Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can only boot laptop using Safe Mode [Solved]

Started by username_mk , Feb 26 2016 08:27 AM

  • This topic is locked This topic is locked

#1
username_mk
Posted 26 February 2016 - 08:27 AM

username_mk

    New Member

  • Member
  • Pip
  • 3 posts

Hi There

 

Read a lot good stuff about you guys.  Hopefully you can help me out.

Running Win 10 on Inspiron 15 Series 7000.  System freezes before logon while attempting to boot normally.  Right now can only run in Safe Mode.

Ran FRST64 as administrator and have attached both the FRST and Addition files.

 

In desperate need of a fixlist.txt file or whatever fix may be needed.

 

Many Thanks!

 

Cheers

Mike

Attached Files


  • 0

Advertisements

#2
username_mk
Posted 26 February 2016 - 09:43 AM

username_mk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Sorry... have a hard time following instructions...

Paste of FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Matthew (administrator) on MATTHIEU (26-02-2016 09:16:03)
Running from D:\Matt
Loaded Profiles: Matthew (Available Profiles: Matthew)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [405424 2015-09-05] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-04-23] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation)
HKLM-x32\...\Run: [MetroTileShortcut] => "C:\Program Files\McAfeeAntiTheft\2.1.170.2\McATUIHost.exe" /IMAT_SHORTCUTS
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [1064592 2015-07-22] (NVIDIA Corporation)
HKU\S-1-5-21-703687859-3442917728-3295428137-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [2012 2016-02-25] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{06e3750f-8354-4b2d-a6e5-76c820542f51}: [DhcpNameServer] 172.168.0.2
Tcpip\..\Interfaces\{e6aac4e3-0e60-4c8c-a6ad-c877e21b5c18}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-703687859-3442917728-3295428137-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-703687859-3442917728-3295428137-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://dell13.msn.com/?pc=dcjb
SearchScopes: HKU\S-1-5-21-703687859-3442917728-3295428137-1001 -> DefaultScope {0FF35A26-9176-4CD6-AF66-557026AF4FC8} URL =

