10:52 - 2013-09-03 20:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-26 12:07 - 2015-02-09 11:14 - 001905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-01-11 11:04 - 2012-11-26 03:19 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 12:07 - 2014-02-18 14:12 - 000117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-439927380-4214821038-373526042-1001\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-439927380-4214821038-373526042-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Windstream Service Agent.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8A41A7A0-D25C-410D-A1EC-8C39026EEDBA}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{71DBD49E-B1A4-42E9-B716-F673D6B437C6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{4DB20963-14C4-40EE-9D74-990529A43B79}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{4C15B455-809B-48D2-8CDA-D6B4EBCD2284}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1A37684-A374-4209-80AA-8EA4C9CC51B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{688E251C-D188-4640-A19C-C530D0CE64AE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DA150E1B-C07E-49E7-9616-778FB44A181A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3DA2A2E9-EE05-491A-8B7A-A6759E9EC02A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{77B506E2-1338-4CA8-A864-343163AD8A9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{725BD049-1A6D-4C09-AC68-8DBB96AAD205}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{956EC143-6682-4861-9281-61B457E3AC71}] => (Allow) LPort=2869
FirewallRules: [{F06F4B6F-1A1B-459A-B786-3642B27FED76}] => (Allow) LPort=1900
FirewallRules: [{8FB80021-704E-4CC0-9362-B43AA3D7DA84}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{B9E2E4AA-63C2-4C18-9AB3-9959D2ED7115}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{28DDEC97-AC30-4BA0-9CFD-A4764F1A725D}] => (Allow) C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7C1428C7-5D05-49EB-AFCC-4C1B2CEA75E0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{B83F04EE-A63E-48AC-8732-45D38AFBC24E}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{E2CF5908-EF62-4F24-8D6F-E69D81D60C29}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{007805F3-BF02-4B0E-BD14-28A63E3A057F}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{028AC576-C9E5-4FA9-8BA0-7890286A73FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9167394F-CC52-41A7-88CA-2489199B4715}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FBDD80E4-07F1-440A-9ABF-A175842E2272}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF95C068-5AE6-499E-BE9C-1257C3FC7E07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26EA0C61-EFAB-4678-809C-571A51ACF9DA}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{83047F70-FCEB-41B7-861A-5DB01F037587}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-05-2017 09:38:02 Windows Update
24-05-2017 22:20:22 Windows Update
13-06-2017 22:57:47 Windows Update
12-07-2017 08:35:17 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/02/2017 03:30:24 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JP84202" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A04" SMBIOSPresent="True" Rel_Date="20140403000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 3847" Ident_Num="DESKTOPCOMPUTER" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.254.5</HostIP></Exception>
 
Error: (08/02/2017 03:30:23 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JP84202" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A04" SMBIOSPresent="True" Rel_Date="20140403000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 3847" Ident_Num="DESKTOPCOMPUTER" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.254.5</HostIP></Exception>
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application
 
Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
 
Error: (08/02/2017 12:49:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
Error: (08/02/2017 12:49:16 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
0x8e5e0210 (0x8e5e0210)
 
Error: (08/02/2017 12:49:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (3240) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00053.log.
 
 
System errors:
=============
Error: (08/02/2017 03:23:29 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (08/02/2017 12:49:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/02/2017 12:49:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error: 
%%2147749126
 
Error: (08/02/2017 12:48:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:32:13 PM on ‎8/‎2/‎2017 was unexpected.
 
Error: (08/02/2017 10:57:40 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (08/02/2017 05:42:01 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (08/01/2017 09:03:54 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (08/01/2017 08:43:59 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/31/2017 09:11:21 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/31/2017 05:54:54 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-19 22:58:39.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-19 22:58:39.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-19 22:58:38.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-11 08:26:49.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-11 08:26:48.732
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-11 08:26:48.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 09:56:57.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 09:56:56.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 09:56:56.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 09:56:53.492
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8108.94 MB
Available physical RAM: 5307.13 MB
Total Virtual: 9900.94 MB
Available Virtual: 6087.23 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:922.4 GB) (Free:861.26 GB) NTFS
Drive w: (PBR Image) (Fixed) (Total:7.54 GB) (Free:0.74 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 885E38B4)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:08:12 PM

Posted 03 August 2017 - 02:05 PM

Hi, I'm Bezukhov. I will be helping you with this. First some ground rules:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise. In the interest of full disclosure I am still a student, and therefore anything I propose must be cleared with an instructor, which may sometimes delay my responses. The upside to this is you'll have two heads looking into your problem.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
We seem to be missing one of the Farbar logs, FRST.txt. See if you still have it; post it please. If you don't, rescan with FRST64.exe and post both logs.
To err is Human. To blame it on someone else is even more Human.