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-01] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-25] (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25]
CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-25]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-25]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-25]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-25]
CHR Extension: (Google Sheets) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-25]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [125440 2013-04-30] (Dell Inc.) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-05] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-01] (Intel Corporation)
S2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-26] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268048 2015-08-05] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-06-01] (Intel Corporation)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [450632 2013-02-22] (RTS Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [91360 2013-04-11] (STMicroelectronics)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-25] ()
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-25 23:03 - 2016-02-25 23:04 - 00000543 _____ C:\Users\Matthew\Desktop\JRT.txt
2016-02-25 22:54 - 2016-02-25 22:56 - 00000000 ____D C:\AdwCleaner
2016-02-25 22:49 - 2016-02-26 07:50 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-25 22:36 - 2016-02-25 22:36 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-02-25 22:35 - 2016-02-25 22:48 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-25 22:20 - 2016-02-26 09:16 - 00000000 ____D C:\FRST
2016-02-25 21:11 - 2016-02-25 21:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-25 21:11 - 2016-02-25 21:11 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-25 21:11 - 2016-02-25 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-25 21:11 - 2016-02-25 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-25 21:11 - 2016-02-25 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-25 21:11 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-25 21:11 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-25 21:11 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-25 20:22 - 2016-02-25 20:22 - 00006144 _____ C:\WINDOWS\system32\umstartup.etl
2016-02-25 20:13 - 2016-02-25 20:26 - 00000000 ____D C:\Users\Matthew\AppData\Local\ElevatedDiagnostics
2016-02-25 20:08 - 2016-02-25 23:01 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-25 20:07 - 2016-02-26 00:46 - 02073956 _____ C:\WINDOWS\ntbtlog.txt
2016-02-25 20:06 - 2016-02-25 18:00 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-25 20:03 - 2016-02-25 20:03 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-25 20:03 - 2016-02-25 20:03 - 00000000 ____D C:\Windows.old
2016-02-25 20:00 - 2016-02-25 20:00 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-25 20:00 - 2016-02-25 20:00 - 00000000 ____D C:\Program Files\MSBuild
2016-02-25 20:00 - 2016-02-25 20:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-25 20:00 - 2016-02-25 20:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-25 19:59 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-02-25 19:59 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-02-25 19:59 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-02-25 19:59 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-02-25 19:59 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-02-25 19:59 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-25 18:02 - 2016-02-25 18:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-02-25 18:01 - 2016-02-25 18:01 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-25 18:01 - 2016-02-25 18:01 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-25 18:01 - 2016-02-25 18:01 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-25 18:01 - 2016-02-25 18:01 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-25 18:01 - 2016-02-25 18:01 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-25 18:01 - 2016-02-25 18:01 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-25 18:00 - 2016-02-25 19:54 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-25 18:00 - 2016-02-25 18:01 - 00000000 ____D C:\Users\Matthew\AppData\Local\Google
2016-02-25 18:00 - 2016-02-25 18:01 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-25 17:59 - 2016-02-25 18:00 - 00987728 _____ (Google Inc.) C:\Users\Matthew\Downloads\ChromeSetup.exe
2016-02-25 17:59 - 2015-07-22 20:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-02-25 17:59 - 2015-07-22 20:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-02-25 17:59 - 2015-07-22 20:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-02-25 17:59 - 2015-07-22 20:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-02-25 17:59 - 2015-07-22 20:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-02-25 17:59 - 2015-07-22 20:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-02-25 17:59 - 2015-07-22 20:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-02-25 17:59 - 2015-07-22 20:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-02-25 17:59 - 2015-07-22 19:44 - 00572048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-02-25 17:59 - 2015-07-21 23:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-02-25 17:56 - 2016-02-25 17:57 - 00000000 ____D C:\Users\Matthew\AppData\Local\MicrosoftEdge
2016-02-25 17:51 - 2016-02-25 17:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-25 17:51 - 2016-02-25 17:53 - 00000000 __SHD C:\Users\Matthew\IntelGraphicsProfiles
2016-02-25 17:51 - 2016-02-25 17:51 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-02-25 17:50 - 2016-02-25 20:16 - 00000000 ___HD C:\OneDriveTemp
2016-02-25 17:50 - 2016-02-25 17:57 - 00002382 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-25 17:50 - 2016-02-25 17:57 - 00000000 ___RD C:\Users\Matthew\OneDrive
2016-02-25 17:50 - 2016-02-25 17:50 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-02-25 17:48 - 2016-02-25 17:48 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-25 17:47 - 2016-02-25 17:47 - 00000000 ____D C:\Users\Matthew\AppData\Local\ActiveSync
2016-02-25 17:46 - 2016-02-25 17:46 - 00000000 ____D C:\Users\Matthew\AppData\Local\Publishers
2016-02-25 17:45 - 2016-02-25 17:45 - 00000020 ___SH C:\Users\Matthew\ntuser.ini
2016-02-25 17:45 - 2016-02-25 17:45 - 00000000 ____D C:\Users\Matthew\AppData\Local\TileDataLayer
2016-02-25 17:45 - 2016-02-25 17:45 - 00000000 ____D C:\Users\Matthew\AppData\Local\Comms
2016-02-25 17:24 - 2016-02-25 17:24 - 00000000 ____D C:\ProgramData\USOShared
2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-25 17:23 - 2016-02-25 17:23 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-25 17:21 - 2016-02-25 23:07 - 00788424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-25 17:21 - 2016-02-25 18:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-25 17:21 - 2016-02-25 17:21 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-02-25 17:16 - 2016-02-25 17:16 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-25 17:14 - 2016-02-25 17:14 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-02-25 17:13 - 2016-02-25 18:03 - 00000000 ____D C:\Users\Matthew
2016-02-25 17:13 - 2016-02-25 17:13 - 00000000 _SHDL C:\Users\Matthew\My Documents
2016-02-25 17:13 - 2016-02-25 17:13 - 00000000 _SHDL C:\Users\Matthew\Documents\My Videos
2016-02-25 17:13 - 2016-02-25 17:13 - 00000000 _SHDL C:\Users\Matthew\Documents\My Pictures
2016-02-25 17:13 - 2016-02-25 17:13 - 00000000 _SHDL C:\Users\Matthew\Documents\My Music
2016-02-25 17:10 - 2016-02-25 17:10 - 00849522 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2016-02-25 17:10 - 2016-02-25 17:10 - 00458970 _____ C:\WINDOWS\system32\Drivers\rtwavesmapro.dat
2016-02-25 17:10 - 2016-02-25 17:10 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ST_Accel_01011.Wdf
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Program Files\Synaptics
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Program Files\STMicroelectronics
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Program Files\Realtek
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Program Files\DIFX
2016-02-25 17:10 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-25 17:10 - 2012-07-13 16:31 - 00022168 _____ (ST Microelectronics) C:\WINDOWS\system32\Drivers\stdcfltn.sys
2016-02-25 17:07 - 2016-02-25 17:52 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-25 16:07 - 2016-02-25 16:07 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-02-25 16:07 - 2016-02-25 16:07 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-02-25 16:01 - 2016-02-25 16:26 - 00000000 ___HD C:\$WINDOWS.~BT.old
2016-02-25 15:35 - 2016-02-25 15:35 - 00000000 ___HD C:\$Windows.~WS.old
2016-02-25 13:47 - 2016-02-25 13:47 - 00000000 ____D C:\Users\Matthew\AppData\Local\softthinks
2016-02-25 13:47 - 2016-02-25 13:47 - 00000000 ____D C:\ProgramData\softthinks
2016-02-25 13:47 - 2013-05-23 20:37 - 00000094 ____H C:\DBAR_Ver.txt
2016-02-25 13:44 - 2016-02-25 17:21 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-703687859-3442917728-3295428137-1001
2016-02-25 02:07 - 2016-02-25 17:22 - 00010449 _____ C:\WINDOWS\diagerr.xml
2016-02-25 02:07 - 2016-02-25 17:22 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-02-25 01:58 - 2016-02-25 15:52 - 00000000 ____D C:\ESD
2016-02-25 01:31 - 2016-02-25 01:31 - 00000000 _____ C:\Recovery.txt
2016-02-25 01:13 - 2016-02-25 01:13 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Macromedia
2016-02-25 01:13 - 2016-02-25 01:13 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Intel Corporation
2016-02-25 01:12 - 2016-02-25 01:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-02-25 01:12 - 2016-02-25 01:12 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Adobe
2016-02-25 01:11 - 2016-02-25 18:02 - 00000000 ____D C:\Users\Matthew\AppData\Local\Packages
2016-02-25 01:11 - 2016-02-25 01:11 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Intel
2016-02-25 01:11 - 2016-02-25 01:11 - 00000000 ____D C:\Users\Matthew\AppData\Local\VirtualStore
2016-02-25 00:32 - 2016-02-25 17:46 - 00000000 __RHD C:\Users\Public\AccountPictures

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-25 22:56 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-25 20:13 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-25 20:06 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-25 18:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-25 18:02 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-25 18:00 - 2013-09-28 12:48 - 00000000 ____D C:\Temp
2016-02-25 18:00 - 2013-09-28 12:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-25 18:00 - 2013-09-28 12:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-25 18:00 - 2013-09-28 12:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-25 17:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help
2016-02-25 17:55 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-25 17:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-25 17:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-25 17:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-25 17:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-25 17:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-25 17:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-25 17:25 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-25 17:24 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-25 17:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-25 17:23 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-25 17:22 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
2016-02-25 17:21 - 2013-09-28 12:46 - 00003014 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2016-02-25 17:21 - 2013-09-28 12:46 - 00002634 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2016-02-25 17:21 - 2013-09-28 12:31 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-02-25 17:21 - 2013-09-28 12:31 - 00003086 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2016-02-25 17:21 - 2013-09-28 12:31 - 00002708 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2016-02-25 17:21 - 2013-09-28 12:03 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-02-25 17:19 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-25 17:16 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-25 17:16 - 2013-09-28 12:52 - 00000000 ____D C:\WINDOWS\en
2016-02-25 17:16 - 2013-09-28 12:51 - 00000000 ____D C:\WINDOWS\fr
2016-02-25 17:16 - 2013-09-28 12:47 - 00000000 ____D C:\Program Files\My Dell
2016-02-25 17:16 - 2013-09-28 12:47 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-02-25 17:16 - 2013-09-28 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-02-25 17:16 - 2013-09-28 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2016-02-25 17:16 - 2013-09-28 12:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-02-25 17:16 - 2012-07-26 00:37 - 00000000 ____D C:\Users\Default.migrated
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-02-25 17:15 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-02-25 17:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-25 17:15 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-25 17:15 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-25 17:15 - 2013-09-28 12:39 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-02-25 17:15 - 2013-09-28 12:31 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-02-25 17:15 - 2013-09-28 12:12 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-02-25 17:14 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-25 17:14 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\IME
2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-25 17:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-25 17:14 - 2013-09-28 12:53 - 00000000 ____D C:\ProgramData\McAfee
2016-02-25 17:14 - 2013-09-28 12:51 - 00000000 ____D C:\ProgramData\PRICache
2016-02-25 17:14 - 2013-09-28 12:47 - 00000000 ____D C:\Program Files\Dell Support Center
2016-02-25 17:14 - 2013-09-28 12:44 - 00000000 ____D C:\Program Files\Intel Corporation
2016-02-25 17:14 - 2013-09-28 12:29 - 00000000 ____D C:\Program Files\Intel
2016-02-25 17:14 - 2013-09-28 12:29 - 00000000 ____D C:\Program Files (x86)\Intel
2016-02-25 17:12 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-25 17:07 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-25 16:09 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2016-02-25 16:08 - 2013-09-28 12:30 - 00000000 ____D C:\ProgramData\Intel
2016-02-25 16:05 - 2013-09-28 12:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-25 16:05 - 2013-09-28 12:29 - 00000000 ____D C:\Intel
2016-02-25 15:36 - 2012-08-05 09:08 - 00804516 _____ C:\WINDOWS\system32\perfh00C.dat
2016-02-25 15:36 - 2012-08-05 09:08 - 00159844 _____ C:\WINDOWS\system32\perfc00C.dat
2016-02-25 02:28 - 2013-09-28 12:47 - 00000000 ____D C:\ProgramData\PCDr