#3 maroper

maroper
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 03 August 2017 - 07:26 PM

I hope this is everything you need.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Roper (03-08-2017 20:19:33)
Running from C:\Users\Roper\Downloads
Windows 8.1 (Update) (X64) (2014-03-08 00:56:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-439927380-4214821038-373526042-500 - Administrator - Disabled)
Guest (S-1-5-21-439927380-4214821038-373526042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-439927380-4214821038-373526042-1003 - Limited - Enabled)
Roper (S-1-5-21-439927380-4214821038-373526042-1001 - Administrator - Enabled) => C:\Users\Roper
wvrma_000 (S-1-5-21-439927380-4214821038-373526042-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{90881C8E-6C4F-4662-9923-85AFCA058C44}) (Version: 2.0.1.7 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{09A8EA8A-9C9D-45E4-B20C-3F13C2CCD32C}) (Version: 7.3.0.3830 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4945.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-439927380-4214821038-373526042-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Radialpoint Security Advisor 2.5.15 (HKLM-x32\...\RadialpointSecurityAdvisorService_is1) (Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Radialpoint Servicepoint Dashboard Extensions version 16.5.3.40126 (HKLM-x32\...\RadialpointServicepointDashboardExtensions_is1) (Version: 16.5.3.40126 - )
RealDownloader (HKLM-x32\...\{115CCDDD-8728-4789-983D-D041A8E02316}) (Version: 18.1.8.212 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{30f9b8e2-1723-49b3-a51a-6b1701314fd9}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{4602B6EE-69EC-4548-B271-94D43CAA6C6F}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.8 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Souptoys (HKLM-x32\...\Souptoys) (Version: 1.6.0.8 - Souptoys Pty Ltd.)
SSA Benefit Calculator (HKLM-x32\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.15.0002 - Social Security Administration)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (HKLM-x32\...\{CEF8613C-08DD-4092-9445-C3EBE9C81C37}) (Version: 18.1.8 - RealNetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windstream Broadband Check-up Center (HKLM-x32\...\Windstream_BCUC) (Version:  - )
Windstream Diagnostic Tools 3.0.21 (HKLM-x32\...\RadialpointHomeSecurityDashboard_is1) (Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
Windstream Setup Assistant (HKLM-x32\...\Windstream-Windstream Setup Assistant) (Version: 8.3.1.7 - Windstream)
Windstream Support Center (HKLM-x32\...\Windstream-Windstream Support Center) (Version: 9.0.1.51 - Windstream Communications)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-439927380-4214821038-373526042-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2013-09-05] (Qualcomm®Atheros®)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (Cyberlink)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2013-09-05] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-06-13] (RealNetworks, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02D7A4BA-F8ED-496D-B116-05D5ADBFF68B} - System32\Tasks\AdobeAAMUpdater-1.0-DesktopComputer-Roper => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {04D4A17F-AF4F-4311-B348-2935F99C9A00} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-07-12] (Microsoft Corporation)
Task: {0B840CE6-2C0E-4A83-8A70-281875BAABE7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {0C8B947A-1755-42B3-9279-250D22B9F4E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {12966106-7A2D-4DC1-A77E-24535DA7E33E} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {23831D7D-5693-4D29-8B5E-3A3186D8236A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {39227DEB-8CFD-4264-87D4-29864B15F3E9} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [2017-06-02] ()
Task: {5AB23410-70B7-4CC2-BE45-DD7DBC00304A} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {62A0CD56-F228-4033-A428-4C9D4EC83F23} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {753C6ED3-71A6-4B0F-9804-6B4BBCF45E1E} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
Task: {7E22E021-8633-4678-A918-369AAD7E8741} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8528A9D9-FFAF-4E75-811C-56D7AE41737C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {87C8647D-6BB4-4F82-A918-2A328DA07E75} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {8935B5BB-D8AF-4AAC-AEA7-B05CE201C17A} - System32\Tasks\{6C283F1F-4796-4F7D-A25E-470F0A5B2306} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\3D Home Architect\Home Design SE 6\Bin\Runlink.exe" -d C:\Users\Roper\Desktop
Task: {8FD61769-66D4-4601-842C-86E59A946D65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {94D263AB-2C1A-4277-AD5C-A22C8A25FCBB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-28] (Dell Inc.)
Task: {9CFBEB9F-2FC2-491F-B69F-CCC1D30B5EF4} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\Roper\AppData\Local\Temp\IHU2CD4.tmp.exe <==== ATTENTION
Task: {A3A49409-B6D7-4B70-9128-652C4D8E499F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CC7F6F88-885A-4B84-BC44-3DA7C802F8BC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-439927380-4214821038-373526042-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-06-02] (RealNetworks, Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D76E637A-07CF-4D4A-84CA-D86E2ADDB228} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {E12C4D9B-34E7-4913-BF4F-F6894AAC94BA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {EDA9CA03-5005-4F2E-A814-934AA5D5EB96} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F0EF6A06-57D6-4FEB-A354-2373F88A3C2E} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\Roper\AppData\Local\Temp\IHU2D61.tmp.exe <==== ATTENTION
Task: {F3226CF7-A7CC-4AEB-B9D0-72A1AB59E7D2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-439927380-4214821038-373526042-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-06-02] (RealNetworks, Inc.)
Task: {F385F00F-0178-4C9B-90D3-641F8EC68376} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-06-21] (Microsoft Corporation)
Task: {F5A9F3D5-D7A1-4D9A-B3DC-61171BAFF338} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {FAAEEE90-920F-446C-90E4-CA2B23C2E3CD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-13 18:46 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-22 15:40 - 2013-08-22 15:40 - 000016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2015-06-03 19:53 - 2015-06-03 19:53 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-06-21 22:59 - 2017-06-21 22:59 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-25 02:22 - 2015-08-09 04:50 - 000404376 _____ () C:\Windows\system32\igfxTray.exe
2013-09-05 03:20 - 2013-09-05 03:20 - 000011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 03:17 - 2013-09-05 03:17 - 000086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 03:24 - 2013-09-05 03:24 - 000012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-06-03 19:52 - 2015-06-03 19:52 - 031400608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-06-02 16:53 - 2017-06-02 16:53 - 001297648 _____ () C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
2017-06-26 21:31 - 2017-06-22 23:21 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 21:31 - 2017-06-22 23:21 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2015-08-09 04:52 - 2015-08-09 04:52 - 017973744 _____ () C:\Windows\SYSTEM32\igd11dxva64.dll
2014-04-01 19:08 - 2014-04-01 19:08 - 000244736 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2014-04-01 19:08 - 2014-04-01 19:08 - 000271360 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2014-04-01 19:08 - 2014-04-01 19:08 - 000237056 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 09:55 - 2013-04-24 09:55 - 001581056 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 18:55 - 2013-04-18 18:55 - 000068608 _____ () C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2014-01-11 10:49 - 2013-03-04 23:40 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 15:41 - 2013-03-05 15:41 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-06-13 06:51 - 2017-06-13 06:51 - 000101256 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll
2015-06-09 22:36 - 2015-06-09 22:36 - 036732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2014-01-11 10:52 - 2013-09-03 20:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-26 12:07 - 2015-02-09 11:14 - 001905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-01-11 11:04 - 2012-11-26 03:19 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 12:07 - 2014-02-18 14:12 - 000117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-07-26 22:52 - 2014-07-26 22:52 - 001039136 _____ () C:\Program Files (x86)\LibreOffice 4\program\libxml2.dll
2014-07-26 22:51 - 2014-07-26 22:51 - 000357152 _____ () C:\Program Files (x86)\LibreOffice 4\program\glew32.dll
2014-07-26 22:52 - 2014-07-26 22:52 - 000184608 _____ () C:\Program Files (x86)\LibreOffice 4\program\libxslt.dll
2014-07-26 22:52 - 2014-07-26 22:52 - 000100640 _____ () C:\Program Files (x86)\LibreOffice 4\program\python3.dll
2014-07-25 09:44 - 2014-07-25 09:44 - 000049664 _____ () C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.3\lib\_socket.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-439927380-4214821038-373526042-1001\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-439927380-4214821038-373526042-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Windstream Service Agent.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8A41A7A0-D25C-410D-A1EC-8C39026EEDBA}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{71DBD49E-B1A4-42E9-B716-F673D6B437C6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{4DB20963-14C4-40EE-9D74-990529A43B79}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{4C15B455-809B-48D2-8CDA-D6B4EBCD2284}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1A37684-A374-4209-80AA-8EA4C9CC51B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{688E251C-D188-4640-A19C-C530D0CE64AE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DA150E1B-C07E-49E7-9616-778FB44A181A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3DA2A2E9-EE05-491A-8B7A-A6759E9EC02A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{77B506E2-1338-4CA8-A864-343163AD8A9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{725BD049-1A6D-4C09-AC68-8DBB96AAD205}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{956EC143-6682-4861-9281-61B457E3AC71}] => (Allow) LPort=2869
FirewallRules: [{F06F4B6F-1A1B-459A-B786-3642B27FED76}] => (Allow) LPort=1900
FirewallRules: [{8FB80021-704E-4CC0-9362-B43AA3D7DA84}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{B9E2E4AA-63C2-4C18-9AB3-9959D2ED7115}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{28DDEC97-AC30-4BA0-9CFD-A4764F1A725D}] => (Allow) C:\Users\Roper\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7C1428C7-5D05-49EB-AFCC-4C1B2CEA75E0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{B83F04EE-A63E-48AC-8732-45D38AFBC24E}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{E2CF5908-EF62-4F24-8D6F-E69D81D60C29}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{007805F3-BF02-4B0E-BD14-28A63E3A057F}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{028AC576-C9E5-4FA9-8BA0-7890286A73FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9167394F-CC52-41A7-88CA-2489199B4715}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FBDD80E4-07F1-440A-9ABF-A175842E2272}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF95C068-5AE6-499E-BE9C-1257C3FC7E07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26EA0C61-EFAB-4678-809C-571A51ACF9DA}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{83047F70-FCEB-41B7-861A-5DB01F037587}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-05-2017 09:38:02 Windows Update
24-05-2017 22:20:22 Windows Update
13-06-2017 22:57:47 Windows Update
12-07-2017 08:35:17 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/03/2017 08:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process id: 0x1ee4
Faulting application start time: 0x01d30bfe214359ab
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Report Id: a587d145-78a9-11e7-82d2-485ab6b0c8c4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/03/2017 10:13:56 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (08/02/2017 03:30:24 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JP84202" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A04" SMBIOSPresent="True" Rel_Date="20140403000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 3847" Ident_Num="DESKTOPCOMPUTER" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.254.5</HostIP></Exception>
 
Error: (08/02/2017 03:30:23 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JP84202" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A04" SMBIOSPresent="True" Rel_Date="20140403000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 3847" Ident_Num="DESKTOPCOMPUTER" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.254.5</HostIP></Exception>
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (08/02/2017 12:49:18 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application
 
Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
 
Error: (08/02/2017 12:49:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
 
System errors:
=============
Error: (08/02/2017 03:23:29 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (08/02/2017 12:49:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/02/2017 12:49:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error: 
%%2147749126
 
Error: (08/02/2017 12:48:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:32:13 PM on ‎8/‎2/‎2017 was unexpected.
 
Error: (08/02/2017 10:57:40 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (08/02/2017 05:42:01 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (08/01/2017 09:03:54 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (08/01/2017 08:43:59 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/31/2017 09:11:21 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/31/2017 05:54:54 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-19 22:58:39.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-19 22:58:39.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-19 22:58:38.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-11 08:26:49.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-11 08:26:48.732
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-11 08:26:48.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 09:56:57.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 09:56:56.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 09:56:56.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 09:56:53.492
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 54%
Total physical RAM: 8108.94 MB
Available physical RAM: 3708.88 MB
Total Virtual: 9900.94 MB
Available Virtual: 2872.3 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:922.4 GB) (Free:860.8 GB) NTFS
Drive w: (PBR Image) (Fixed) (Total:7.54 GB) (Free:0.74 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 885E38B4)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Roper (administrator) on DESKTOPCOMPUTER (03-08-2017 20:19:01)
Running from C:\Users\Roper\Downloads
Loaded Profiles: Roper (Available Profiles: Roper)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Alcatel-Lucent) C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\MAHostService.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Joyent, Inc) C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\node.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcatel-Lucent) C:\Program Files\Windstream Support Center\9.0.1.51\ma\bin\pcTrayApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
() C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RealDownloader\realdownloader264.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcGCMessagingHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404376 2015-08-09] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [Windstream_McciTrayApp] => C:\Program Files\Windstream Support Center\9.0.1.51\ma\bin\pcTrayApp.exe [2956288 2015-09-04] (Alcatel-Lucent)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [352648 2017-06-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [1297648 2017-06-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] (Qualcomm®Atheros®)
HKU\S-1-5-21-439927380-4214821038-373526042-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-439927380-4214821038-373526042-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-439927380-4214821038-373526042-1001\...\MountPoints2: {5cb6ad27-31e1-11e6-82aa-485ab6b0c8c4} - "H:\VZW_Software_upgrade_assistant.exe" 
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-17]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-06-13]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ywnmon32.exe.lnk [2014-07-13]
ShortcutTarget: ywnmon32.exe.lnk -> C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{0A82B4BE-42C3-4949-BC85-09D9A6E2DF47}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{816B3DA9-95DF-46A5-AFF5-0EF229FB3F43}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://infospace.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-439927380-4214821038-373526042-1001 -> DefaultScope {CF037360-737E-48CF-A9BA-F360CD0C5D2E} URL = 
SearchScopes: HKU\S-1-5-21-439927380-4214821038-373526042-1001 -> {CF037360-737E-48CF-A9BA-F360CD0C5D2E} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-06-02] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-06-21] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-06-02] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-01] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-06-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Roper\AppData\Roaming\Mozilla\Firefox\Profiles\635xq841.default-1445748444410 [2017-08-03]
FF Extension: (Windstream Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-10-05] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Windstream\8.3.1.7\ma\bin\npMotive.dll [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\npMotive.dll [2015-09-04] (Windstream Communications)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin-x32: @real.com/nppl3260;version=18.1.8.212 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-06-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.8.212 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-06-13] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://infospace.com/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default [2017-08-03]
CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2015-03-01]
CHR Extension: (Ad Offers by JesterCade) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemkbhibhdjimfcjbbckdaifcbenllel [2017-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR Extension: (Windstream Extension) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\plbchhheadikfkckdpjghciknmlfkfcj [2015-10-05]
CHR HKLM\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [206712 2017-06-20] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3296632 2017-06-20] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-06-20] (Dell Inc.)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2014-10-20] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2014-10-21] (Alcatel-Lucent) [File not signed]
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [988944 2017-06-13] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [36640 2017-06-02] (RealNetworks, Inc.)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [988944 2017-06-13] (RealNetworks, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [52696 2017-06-28] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 Windstream MAHostService; C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\MAHostService.exe [321024 2015-09-04] (Alcatel-Lucent) [File not signed]
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-08-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 MpKsl47dfebae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C542C487-1EF7-4942-8EBC-A61DB0CA9460}\MpKsl47dfebae.sys [44928 2017-08-01] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-03 20:19 - 2017-08-03 20:19 - 000026189 _____ C:\Users\Roper\Downloads\FRST.txt
2017-08-03 20:18 - 2017-08-03 20:18 - 002381312 _____ (Farbar) C:\Users\Roper\Downloads\FRST64.exe
2017-08-03 15:35 - 2017-08-03 15:35 - 000000109 ____H C:\Users\Roper\Documents\.~lock.things to buy.odt#
2017-08-02 23:07 - 2017-08-02 23:07 - 000078616 _____ C:\Users\Roper\Documents\Farbar Scan Results.odt
2017-08-02 23:05 - 2017-08-02 23:05 - 000043619 _____ C:\Users\Roper\Downloads\Addition.txt
2017-08-02 23:03 - 2017-08-03 20:19 - 000000000 ____D C:\FRST
2017-08-02 15:23 - 2017-08-02 15:23 - 000000000 ___RD C:\Users\Roper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-08-02 11:16 - 2017-08-02 11:16 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Roper\Downloads\esetonlinescanner_enu.exe
2017-08-02 11:16 - 2017-08-02 11:16 - 000000000 ____D C:\Users\Roper\AppData\Local\ESET
2017-07-29 10:51 - 2017-07-29 10:51 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-07-29 10:51 - 2017-07-29 10:51 - 000002194 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-07-26 07:14 - 2017-07-26 07:14 - 000073877 _____ C:\Users\Roper\Downloads\Master_Grocery_List.odt
2017-07-23 13:30 - 2017-07-23 13:30 - 000319619 _____ C:\Users\Roper\Downloads\document.pdf
2017-07-15 12:32 - 2017-07-15 12:32 - 000000037 _____ C:\Windows\SysWOW64\SmartFlow.txt
2017-07-12 12:28 - 2017-07-12 12:28 - 009747512 _____ (Piriform Ltd) C:\Users\Roper\Downloads\ccsetup532 (1).exe
2017-07-12 11:46 - 2017-07-12 11:46 - 009747512 _____ (Piriform Ltd) C:\Users\Roper\Downloads\ccsetup532.exe
2017-07-12 08:35 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 08:35 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 08:35 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 08:35 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 08:35 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 08:35 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 08:35 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 08:35 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 08:35 - 2017-06-22 10:22 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 08:35 - 2017-06-17 12:45 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 08:35 - 2017-06-17 12:34 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 08:35 - 2017-06-17 12:11 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 08:35 - 2017-06-17 12:05 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 08:35 - 2017-06-15 09:45 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-12 08:35 - 2017-06-11 17:00 - 000962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 08:35 - 2017-06-11 16:31 - 000781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 08:35 - 2017-06-11 11:15 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 08:35 - 2017-06-03 12:27 - 002346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-12 08:35 - 2017-06-03 12:03 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-12 08:34 - 2017-07-06 04:52 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-12 08:34 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 08:34 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 08:34 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 08:34 - 2017-06-29 01:17 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-12 08:34 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 08:34 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 08:34 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 08:34 - 2017-06-29 00:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-12 08:34 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 08:34 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 08:34 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 08:34 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 08:34 - 2017-06-27 10:29 - 007796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-12 08:34 - 2017-06-27 10:29 - 007077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-12 08:34 - 2017-06-27 10:26 - 005274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-12 08:34 - 2017-06-27 10:26 - 005268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 08:34 - 2017-06-15 18:02 - 000990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 08:34 - 2017-06-15 09:45 - 001674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-12 08:34 - 2017-06-15 09:45 - 001534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-12 08:34 - 2017-06-15 09:45 - 001499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-12 08:34 - 2017-06-15 09:45 - 001370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-12 08:34 - 2017-06-15 09:45 - 000086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-12 08:34 - 2017-06-11 20:06 - 000376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-12 08:34 - 2017-06-11 18:21 - 000590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 08:34 - 2017-06-11 17:43 - 000371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 08:34 - 2017-06-11 17:25 - 000478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 08:34 - 2017-06-11 17:15 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 08:34 - 2017-06-11 17:08 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 08:34 - 2017-06-11 17:07 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 08:34 - 2017-06-11 16:58 - 000334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 08:34 - 2017-06-11 16:40 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 08:34 - 2017-06-11 16:35 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 08:34 - 2017-06-06 16:52 - 003120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 08:34 - 2017-06-06 16:42 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-12 08:34 - 2017-06-06 16:38 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-12 08:34 - 2017-06-06 16:36 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-12 08:34 - 2017-06-06 16:36 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-12 08:34 - 2017-06-06 16:35 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-12 08:34 - 2017-06-06 15:13 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-12 08:34 - 2017-06-06 15:11 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-12 08:34 - 2017-06-06 15:11 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-12 08:34 - 2017-06-06 15:11 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-12 08:34 - 2017-06-06 15:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-12 08:34 - 2017-06-06 15:08 - 002712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 08:34 - 2017-06-06 15:03 - 000837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-12 08:34 - 2017-06-06 14:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-12 08:34 - 2017-06-06 14:57 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-12 08:34 - 2017-06-06 14:56 - 000375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-12 08:34 - 2017-06-06 14:03 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-12 08:34 - 2017-06-06 14:02 - 000513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-12 08:34 - 2017-06-06 14:02 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-12 08:34 - 2017-06-06 14:02 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-12 08:34 - 2017-06-06 14:02 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-12 08:34 - 2017-05-31 17:20 - 000470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 08:34 - 2017-05-15 18:09 - 000057688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-12 08:34 - 2017-05-15 16:03 - 000379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-12 08:34 - 2017-05-09 10:37 - 000658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-12 08:34 - 2017-05-09 10:35 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-12 08:34 - 2017-05-09 10:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-12 08:34 - 2017-05-09 10:29 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-12 08:34 - 2017-05-09 10:28 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-12 08:34 - 2017-05-09 10:28 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-12 08:34 - 2017-05-09 10:12 - 000448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-12 08:34 - 2017-05-06 12:45 - 001114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-12 08:34 - 2017-05-06 12:41 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-12 08:34 - 2017-05-02 16:09 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-12 08:34 - 2017-05-02 16:08 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-12 08:34 - 2017-05-02 16:08 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-12 08:34 - 2017-05-02 14:41 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-12 08:34 - 2017-05-02 14:31 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-12 08:34 - 2017-05-02 14:31 - 000207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-12 08:34 - 2017-05-02 13:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-12 08:34 - 2017-04-30 12:48 - 000080078 _____ C:\Windows\system32\normidna.nls
2017-07-12 08:34 - 2017-04-27 21:13 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-12 08:34 - 2017-04-27 21:11 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-12 08:32 - 2017-05-03 19:11 - 000103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 08:32 - 2017-05-03 09:43 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 08:32 - 2017-05-03 09:43 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 08:32 - 2017-05-03 09:43 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 08:32 - 2017-05-03 09:43 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 08:32 - 2017-05-03 09:43 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 08:32 - 2017-05-03 09:43 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 08:32 - 2017-05-03 09:43 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 08:32 - 2017-05-03 09:43 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-05 18:30 - 2017-07-05 18:30 - 003210815 _____ C:\Users\Roper\Documents\Scan Truck 5.odg
2017-07-05 18:29 - 2017-07-05 18:29 - 003979328 _____ C:\Users\Roper\Documents\Scan Truck 4.odg
2017-07-05 18:27 - 2017-07-05 18:27 - 003067506 _____ C:\Users\Roper\Documents\Scan Truck 3.odg
2017-07-05 18:26 - 2017-07-05 18:26 - 005878559 _____ C:\Users\Roper\Documents\Scan Truck 2.odg
2017-07-05 18:23 - 2017-07-05 18:33 - 001594827 _____ C:\Users\Roper\Documents\Scan Truck 1.odg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-03 20:10 - 2014-05-07 22:32 - 000253440 ___SH C:\Users\Roper\Downloads\Thumbs.db
2017-08-03 20:08 - 2014-08-16 16:59 - 000240640 ___SH C:\Users\Roper\Documents\Thumbs.db
2017-08-03 19:47 - 2014-06-10 19:57 - 000000000 ____D C:\ProgramData\Radialpoint
2017-08-03 19:37 - 2014-07-13 19:57 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-03 18:17 - 2014-03-07 20:58 - 000003810 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{156198A5-4604-42F9-825D-CEBDD977ECE3}
2017-08-03 02:00 - 2014-03-07 22:25 - 000000000 ____D C:\Users\Roper\AppData\Local\Adobe
2017-08-02 15:23 - 2014-03-07 20:57 - 000000000 ____D C:\Users\Roper\Documents\Bluetooth Folder
2017-08-02 12:56 - 2014-01-11 11:03 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-08-02 12:53 - 2014-01-11 10:42 - 000866884 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-02 12:53 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2017-08-02 12:50 - 2015-06-12 10:50 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-08-02 12:49 - 2016-05-20 11:30 - 000000000 __SHD C:\Users\Roper\IntelGraphicsProfiles
2017-08-02 12:49 - 2015-10-05 09:29 - 000000000 ____D C:\Program Files (x86)\Windstream Support Center
2017-08-02 12:48 - 2017-06-20 23:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-02 12:48 - 2014-10-17 18:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-02 12:48 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-02 10:57 - 2016-08-21 16:06 - 000000000 ____D C:\Users\Roper\AppData\Roaming\Skype
2017-07-31 23:08 - 2016-09-28 00:16 - 000050467 _____ C:\Users\Roper\Documents\things to buy.odt
2017-07-31 11:59 - 2014-03-07 20:56 - 000000000 ____D C:\Users\Roper
2017-07-30 22:05 - 2014-03-07 21:02 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-439927380-4214821038-373526042-1001
2017-07-29 10:51 - 2014-03-07 22:30 - 000000000 ____D C:\Program Files (x86)\Google
2017-07-23 05:02 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-23 05:01 - 2014-07-12 17:31 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-07-22 15:55 - 2017-07-03 18:18 - 000000000 ____D C:\Users\Roper\AppData\LocalLow\Mozilla
2017-07-21 21:46 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-21 21:46 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2017-07-20 12:05 - 2014-03-08 17:40 - 000000000 ____D C:\Users\Roper\AppData\Local\Windows Live
2017-07-19 22:53 - 2017-02-22 00:53 - 000044363 _____ C:\Users\Roper\Documents\To make dog bed.odt
2017-07-15 12:19 - 2015-10-05 09:29 - 000001726 _____ C:\Windows\System32\Tasks\IHUninstallTrackingTASK
2017-07-15 12:19 - 2015-10-05 09:29 - 000001726 _____ C:\Windows\System32\Tasks\IHSelfDeleteTASK
2017-07-15 12:19 - 2015-02-17 00:36 - 000001766 _____ C:\Windows\System32\Tasks\{6C283F1F-4796-4F7D-A25E-470F0A5B2306}
2017-07-15 12:19 - 2014-01-11 10:47 - 000001880 _____ C:\Windows\System32\Tasks\PocketCloudUpdater
2017-07-15 12:19 - 2014-01-11 10:47 - 000001862 _____ C:\Windows\System32\Tasks\PocketCloudVirtualChannel
2017-07-15 12:19 - 2014-01-11 10:47 - 000001760 _____ C:\Windows\System32\Tasks\PocketCloud
2017-07-12 12:28 - 2014-06-03 21:31 - 000000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-12 08:43 - 2013-08-22 10:44 - 000544080 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 08:40 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-07-12 08:39 - 2015-04-16 00:15 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-12 08:38 - 2014-03-09 23:31 - 000000000 ____D C:\Windows\system32\MRT
2017-07-12 08:36 - 2014-03-09 23:31 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 08:36 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2017-07-12 04:36 - 2016-08-25 23:27 - 000004440 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-12 04:36 - 2014-10-27 22:13 - 000004152 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-12 04:36 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-12 04:36 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-11 21:33 - 2015-12-11 13:47 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-08 18:53 - 2016-10-18 00:22 - 000070397 _____ C:\Users\Roper\Documents\Trips.odt
2017-07-08 16:17 - 2014-04-17 22:08 - 000000000 ____D C:\Users\Roper\AppData\Local\CrashDumps
2017-07-04 20:57 - 2017-06-25 14:40 - 000000000 ____D C:\ProgramData\SupportAssist
 
==================== Files in the root of some directories =======
 
2014-01-11 10:58 - 2014-01-11 10:58 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-11 10:51 - 2014-01-11 10:52 - 000000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-01-11 10:48 - 2014-01-11 10:49 - 000000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-01-11 10:49 - 2014-01-11 10:50 - 000000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-01-11 10:50 - 2014-01-11 10:51 - 000000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-01-11 10:48 - 2014-01-11 10:48 - 000000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-05-12 05:30
 
==================== End of FRST.txt ============================


#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:08:12 PM

Posted 04 August 2017 - 09:27 PM

We can start. First we'll deal with Jester Cade.

:step1:
  • Open Chrome, then click on the three dots on the upper right of the Chrome Window.
  • Put the cursor on More tools, and in the drop down menu click Extensions.
  • Look for Ad Offers by JesterCade.
  • Next to that extension is a trash can icon. Click on it, and click Remove in the confirmation window.
  • Restart Chrome, and tell me what happens. However that goes, please continue with the next steps.
:step2:

We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    ((Attached File  fixlist.txt   566bytes   2 downloads))
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
  • Your computer will reboot. Please continue.
:step3:

Now for a follow up:

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

So please post Fixlog.txt and AdwCleaner.txt. Let me know if the Jester Cade extension, and those ads are gone.

Edited by Bezukhov, 04 August 2017 - 10:04 PM.

To err is Human. To blame it on someone else is even more Human.

#5 maroper

maroper
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 05 August 2017 - 02:32 PM

I was able to remove Ads Offered by Jester Cade in the Extentions

 

Here is the fix text log.  As soon as I run the ADW Cleaner, I will post it.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Roper (05-08-2017 15:20:34) Run:1
Running from C:\Users\Roper\Downloads
Loaded Profiles: Roper (Available Profiles: Roper)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => No File
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ywnmon32.exe.lnk [2014-07-13]
ShortcutTarget: ywnmon32.exe.lnk -> C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe (No File)
HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://infospace.com/
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Windstream\8.3.1.7\ma\bin\npMotive.dll [No File]
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://infospace.com/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ywnmon32.exe.lnk
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {9CFBEB9F-2FC2-491F-B69F-CCC1D30B5EF4} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\Roper\AppData\Local\Temp\IHU2CD4.tmp.exe <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {F0EF6A06-57D6-4FEB-A354-2373F88A3C2E} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\Roper\AppData\Local\Temp\IHU2D61.tmp.exe <==== ATTENTION
C:\Users\Roper\AppData\Local\Temp\IHU2CD4.tmp.exe
C:\Users\Roper\AppData\Local\Temp\IHU2D61.tmp.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
"c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" => Value data removed successfully.
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ywnmon32.exe.lnk => moved successfully
C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe => not found.
HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@Motive.com/NpMotive,version=1.0 => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Roper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14] => Error: No automatic fix found for this entry.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ywnmon32.exe.lnk" => not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278} => key removed successfully



#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:08:12 PM

Posted 05 August 2017 - 07:36 PM

What happened to the fixlist? The one you ran is different from the one I provided.
To err is Human. To blame it on someone else is even more Human.

#7 maroper

maroper
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 05 August 2017 - 08:25 PM

I have absolutely no idea.  The only one I had is the one you gave me.  Should I try to fix again?



#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:08:12 PM

Posted 06 August 2017 - 10:54 AM

I have absolutely no idea.  The only one I had is the one you gave me.  Should I try to fix again?


No need to run that fix again. Just run AdwCleaner and after post the log, and give me a report on how your computer is running.
To err is Human. To blame it on someone else is even more Human.

#9 maroper

maroper
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 06 August 2017 - 06:51 PM

I ran adware and removed all that it found.  Computer seems fine.  

 

This is Adware Cleaner SO log.  Adware Cleaner  CO follows.  Thanks for all your help.

 

 

# AdwCleaner 7.0.1.0 - Logfile created on Sat Aug 05 19:35:17 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-05-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, CouponPrinterService


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Program Files (x86)\Amazon\Amazon1ButtonApp
PUP.Optional.Spigot.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
PUP.Optional.Spigot.Generic, C:\Program Files (x86)\Coupons
Rogue.ForcedExtension, C:\ProgramData\apn
Rogue.ForcedExtension, C:\ProgramData\Application Data\apn
Rogue.ForcedExtension, C:\Users\All Users\apn
PUP.Adware.Heuristic, C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
PUP.Adware.Heuristic, C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
PUP.Adware.Heuristic, C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
PUP.Adware.Heuristic, C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
PUP.Adware.Heuristic, C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\UpdateFiles
PUP.Optional.Legacy, [Key] - HKCU\Software\UpdateFiles
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKCU\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
PUP.Optional.SevereWeatherAlerts, [Key] - HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\SevereWeatherAlerts
PUP.Optional.SevereWeatherAlerts, [Key] - HKCU\Software\SevereWeatherAlerts
PUP.Optional.BrowseFox.A, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

Adware CO

# AdwCleaner 7.0.1.0 - Logfile created on Sat Aug 05 19:35:37 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: CouponPrinterService


***** [ Folders ] *****

Deleted: C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted: C:\Program Files (x86)\Coupons
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
Deleted: C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
Deleted: C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
Deleted: C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
Deleted: C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\UpdateFiles
Deleted: [Key] - HKCU\Software\UpdateFiles
Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted: [Key] - HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKU\S-1-5-21-439927380-4214821038-373526042-1001\Software\SevereWeatherAlerts
Deleted: [Key] - HKCU\Software\SevereWeatherAlerts
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/.~lock.AdwCleaner[S0].txt# - [109 B] - [2017/8/5 19:35:17]
C:/AdwCleaner/AdwCleaner[S0].txt - [5956 B] - [2017/8/5 19:35:17]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:12 PM

Posted 07 August 2017 - 10:14 AM

See https://www.bleepingcomputer.com/forums/t/653316/unknown-infection-of-virus-trojan-spyware-pop-up-ads-appearing/
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:12 PM

Posted 07 August 2017 - 10:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users