Some files in TEMP:
====================
C:\Users\Matthew\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Matthew\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-25 17:07

==================== End of FRST.txt ============================

 

Paste of Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by Matthew (2016-02-26 09:16:42)
Running from D:\Matt
Windows 10 Home Version 1511 (X64) (2016-02-25 22:43:56)
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-703687859-3442917728-3295428137-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-703687859-3442917728-3295428137-503 - Limited - Disabled)
Guest (S-1-5-21-703687859-3442917728-3295428137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-703687859-3442917728-3295428137-1005 - Limited - Enabled)
Matthew (S-1-5-21-703687859-3442917728-3295428137-1001 - Administrator - Enabled) => C:\Users\Matthew

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Custom Help (Version: 16.00.4000.0176 - Intel Corporation) Hidden
Dell Digital Delivery (HKLM-x32\...\{C0C47F85-F48F-4709-9150-3FA62FA2DEAF}) (Version: 2.6.1000.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.13 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36943 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.1.1306.0354 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8650723d-1a15-4dc8-8679-e4050178aa58}) (Version: 16.0.5 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.12 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21220 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0040 - ST Microelectronics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2DD6012C-8A76-4B34-8D73-1CEB6A14BA71} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-04] (Synaptics Incorporated)
Task: {2F98C0DB-AA9D-4847-90F3-33E9934EEBE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-25] (Google Inc.)
Task: {37ECC1B6-23B6-48EA-BC69-B9A3C83B0E95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-25] (Google Inc.)
Task: {4CE1F363-0FB3-4667-82AA-2400C0650EC4} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {6A341664-4CD9-435F-978E-12ADE9AB629B} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {8218DE40-25A9-4E7A-AF75-03F2C3F80B26} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {A465DBB3-F405-47BB-A7FC-F2ECE2F0C456} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {AA5D95BF-BEAF-4863-867E-63C047068F6F} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {BA39DC1C-987A-4E04-AEC1-C1DE6986A902} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {FE5A5744-1AF8-4547-98B8-A34B7286CB95} - \SystemToolsDailyTest -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-703687859-3442917728-3295428137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\holocene.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{101F7B29-9EE9-4000-B7DF-57EFE6EE3311}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{74631D86-7499-4EAD-9192-DCDFD24C3492}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{862B77B1-7953-46B6-BA26-3C0A1D747FF8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1E2CB5AC-DE3E-46C4-AC9D-4B3D5BB539D7}] => (Allow) LPort=1900
FirewallRules: [{4B3EA2B5-7C48-4474-9C25-31E042D93606}] => (Allow) LPort=2869
FirewallRules: [{02BBF0B2-76F0-4140-A762-CB4362D32E13}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{01C3AA90-2F17-4C3E-9D01-54FF15183E79}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{81EAF235-5E96-412D-AD48-2822EAC5F7CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-02-2016 17:25:36 Windows Modules Installer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2016 07:52:22 AM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

Error: (02/26/2016 07:52:22 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (02/26/2016 07:52:22 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A

Error: (02/26/2016 07:52:21 AM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

Error: (02/26/2016 07:52:21 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (02/26/2016 07:52:21 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A

Error: (02/26/2016 07:44:42 AM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

Error: (02/26/2016 07:44:42 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (02/26/2016 07:44:42 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A

Error: (02/26/2016 07:44:41 AM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

System errors:
=============
Error: (02/26/2016 09:16:52 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084EventSystemUnavailable{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/26/2016 09:16:43 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/26/2016 09:16:43 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/26/2016 09:16:43 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/26/2016 09:16:04 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/26/2016 09:16:04 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/26/2016 09:16:04 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/26/2016 09:15:58 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/26/2016 09:15:51 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/26/2016 09:15:41 AM) (Source: DCOM) (EventID: 10005) (User: MATTHIEU)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

CodeIntegrity:
===================================
  Date: 2016-02-25 17:43:02.867
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-25 17:23:26.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-25 17:21:59.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-25 17:20:27.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-25 17:10:05.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 17%
Total physical RAM: 16090.57 MB
Available physical RAM: 13343.23 MB
Total Virtual: 19034.57 MB
Available Virtual: 16788.35 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:915.96 GB) (Free:856.74 GB) NTFS
Drive d: (SINGULARITY) (Removable) (Total:29.07 GB) (Free:13.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7039C345)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


  • 0

#3
BrianDrab
Posted 28 February 2016 - 10:03 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi and welcome to G2G. I've reviewed your information and have some questions.

 

1. Can you pinpoint when this started? Was it after you upgraded to Windows 10 or did it work for awhile and then start?

2. I see you have run a lot of malware related tools. What makes you think you have malware? Just the fact that the OS doesn't boot normally?

3. What have you tried so far to resolve the issue?

 

Thanks.


  • 0

#4
username_mk
Posted 28 February 2016 - 11:33 AM

username_mk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi and welcome to G2G. I've reviewed your information and have some questions.

 

1. Can you pinpoint when this started? Was it after you upgraded to Windows 10 or did it work for awhile and then start?

2. I see you have run a lot of malware related tools. What makes you think you have malware? Just the fact that the OS doesn't boot normally?

3. What have you tried so far to resolve the issue?

 

Thanks.

 

Hi Brian

 

Please let's put this on hold for now...  I restored to original factory settings and it seems to be OK for the time being (back to Win8).

 

The reason why I thought this to be a virus: upon checking the event viewer system logs I noticed a ton of: "DCOM error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server" error messages. 

After googling the error many of the incidents were related to malware.  I came across this site which recommended to run these utilities to source out the issue.  The RogueKiller utility did point out a couple of PuP issues in the registry.  I was hesitant to run "delete" afterwards as I wasn't sure if other issues would surfaces as a result.  So opted just to restore factory settings and it seems to be OK.  Will also run Norton up against it - hopefully it may fix the issue.

 

Many thanks for getting back to me!!  Really appreciate it!

 

Cheers

Mike


  • 0

#5
BrianDrab
Posted 28 February 2016 - 05:38 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. Thanks for letting us know.


  • 0

#6
BrianDrab
Posted 28 February 2016 - 05:38 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP