Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer performance has slowly degraded


  • Please log in to reply

#1
rocket985

rocket985

    Member

  • Member
  • PipPip
  • 64 posts

Over the past year my box has slowed down in seemingly all was.  Browsing and downloading are the most prominent with some slowing of basic functions ie: file search, copy ect.

 

I've used this forum in the past for an old box, so many thanks in advance.

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017

Ran by dad (administrator) on JC (07-03-2017 15:13:30)
Running from C:\Users\dad\Desktop
Loaded Profiles: dad (Available Profiles: dad)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1475711669\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2a\AOL.EXE [80816 2016-09-22] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-02-22]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-02-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{39834797-98f2-40d8-84c2-302e5e2cd513}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-02-22] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-02-22] (Webroot)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-03] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-02-22] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-02-22] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-03] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-02-22] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-02-22] (Webroot)
 
FireFox:
========
FF ProfilePath: C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081 [2017-03-07]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081\features\{0be29a3a-3eb3-4cbc-b703-ecf9760613e0}\[email protected] [2017-03-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
CHR Extension: (Google Slides) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]
CHR Extension: (Google Drive) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (YouTube) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Google Sheets) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-02-24]
CHR Extension: (Webroot Password Manager) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-17]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-03-06] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [116736 2014-02-13] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nuviocir; C:\WINDOWS\System32\drivers\nuviocir_x64.sys [39704 2013-07-11] (Nuvoton Technology Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-02-22] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2017-02-22] (Webroot)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 15:13 - 2017-03-07 15:13 - 00014857 _____ C:\Users\dad\Desktop\FRST.txt
2017-03-02 06:33 - 2017-03-02 06:34 - 00412996 _____ C:\WINDOWS\Minidump\030217-19015-01.dmp
2017-02-27 06:11 - 2017-02-27 06:11 - 00421244 _____ C:\WINDOWS\Minidump\022717-20734-01.dmp
2017-02-24 06:37 - 2017-02-24 06:37 - 00413108 _____ C:\WINDOWS\Minidump\022417-21125-01.dmp
2017-02-23 14:53 - 2017-02-23 14:54 - 00412972 _____ C:\WINDOWS\Minidump\022317-20718-01.dmp
2017-02-23 10:37 - 2017-02-23 10:37 - 00413028 _____ C:\WINDOWS\Minidump\022317-19578-01.dmp
2017-02-22 20:49 - 2017-02-22 20:49 - 00193072 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-02-22 20:49 - 2017-02-22 20:49 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00126696 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-02-22 20:49 - 2017-02-22 20:49 - 00066328 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Users\dad\AppData\Local\lptmp
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Webroot
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Common Files\Webroot
2017-02-22 20:46 - 2017-03-06 20:24 - 00000000 ____D C:\ProgramData\WRData
2017-02-21 17:12 - 2017-02-21 17:12 - 00092292 _____ C:\Users\dad\Documents\ann_Corporation_dba_Granite_and_Marble_Solutions_15_3964.pdf
2017-02-20 18:42 - 2017-02-20 18:43 - 00413212 _____ C:\WINDOWS\Minidump\022017-19781-01.dmp
2017-02-20 18:28 - 2017-02-20 18:28 - 00413068 _____ C:\WINDOWS\Minidump\022017-19046-01.dmp
2017-02-20 10:40 - 2017-02-20 10:40 - 00507427 _____ C:\Users\dad\Documents\ProposalClifton310WaterfieldCtJohnsCreek(2017-0217).pdf
2017-02-18 13:43 - 2017-02-18 13:43 - 00413220 _____ C:\WINDOWS\Minidump\021817-21484-01.dmp
2017-02-18 12:49 - 2017-02-18 12:49 - 00413052 _____ C:\WINDOWS\Minidump\021817-20046-01.dmp
2017-02-18 12:22 - 2017-02-18 12:22 - 00413164 _____ C:\WINDOWS\Minidump\021817-19640-01.dmp
2017-02-18 06:31 - 2017-02-18 06:31 - 00413100 _____ C:\WINDOWS\Minidump\021817-19953-01.dmp
2017-02-18 06:16 - 2017-02-18 06:17 - 00413028 _____ C:\WINDOWS\Minidump\021817-19453-01.dmp
2017-02-18 04:25 - 2017-02-18 04:25 - 00412996 _____ C:\WINDOWS\Minidump\021817-20109-01.dmp
2017-02-18 03:32 - 2017-02-18 03:32 - 00413036 _____ C:\WINDOWS\Minidump\021817-18359-01.dmp
2017-02-18 02:31 - 2017-02-18 02:31 - 00413044 _____ C:\WINDOWS\Minidump\021817-19687-01.dmp
2017-02-18 00:37 - 2017-02-18 00:37 - 00413036 _____ C:\WINDOWS\Minidump\021817-19593-01.dmp
2017-02-16 17:29 - 2017-02-16 17:29 - 00413172 _____ C:\WINDOWS\Minidump\021617-21218-01.dmp
2017-02-11 11:58 - 2017-02-12 13:33 - 00000000 ____D C:\Users\dad\Documents\Cleanfoodcrush
2017-02-11 05:01 - 2017-02-11 05:01 - 00413132 _____ C:\WINDOWS\Minidump\021117-18218-01.dmp
2017-02-09 22:26 - 2017-02-09 22:26 - 00413044 _____ C:\WINDOWS\Minidump\020917-20593-01.dmp
2017-02-09 16:13 - 2017-02-09 16:13 - 00413180 _____ C:\WINDOWS\Minidump\020917-21125-01.dmp
2017-02-05 17:48 - 2017-02-05 17:48 - 00418522 _____ C:\Users\dad\Documents\2016TurboTaxReturn- Emily Clifton.pdf
2017-02-05 17:48 - 2017-02-05 17:48 - 00036819 _____ C:\Users\dad\Documents\ElectronicStatement.pdf
2017-02-05 17:46 - 2017-02-05 17:46 - 00418522 _____ C:\Users\dad\Downloads\2016TurboTaxReturn (1).pdf
2017-02-05 17:45 - 2017-02-05 17:45 - 00418522 _____ C:\Users\dad\Downloads\2016TurboTaxReturn.pdf
2017-02-05 04:39 - 2017-02-05 04:39 - 00413132 _____ C:\WINDOWS\Minidump\020517-18984-01.dmp
2017-02-05 01:42 - 2017-02-05 01:43 - 00413100 _____ C:\WINDOWS\Minidump\020517-19312-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 15:13 - 2016-12-11 08:47 - 00000000 ____D C:\FRST
2017-03-07 15:13 - 2016-12-11 08:46 - 02423808 _____ (Farbar) C:\Users\dad\Desktop\FRST64.exe
2017-03-07 15:12 - 2016-11-17 21:14 - 00000000 ____D C:\Users\dad\AppData\LocalLow\Mozilla
2017-03-07 15:07 - 2016-10-05 18:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-07 14:15 - 2016-11-17 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-07 14:15 - 2016-10-05 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-07 13:57 - 2016-11-17 07:17 - 00000000 ____D C:\Users\dad\Desktop\Old Firefox Data
2017-03-07 06:30 - 2016-10-05 18:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-07 06:30 - 2015-03-22 21:18 - 00000000 __SHD C:\Users\dad\IntelGraphicsProfiles
2017-03-06 19:12 - 2016-10-05 18:38 - 00004136 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0D2A5408-F299-4DB7-8697-E24FF3C48965}
2017-03-06 08:14 - 2016-12-11 09:14 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-06 08:14 - 2016-10-05 18:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-05 16:28 - 2016-10-05 20:45 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-03-05 10:20 - 2016-10-05 21:49 - 642006430 _____ C:\WINDOWS\MEMORY.DMP
2017-03-05 10:20 - 2016-10-05 21:49 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-05 10:20 - 2016-10-05 18:22 - 00000000 ____D C:\Users\dad
2017-03-04 22:13 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-02 06:51 - 2016-12-15 17:46 - 00003260 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 06:51 - 2016-10-05 18:35 - 00002364 _____ C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 06:51 - 2015-04-18 21:32 - 00000000 __RDO C:\Users\dad\OneDrive
2017-02-27 18:49 - 2016-10-05 21:09 - 00000000 ____D C:\Windows.old
2017-02-26 17:12 - 2015-12-28 15:29 - 00000376 _____ C:\Users\dad\Downloads\SH.m3u
2017-02-22 20:49 - 2015-12-10 21:02 - 00000000 ____D C:\Users\dad\AppData\LocalLow\LastPass
2017-02-22 20:35 - 2015-05-13 09:04 - 00000000 ____D C:\Users\dad\Documents\Rockets
2017-02-22 10:59 - 2016-10-05 22:06 - 00000000 ____D C:\Users\dad\AppData\Local\Microsoft Games
2017-02-21 09:54 - 2016-10-05 19:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-15 14:43 - 2016-11-14 20:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-06 16:10 - 2016-10-08 09:11 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 16:10 - 2016-10-08 09:11 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2017-02-22 20:49 - 2017-02-22 22:31 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-10-05 18:18 - 2016-10-05 18:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-25 21:21
 
==================== End of FRST.txt ============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by dad (administrator) on JC (07-03-2017 15:13:30)
Running from C:\Users\dad\Desktop
Loaded Profiles: dad (Available Profiles: dad)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1475711669\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2a\AOL.EXE [80816 2016-09-22] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-02-22]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-02-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{39834797-98f2-40d8-84c2-302e5e2cd513}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-02-22] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-02-22] (Webroot)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-03] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-02-22] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-02-22] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-03] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-02-22] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-02-22] (Webroot)
 
FireFox:
========
FF ProfilePath: C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081 [2017-03-07]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081\features\{0be29a3a-3eb3-4cbc-b703-ecf9760613e0}\[email protected] [2017-03-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
CHR Extension: (Google Slides) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]
CHR Extension: (Google Drive) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (YouTube) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Google Sheets) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-02-24]
CHR Extension: (Webroot Password Manager) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-17]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-03-06] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [116736 2014-02-13] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nuviocir; C:\WINDOWS\System32\drivers\nuviocir_x64.sys [39704 2013-07-11] (Nuvoton Technology Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-02-22] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2017-02-22] (Webroot)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 15:13 - 2017-03-07 15:13 - 00014857 _____ C:\Users\dad\Desktop\FRST.txt
2017-03-02 06:33 - 2017-03-02 06:34 - 00412996 _____ C:\WINDOWS\Minidump\030217-19015-01.dmp
2017-02-27 06:11 - 2017-02-27 06:11 - 00421244 _____ C:\WINDOWS\Minidump\022717-20734-01.dmp
2017-02-24 06:37 - 2017-02-24 06:37 - 00413108 _____ C:\WINDOWS\Minidump\022417-21125-01.dmp
2017-02-23 14:53 - 2017-02-23 14:54 - 00412972 _____ C:\WINDOWS\Minidump\022317-20718-01.dmp
2017-02-23 10:37 - 2017-02-23 10:37 - 00413028 _____ C:\WINDOWS\Minidump\022317-19578-01.dmp
2017-02-22 20:49 - 2017-02-22 20:49 - 00193072 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-02-22 20:49 - 2017-02-22 20:49 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00126696 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-02-22 20:49 - 2017-02-22 20:49 - 00066328 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Users\dad\AppData\Local\lptmp
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Webroot
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Common Files\Webroot
2017-02-22 20:46 - 2017-03-06 20:24 - 00000000 ____D C:\ProgramData\WRData
2017-02-21 17:12 - 2017-02-21 17:12 - 00092292 _____ C:\Users\dad\Documents\ann_Corporation_dba_Granite_and_Marble_Solutions_15_3964.pdf
2017-02-20 18:42 - 2017-02-20 18:43 - 00413212 _____ C:\WINDOWS\Minidump\022017-19781-01.dmp
2017-02-20 18:28 - 2017-02-20 18:28 - 00413068 _____ C:\WINDOWS\Minidump\022017-19046-01.dmp
2017-02-20 10:40 - 2017-02-20 10:40 - 00507427 _____ C:\Users\dad\Documents\ProposalClifton310WaterfieldCtJohnsCreek(2017-0217).pdf
2017-02-18 13:43 - 2017-02-18 13:43 - 00413220 _____ C:\WINDOWS\Minidump\021817-21484-01.dmp
2017-02-18 12:49 - 2017-02-18 12:49 - 00413052 _____ C:\WINDOWS\Minidump\021817-20046-01.dmp
2017-02-18 12:22 - 2017-02-18 12:22 - 00413164 _____ C:\WINDOWS\Minidump\021817-19640-01.dmp
2017-02-18 06:31 - 2017-02-18 06:31 - 00413100 _____ C:\WINDOWS\Minidump\021817-19953-01.dmp
2017-02-18 06:16 - 2017-02-18 06:17 - 00413028 _____ C:\WINDOWS\Minidump\021817-19453-01.dmp
2017-02-18 04:25 - 2017-02-18 04:25 - 00412996 _____ C:\WINDOWS\Minidump\021817-20109-01.dmp
2017-02-18 03:32 - 2017-02-18 03:32 - 00413036 _____ C:\WINDOWS\Minidump\021817-18359-01.dmp
2017-02-18 02:31 - 2017-02-18 02:31 - 00413044 _____ C:\WINDOWS\Minidump\021817-19687-01.dmp
2017-02-18 00:37 - 2017-02-18 00:37 - 00413036 _____ C:\WINDOWS\Minidump\021817-19593-01.dmp
2017-02-16 17:29 - 2017-02-16 17:29 - 00413172 _____ C:\WINDOWS\Minidump\021617-21218-01.dmp
2017-02-11 11:58 - 2017-02-12 13:33 - 00000000 ____D C:\Users\dad\Documents\Cleanfoodcrush
2017-02-11 05:01 - 2017-02-11 05:01 - 00413132 _____ C:\WINDOWS\Minidump\021117-18218-01.dmp
2017-02-09 22:26 - 2017-02-09 22:26 - 00413044 _____ C:\WINDOWS\Minidump\020917-20593-01.dmp
2017-02-09 16:13 - 2017-02-09 16:13 - 00413180 _____ C:\WINDOWS\Minidump\020917-21125-01.dmp
2017-02-05 17:48 - 2017-02-05 17:48 - 00418522 _____ C:\Users\dad\Documents\2016TurboTaxReturn- Emily Clifton.pdf
2017-02-05 17:48 - 2017-02-05 17:48 - 00036819 _____ C:\Users\dad\Documents\ElectronicStatement.pdf
2017-02-05 17:46 - 2017-02-05 17:46 - 00418522 _____ C:\Users\dad\Downloads\2016TurboTaxReturn (1).pdf
2017-02-05 17:45 - 2017-02-05 17:45 - 00418522 _____ C:\Users\dad\Downloads\2016TurboTaxReturn.pdf
2017-02-05 04:39 - 2017-02-05 04:39 - 00413132 _____ C:\WINDOWS\Minidump\020517-18984-01.dmp
2017-02-05 01:42 - 2017-02-05 01:43 - 00413100 _____ C:\WINDOWS\Minidump\020517-19312-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 15:13 - 2016-12-11 08:47 - 00000000 ____D C:\FRST
2017-03-07 15:13 - 2016-12-11 08:46 - 02423808 _____ (Farbar) C:\Users\dad\Desktop\FRST64.exe
2017-03-07 15:12 - 2016-11-17 21:14 - 00000000 ____D C:\Users\dad\AppData\LocalLow\Mozilla
2017-03-07 15:07 - 2016-10-05 18:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-07 14:15 - 2016-11-17 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-07 14:15 - 2016-10-05 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-07 13:57 - 2016-11-17 07:17 - 00000000 ____D C:\Users\dad\Desktop\Old Firefox Data
2017-03-07 06:30 - 2016-10-05 18:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-07 06:30 - 2015-03-22 21:18 - 00000000 __SHD C:\Users\dad\IntelGraphicsProfiles
2017-03-06 19:12 - 2016-10-05 18:38 - 00004136 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0D2A5408-F299-4DB7-8697-E24FF3C48965}
2017-03-06 08:14 - 2016-12-11 09:14 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-06 08:14 - 2016-10-05 18:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-05 16:28 - 2016-10-05 20:45 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-03-05 10:20 - 2016-10-05 21:49 - 642006430 _____ C:\WINDOWS\MEMORY.DMP
2017-03-05 10:20 - 2016-10-05 21:49 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-05 10:20 - 2016-10-05 18:22 - 00000000 ____D C:\Users\dad
2017-03-04 22:13 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-02 06:51 - 2016-12-15 17:46 - 00003260 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 06:51 - 2016-10-05 18:35 - 00002364 _____ C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 06:51 - 2015-04-18 21:32 - 00000000 __RDO C:\Users\dad\OneDrive
2017-02-27 18:49 - 2016-10-05 21:09 - 00000000 ____D C:\Windows.old
2017-02-26 17:12 - 2015-12-28 15:29 - 00000376 _____ C:\Users\dad\Downloads\SH.m3u
2017-02-22 20:49 - 2015-12-10 21:02 - 00000000 ____D C:\Users\dad\AppData\LocalLow\LastPass
2017-02-22 20:35 - 2015-05-13 09:04 - 00000000 ____D C:\Users\dad\Documents\Rockets
2017-02-22 10:59 - 2016-10-05 22:06 - 00000000 ____D C:\Users\dad\AppData\Local\Microsoft Games
2017-02-21 09:54 - 2016-10-05 19:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-15 14:43 - 2016-11-14 20:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-06 16:10 - 2016-10-08 09:11 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 16:10 - 2016-10-08 09:11 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2017-02-22 20:49 - 2017-02-22 22:31 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-10-05 18:18 - 2016-10-05 18:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-25 21:21
 
==================== End of FRST.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You posted the scan log twice.  Do you have the Addition.txt log?

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 
 

  • 0

#3
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by dad (07-03-2017 15:14:08)
Running from C:\Users\dad\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-05 23:30:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1181104008-4076506379-556746162-500 - Administrator - Disabled)
dad (S-1-5-21-1181104008-4076506379-556746162-1001 - Administrator - Enabled) => C:\Users\dad
DefaultAccount (S-1-5-21-1181104008-4076506379-556746162-503 - Limited - Disabled)
Guest (S-1-5-21-1181104008-4076506379-556746162-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7255 - Realtek Semiconductor Corp.)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 2.0.0.0 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3105063E-AC1E-4BEF-AADF-DD121A93A941} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {46FE8DEF-9995-441E-8C8D-35866210B9B9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {4A99F80C-3A2B-46F9-9277-415961ECF489} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.)
Task: {58152FD6-8950-47A4-865D-340271CAFFBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B59209B7-0384-4201-BB4A-D4220F266379} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-11 09:14 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 07:58 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-30 07:58 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-27 15:50 - 2016-05-27 15:50 - 00402520 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-30 07:58 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 21:21 - 2016-09-27 21:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 13:35 - 2016-10-05 04:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-27 15:43 - 2016-10-14 22:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-27 15:44 - 2016-10-14 22:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-27 15:43 - 2016-10-14 22:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-27 15:44 - 2016-10-14 22:34 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-27 15:43 - 2016-10-14 22:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-27 15:44 - 2016-10-14 22:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2008-07-04 00:38 - 2008-07-04 00:38 - 00002048 _____ () C:\Program Files\Microsoft Games\SpiderSolitaire\slc.dll
2016-12-11 09:14 - 2016-11-08 09:46 - 00693248 _____ () C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\zlib.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\libcef.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\libglesv2.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\libegl.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 00539648 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\sqlite3.dll
2016-09-22 17:40 - 2016-09-22 17:40 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\Components\Tier2Svc.dll
2016-09-22 17:40 - 2016-09-22 17:40 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\Components\DataSvcs.dll
2016-05-23 17:35 - 2016-05-23 17:35 - 45365248 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\libcef.dll
2016-05-23 17:35 - 2016-05-23 17:35 - 01643008 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\libglesv2.dll
2016-05-23 17:35 - 2016-05-23 17:35 - 00074752 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-10-05 21:00 - 2016-10-05 20:58 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E4A2F621-48DA-48D3-A238-F03E5B419E2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E67CBF9-E887-4B55-991F-036A25451DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA52A6EA-B6A4-4EA3-BC28-CD6620500961}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{09D0D0DB-747F-419F-AF57-F2C993B425E7}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{4C5BD26A-063B-41C6-8EFC-8E4C44E6FE50}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{4F1C02EF-5E3F-454D-A7B3-D0640009C8B7}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{CC778198-EB17-484B-93EE-FEB6E82CBAF3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
FirewallRules: [{F07ACDCF-DAE9-494B-BFDF-10E6850469F9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
FirewallRules: [{6F778937-566B-4C18-97D0-1A82025FCBC9}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{4870A06B-F106-4401-AEC7-DDAF3C34B6D8}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{7C301257-AC5C-4561-A00A-E36F53C15D46}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{E5FE5BAC-E13F-46B6-ABE0-41F44E1A7B97}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{64DC935F-450F-40AD-97AB-3CFD79593240}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C6F09509-E5C9-4601-B510-91A1261C3BE1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{EF1FB62C-C1ED-440C-B056-C2E4A6344968}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{DD9AE200-0833-4F52-B7F2-7272B22EE73F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{518D31C0-5299-41E8-B9C2-924A4891773C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
FirewallRules: [{0AAE3AA5-08CE-483D-BABE-FD53A9DB97CA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
FirewallRules: [{6D9B9004-B3C1-4CE5-9985-F7B63722029C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{13A32505-23F3-4846-8385-2322616994ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7FA37FD2-CC78-4B34-B392-0C9885821D18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B04D3D94-7C37-4E8B-A953-0C1C2F983DC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{116E41F3-D973-45F3-80B8-3833A1B87805}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3D7170A3-ECD4-425D-9DCD-0C24A1A99902}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-02-2017 18:56:49 Scheduled Checkpoint
23-02-2017 20:38:04 Scheduled Checkpoint
04-03-2017 18:33:54 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2017 02:20:44 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -590.

Error: (03/07/2017 02:20:44 PM) (Source: ESENT) (EventID: 543) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Previous log's accumulated segment checksum mismatch in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log, Expected: 0x61841e7b7198f4da, Actual: 0x7d217d218496c87e.

Error: (03/07/2017 02:18:44 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -590.

Error: (03/07/2017 02:18:44 PM) (Source: ESENT) (EventID: 543) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Previous log's accumulated segment checksum mismatch in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log, Expected: 0x61841e7b7198f4da, Actual: 0x7d217d218496c87e.

Error: (03/07/2017 02:16:44 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -590.

Error: (03/07/2017 02:16:44 PM) (Source: ESENT) (EventID: 543) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Previous log's accumulated segment checksum mismatch in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log, Expected: 0x61841e7b7198f4da, Actual: 0x7d217d218496c87e.

Error: (03/07/2017 02:14:41 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -590.

Error: (03/07/2017 02:14:41 PM) (Source: ESENT) (EventID: 543) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Previous log's accumulated segment checksum mismatch in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log, Expected: 0x61841e7b7198f4da, Actual: 0x7d217d218496c87e.

Error: (03/07/2017 09:53:58 AM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -590.

Error: (03/07/2017 09:53:58 AM) (Source: ESENT) (EventID: 543) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Previous log's accumulated segment checksum mismatch in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log, Expected: 0x61841e7b7198f4da, Actual: 0x7d217d218496c87e.


System errors:
=============
Error: (03/07/2017 02:22:43 PM) (Source: DCOM) (EventID: 10010) (User: JC)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/07/2017 02:20:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443790

Error: (03/07/2017 02:20:43 PM) (Source: DCOM) (EventID: 10010) (User: JC)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/07/2017 02:18:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443790

Error: (03/07/2017 02:18:43 PM) (Source: DCOM) (EventID: 10010) (User: JC)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/07/2017 02:16:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443790

Error: (03/07/2017 02:16:41 PM) (Source: DCOM) (EventID: 10010) (User: JC)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/07/2017 02:14:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443790

Error: (03/07/2017 09:55:57 AM) (Source: DCOM) (EventID: 10010) (User: JC)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/07/2017 09:53:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443790


==================== Memory info ===========================

Processor: Intel® Core™ i3-4150T CPU @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 8100.28 MB
Available physical RAM: 4974.32 MB
Total Virtual: 9380.28 MB
Available Virtual: 5836.2 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.05 GB) (Free:864.44 GB) NTFS
Drive e: (Seagate Slim Drive) (Fixed) (Total:465.76 GB) (Free:418.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D1889823)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A4A02841)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
armsvc.exe        1,264 K    6,232 K    2360    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
dasHost.exe        4,656 K    15,984 K    1496            
GoogleCrashHandler.exe        1,492 K    116 K    6140            
GoogleCrashHandler64.exe        1,472 K    80 K    4668            
igfxCUIService.exe        1,856 K    8,396 K    1776    igfxCUIService Module    Intel Corporation    (Verified) Intel® pGFX
igfxEM.exe        3,628 K    4,696 K    5116    igfxEM Module    Intel Corporation    (Verified) Intel® pGFX
igfxHK.exe        2,400 K    3,468 K    4152    igfxHK Module    Intel Corporation    (Verified) Intel® pGFX
igfxTray.exe        3,256 K    4,988 K    4220            (Verified) Intel® pGFX
jusched.exe        1,348 K    2,680 K    6560    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
lsass.exe        5,316 K    14,312 K    792    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
mbamtray.exe        12,952 K    5,732 K    1268    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
mDNSResponder.exe        1,708 K    6,396 K    2376    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
Memory Compression        144 K    31,516 K    2604            
OneDrive.exe        6,508 K    19,424 K    5612    Microsoft OneDrive    Microsoft Corporation    (Verified) Microsoft Corporation
PresentationFontCache.exe        25,248 K    17,804 K    4284    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
procexp.exe        3,108 K    10,364 K    17004    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
RAVBg64.exe        6,928 K    4,712 K    6060    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RAVCpl64.exe        4,560 K    13,048 K    1952    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RuntimeBroker.exe        19,100 K    35,764 K    1736    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        32,876 K    30,628 K    5028    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
SearchUI.exe    Suspended    54,248 K    652 K    5024    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        3,020 K    7,752 K    768            
SettingSyncHost.exe        4,692 K    620 K    5228    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe    Suspended    29,072 K    49,804 K    4920    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
shellmon.exe        1,116 K    5,640 K    5316    waolmon    AOL Inc.    (Verified) AOL Inc.
sihost.exe        5,060 K    12,912 K    3828    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        364 K    1,124 K    372            
spoolsv.exe        8,616 K    20,756 K    2088    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,888 K    21,288 K    3720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,980 K    11,216 K    1956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,632 K    14,840 K    1220    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,288 K    22,380 K    2384    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        16,740 K    28,184 K    1264    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,860 K    17,176 K    2472    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,472 K    9,728 K    968    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,468 K    9,508 K    1868    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,684 K    14,588 K    2868    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,636 K    19,156 K    1556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        13,776 K    24,276 K    1248    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,352 K    23,812 K    896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,552 K    12,156 K    2520    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        11,492 K    29,672 K    1252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
TabTip32.exe        1,204 K    4,552 K    5828            
taskhostw.exe        5,984 K    8,412 K    4008    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,036 K    4,932 K    692            
winlogon.exe        2,000 K    8,944 K    248            
WUDFHost.exe        2,116 K    7,948 K    1516            
MBAMService.exe    < 0.01    20,968 K    41,528 K    2408    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
svchost.exe    < 0.01    21,896 K    54,520 K    536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    69,400 K    78,324 K    1064    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
iTunesHelper.exe    < 0.01    4,036 K    3,580 K    3360    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
csrss.exe    < 0.01    1,440 K    4,052 K    592            
aolsoftware.exe    < 0.01    7,980 K    7,220 K    6540    AOL    AOL Inc.    (Verified) AOL Inc.
AppleMobileDeviceService.exe    < 0.01    3,368 K    11,940 K    2368    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
AOLacsd.exe    < 0.01    4,160 K    7,152 K    6988    AOL Connectivity Service    AOL Inc.    (Verified) AOL Inc.
KHALMNPR.exe    < 0.01    3,604 K    4,416 K    2428    Logitech KHAL Main Process    Logitech, Inc.    (Verified) Logitech
iPodService.exe    < 0.01    2,156 K    7,636 K    6448    iPodService Module (64-bit)    Apple Inc.    (Verified) Apple Inc.
explorer.exe    0.01    38,120 K    64,500 K    4464    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
WRSA.exe    0.06    24,244 K    10,568 K    1432    Webroot SecureAnywhere    Webroot    (Verified) Webroot Inc.
SpiderSolitaire.exe    0.06    131,244 K    122,676 K    8584    Executable for Spider Solitaire Game    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
waol.exe    0.09    83,584 K    18,492 K    6180    AOL Software    AOL Inc.    (Verified) AOL Inc.
TabTip.exe    0.11    3,656 K    14,344 K    5704            
WRSA.exe    0.12    11,336 K    720 K    3492    Webroot SecureAnywhere    Webroot    (Verified) Webroot Inc.
System    0.23    128 K    1,156 K    4            
csrss.exe    0.24    2,308 K    8,192 K    704            
SetPoint.exe    0.29    25,328 K    14,632 K    6108    Logitech SetPoint Event Manager (UNICODE)    Logitech, Inc.    (Verified) Logitech Inc
Interrupts    0.51    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    0.98    49,816 K    63,856 K    596            
audiodg.exe    1.12    21,944 K    22,736 K    5620            
firefox.exe    1.14    237,320 K    290,456 K    8112    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
procexp64.exe    1.28    21,120 K    51,128 K    13984    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
wmplayer.exe    4.00    54,148 K    75,804 K    4172    Windows Media Player    Microsoft Corporation    (Verified) Microsoft Windows
System Idle Process    89.74    0 K    4 K    0            

 


  • 0

#4
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

AttachedAttached File  JC.txt   81.3KB   346 downloads


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I think this error is the key:

 

Error: (03/07/2017 09:53:58 AM) (Source: ESENT) (EventID: 543) (User: )
Description: wuaueng.dll (540) SUS20ClientDataStore: Previous log's accumulated segment checksum mismatch in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log, Expected: 0x61841e7b7198f4da, Actual: 0x7d217d218496c87e.

 

 

 

We should be able to delete the file with a fixlist and Windows will recreate it on the reboot.

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#6
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Let's see if I can get all of them.

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by dad (09-03-2017 17:23:30) Run:1
Running from C:\Users\dad\Desktop
Loaded Profiles: dad (Available Profiles: dad)
Boot Mode: Normal
==============================================

fixlist content:
*****************
net stop wuauserv
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
reboot:



*****************

net stop wuauserv => Error: No automatic fix found for this entry.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log => moved successfully

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 17:24:08 ====

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by dad (administrator) on JC (09-03-2017 17:28:23)
Running from C:\Users\dad\Desktop
Loaded Profiles: dad (Available Profiles: dad)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\shellmon.exe
(Adobe Systems, Inc.) C:\Windows\syswow64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
(Adobe Systems, Inc.) C:\Windows\syswow64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1475711669\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2a\AOL.EXE [80816 2016-09-22] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-03-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-03-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{39834797-98f2-40d8-84c2-302e5e2cd513}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-03-09] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-03-09] (Webroot)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-03] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-03-09] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-03-09] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-03] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-03-09] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-03-09] (Webroot)

FireFox:
========
FF ProfilePath: C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081 [2017-03-09]
FF Extension: (Webroot Password Manager) - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2017-03-09]
FF Extension: (Webroot Password Manager) - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted [2017-03-09]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081\features\{0be29a3a-3eb3-4cbc-b703-ecf9760613e0}\[email protected] [2017-03-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-03-09]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Slides) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]
CHR Extension: (Google Drive) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (YouTube) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Google Sheets) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-02-24]
CHR Extension: (Webroot Password Manager) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-17]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-03-09] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [116736 2014-02-13] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nuviocir; C:\WINDOWS\System32\drivers\nuviocir_x64.sys [39704 2013-07-11] (Nuvoton Technology Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-03-08] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2017-02-22] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 17:28 - 2017-03-09 17:29 - 00014113 _____ C:\Users\dad\Desktop\FRST.txt
2017-03-09 17:23 - 2017-03-09 17:24 - 00001110 _____ C:\Users\dad\Desktop\Fixlog.txt
2017-03-09 17:23 - 2017-03-09 17:23 - 00000000 ____D C:\Users\dad\Desktop\FRST-OlderVersion
2017-03-09 15:19 - 2017-03-09 15:19 - 00413188 _____ C:\WINDOWS\Minidump\030917-18468-01.dmp
2017-03-09 15:05 - 2017-03-09 15:05 - 00413148 _____ C:\WINDOWS\Minidump\030917-19500-01.dmp
2017-03-09 13:21 - 2017-03-09 13:23 - 00083247 _____ C:\Users\dad\Desktop\JC.txt
2017-03-09 13:10 - 2017-03-09 13:10 - 00000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-03-09 13:10 - 2017-03-09 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-03-09 13:10 - 2017-03-09 13:10 - 00000000 ____D C:\Program Files\Speccy
2017-03-09 13:08 - 2017-03-09 13:09 - 06293184 _____ (Piriform Ltd) C:\Users\dad\Desktop\spsetup130.exe
2017-03-09 12:57 - 2017-03-09 12:57 - 00007242 _____ C:\Users\dad\Desktop\System Idle Process.txt
2017-03-09 12:50 - 2017-03-09 12:51 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\dad\Desktop\procexp.exe
2017-03-09 12:49 - 2017-03-09 12:49 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\dad\Downloads\procexp.exe
2017-03-08 14:05 - 2017-03-08 14:05 - 00413156 _____ C:\WINDOWS\Minidump\030817-18453-01.dmp
2017-03-08 10:00 - 2017-03-08 10:00 - 00412988 _____ C:\WINDOWS\Minidump\030817-17937-01.dmp
2017-03-08 09:05 - 2017-03-08 09:05 - 00413092 _____ C:\WINDOWS\Minidump\030817-18718-01.dmp
2017-03-08 08:25 - 2017-03-08 08:25 - 00412964 _____ C:\WINDOWS\Minidump\030817-19203-01.dmp
2017-03-02 06:33 - 2017-03-02 06:34 - 00412996 _____ C:\WINDOWS\Minidump\030217-19015-01.dmp
2017-02-27 06:11 - 2017-02-27 06:11 - 00421244 _____ C:\WINDOWS\Minidump\022717-20734-01.dmp
2017-02-24 06:37 - 2017-02-24 06:37 - 00413108 _____ C:\WINDOWS\Minidump\022417-21125-01.dmp
2017-02-23 14:53 - 2017-02-23 14:54 - 00412972 _____ C:\WINDOWS\Minidump\022317-20718-01.dmp
2017-02-23 10:37 - 2017-02-23 10:37 - 00413028 _____ C:\WINDOWS\Minidump\022317-19578-01.dmp
2017-02-22 20:49 - 2017-03-09 13:08 - 00000000 ____D C:\Users\dad\AppData\Local\lptmp
2017-02-22 20:49 - 2017-03-09 06:48 - 00193072 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-02-22 20:49 - 2017-03-09 06:48 - 00126696 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-02-22 20:49 - 2017-03-08 08:25 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00066328 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Webroot
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Common Files\Webroot
2017-02-22 20:46 - 2017-03-09 16:35 - 00000000 ____D C:\ProgramData\WRData
2017-02-21 17:12 - 2017-02-21 17:12 - 00092292 _____ C:\Users\dad\Documents\ann_Corporation_dba_Granite_and_Marble_Solutions_15_3964.pdf
2017-02-20 18:42 - 2017-02-20 18:43 - 00413212 _____ C:\WINDOWS\Minidump\022017-19781-01.dmp
2017-02-20 18:28 - 2017-02-20 18:28 - 00413068 _____ C:\WINDOWS\Minidump\022017-19046-01.dmp
2017-02-20 10:40 - 2017-02-20 10:40 - 00507427 _____ C:\Users\dad\Documents\ProposalClifton310WaterfieldCtJohnsCreek(2017-0217).pdf
2017-02-18 13:43 - 2017-02-18 13:43 - 00413220 _____ C:\WINDOWS\Minidump\021817-21484-01.dmp
2017-02-18 12:49 - 2017-02-18 12:49 - 00413052 _____ C:\WINDOWS\Minidump\021817-20046-01.dmp
2017-02-18 12:22 - 2017-02-18 12:22 - 00413164 _____ C:\WINDOWS\Minidump\021817-19640-01.dmp
2017-02-18 06:31 - 2017-02-18 06:31 - 00413100 _____ C:\WINDOWS\Minidump\021817-19953-01.dmp
2017-02-18 06:16 - 2017-02-18 06:17 - 00413028 _____ C:\WINDOWS\Minidump\021817-19453-01.dmp
2017-02-18 04:25 - 2017-02-18 04:25 - 00412996 _____ C:\WINDOWS\Minidump\021817-20109-01.dmp
2017-02-18 03:32 - 2017-02-18 03:32 - 00413036 _____ C:\WINDOWS\Minidump\021817-18359-01.dmp
2017-02-18 02:31 - 2017-02-18 02:31 - 00413044 _____ C:\WINDOWS\Minidump\021817-19687-01.dmp
2017-02-18 00:37 - 2017-02-18 00:37 - 00413036 _____ C:\WINDOWS\Minidump\021817-19593-01.dmp
2017-02-16 17:29 - 2017-02-16 17:29 - 00413172 _____ C:\WINDOWS\Minidump\021617-21218-01.dmp
2017-02-11 11:58 - 2017-02-12 13:33 - 00000000 ____D C:\Users\dad\Documents\Cleanfoodcrush
2017-02-11 05:01 - 2017-02-11 05:01 - 00413132 _____ C:\WINDOWS\Minidump\021117-18218-01.dmp
2017-02-09 22:26 - 2017-02-09 22:26 - 00413044 _____ C:\WINDOWS\Minidump\020917-20593-01.dmp
2017-02-09 16:13 - 2017-02-09 16:13 - 00413180 _____ C:\WINDOWS\Minidump\020917-21125-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 17:28 - 2016-12-11 08:47 - 00000000 ____D C:\FRST
2017-03-09 17:26 - 2016-11-17 21:14 - 00000000 ____D C:\Users\dad\AppData\LocalLow\Mozilla
2017-03-09 17:26 - 2016-10-05 18:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-09 17:26 - 2015-03-22 21:18 - 00000000 __SHD C:\Users\dad\IntelGraphicsProfiles
2017-03-09 17:25 - 2016-12-11 09:14 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-09 17:25 - 2016-10-05 20:45 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-03-09 17:25 - 2016-10-05 18:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 17:23 - 2016-12-11 08:46 - 02423808 _____ (Farbar) C:\Users\dad\Desktop\FRST64.exe
2017-03-09 16:39 - 2016-10-05 18:22 - 00000000 ____D C:\Users\dad
2017-03-09 16:39 - 2016-10-05 18:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 15:19 - 2016-10-05 21:49 - 536616350 _____ C:\WINDOWS\MEMORY.DMP
2017-03-09 15:19 - 2016-10-05 21:49 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-09 13:33 - 2016-10-05 18:38 - 00004136 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0D2A5408-F299-4DB7-8697-E24FF3C48965}
2017-03-09 13:11 - 2016-10-05 20:59 - 00000000 ____D C:\WINDOWS\INF
2017-03-09 13:08 - 2015-12-10 21:02 - 00000000 ____D C:\Users\dad\AppData\LocalLow\LastPass
2017-03-08 22:19 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 08:25 - 2016-11-17 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-08 08:25 - 2016-10-05 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-07 13:57 - 2016-11-17 07:17 - 00000000 ____D C:\Users\dad\Desktop\Old Firefox Data
2017-03-02 06:51 - 2016-12-15 17:46 - 00003260 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 06:51 - 2016-10-05 18:35 - 00002364 _____ C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 06:51 - 2015-04-18 21:32 - 00000000 __RDO C:\Users\dad\OneDrive
2017-02-27 18:49 - 2016-10-05 21:09 - 00000000 ____D C:\Windows.old
2017-02-26 17:12 - 2015-12-28 15:29 - 00000376 _____ C:\Users\dad\Downloads\SH.m3u
2017-02-22 20:35 - 2015-05-13 09:04 - 00000000 ____D C:\Users\dad\Documents\Rockets
2017-02-22 10:59 - 2016-10-05 22:06 - 00000000 ____D C:\Users\dad\AppData\Local\Microsoft Games
2017-02-21 09:54 - 2016-10-05 19:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-15 14:43 - 2016-11-14 20:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2017-02-22 20:49 - 2017-03-09 15:20 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-10-05 18:18 - 2016-10-05 18:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-03-09 12:53 - 2017-03-09 12:53 - 1452200 _____ (Sysinternals - www.sysinternals.com) C:\Users\dad\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-07 19:30

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by dad (09-03-2017 17:30:00)
Running from C:\Users\dad\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-05 23:30:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1181104008-4076506379-556746162-500 - Administrator - Disabled)
dad (S-1-5-21-1181104008-4076506379-556746162-1001 - Administrator - Enabled) => C:\Users\dad
DefaultAccount (S-1-5-21-1181104008-4076506379-556746162-503 - Limited - Disabled)
Guest (S-1-5-21-1181104008-4076506379-556746162-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7255 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 2.0.0.0 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3105063E-AC1E-4BEF-AADF-DD121A93A941} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {46FE8DEF-9995-441E-8C8D-35866210B9B9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {4A99F80C-3A2B-46F9-9277-415961ECF489} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.)
Task: {58152FD6-8950-47A4-865D-340271CAFFBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B59209B7-0384-4201-BB4A-D4220F266379} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 07:58 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-11 09:14 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-09-30 07:58 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-27 15:50 - 2016-05-27 15:50 - 00402520 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-27 21:21 - 2016-09-27 21:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 13:35 - 2016-10-05 04:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-27 15:43 - 2016-10-14 22:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-27 15:44 - 2016-10-14 22:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-27 15:43 - 2016-10-14 22:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-27 15:44 - 2016-10-14 22:34 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-27 15:43 - 2016-10-14 22:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-27 15:44 - 2016-10-14 22:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-27 15:44 - 2016-10-14 22:33 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-10-27 15:44 - 2016-10-14 22:33 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2016-10-27 15:44 - 2016-10-14 22:33 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 06:43 - 2016-07-16 09:27 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 06:43 - 2016-07-16 09:26 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 06:43 - 2016-07-16 09:27 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 06:43 - 2016-07-16 09:27 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 06:43 - 2016-07-16 09:27 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 06:43 - 2016-07-16 09:27 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 06:43 - 2016-07-16 09:27 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 06:43 - 2016-07-16 09:26 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2017-03-09 13:08 - 2017-03-09 13:08 - 01013248 _____ () C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\platform\WINNT_x86-msvc\components\wrxpcom.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\zlib.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\libcef.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\libglesv2.dll
2016-09-22 17:41 - 2016-09-22 17:41 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2a\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-10-05 21:00 - 2016-10-05 20:58 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E4A2F621-48DA-48D3-A238-F03E5B419E2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E67CBF9-E887-4B55-991F-036A25451DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA52A6EA-B6A4-4EA3-BC28-CD6620500961}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{09D0D0DB-747F-419F-AF57-F2C993B425E7}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{4C5BD26A-063B-41C6-8EFC-8E4C44E6FE50}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{4F1C02EF-5E3F-454D-A7B3-D0640009C8B7}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{CC778198-EB17-484B-93EE-FEB6E82CBAF3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
FirewallRules: [{F07ACDCF-DAE9-494B-BFDF-10E6850469F9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
FirewallRules: [{6F778937-566B-4C18-97D0-1A82025FCBC9}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{4870A06B-F106-4401-AEC7-DDAF3C34B6D8}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{7C301257-AC5C-4561-A00A-E36F53C15D46}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{E5FE5BAC-E13F-46B6-ABE0-41F44E1A7B97}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{64DC935F-450F-40AD-97AB-3CFD79593240}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C6F09509-E5C9-4601-B510-91A1261C3BE1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{EF1FB62C-C1ED-440C-B056-C2E4A6344968}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{DD9AE200-0833-4F52-B7F2-7272B22EE73F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{518D31C0-5299-41E8-B9C2-924A4891773C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
FirewallRules: [{0AAE3AA5-08CE-483D-BABE-FD53A9DB97CA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
FirewallRules: [{6D9B9004-B3C1-4CE5-9985-F7B63722029C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{13A32505-23F3-4846-8385-2322616994ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7FA37FD2-CC78-4B34-B392-0C9885821D18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B04D3D94-7C37-4E8B-A953-0C1C2F983DC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{116E41F3-D973-45F3-80B8-3833A1B87805}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3D7170A3-ECD4-425D-9DCD-0C24A1A99902}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-02-2017 18:56:49 Scheduled Checkpoint
23-02-2017 20:38:04 Scheduled Checkpoint
04-03-2017 18:33:54 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/09/2017 05:26:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2017 05:26:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2017 05:26:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4150T CPU @ 3.00GHz
Percentage of memory in use: 25%
Total physical RAM: 8100.28 MB
Available physical RAM: 6060.38 MB
Total Virtual: 9380.28 MB
Available Virtual: 7339.02 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.05 GB) (Free:865.34 GB) NTFS
Drive e: (Seagate Slim Drive) (Fixed) (Total:465.76 GB) (Free:418.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D1889823)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A4A02841)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

That seems to have stopped the windows update errors.

 

Let's get a second opinion on your hard drive.

 

get Speedfan to work:
 
 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
 
It will tell you your temps.  If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help. 
 
click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform and In-depth Online Analysis of this hard disk.  Your browser will open.
 
At the bottom of the new page will be a line:  
 
The link to get back and see a new report about this hard disk in the future is this.
 
Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).
 
Let's also check your Internet connection:
 
 
Go to http://www.speedtest.net/and click on Begin Test
 
When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
 
Is that about what you paid for?
 

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

PS.  Going to be away from the PC until late tonight.


  • 0

#9
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

I've said it before, this site is great.

 

 

http://www.hddstatus...cation=4E6366A5

 

 

6117345685.png


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

What does speedfan say about your temps?

 

Is the speed what you pay for?

 

Is it running any better?


  • 0

Advertisements


#11
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Temps yesterday were 49.  I turned on Auto fan speed.  Today I've seen 51 to 56.

 

Don't know what we pay for, wife set it up.

 

Some programs are doing better.  No change in internet interaction.


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
If we look at speccy it says:
 
Wi-Fi (GreenAcres)
SSID GreenAcres
Frequency 5805000 kHz
Channel Number 161
Name GreenAcres
Signal Strength/Quality 25
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK

 

 

Your wireless is too weak.  Can you move the PC or perhaps readjust the antenna on the wireless router or perhaps sit the router on a higher shelf?  
 
Download inssider
 
Double click to install it. Then run it by right click and Run As Admni.
 
It will show you a graph in the bottom right that has your signal in blue and competing signals in orange and yellow.  It may also recommend a different channel which might have less interference.
 
Moving to a different channel (by logging on to your router) can drastically improve performance.

  • 0

#13
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Wrong wireless.  Ours is CHouse.

 

How do you change channels .  My router came with the Infinity account.


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Oops.  Grabbed the wrong one.  Yours looks a lot better:

 

Wi-Fi (TheChouse)
SSID TheChouse
Frequency 5220000 kHz
Channel Number 44
Name TheChouse
Signal Strength/Quality 100
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK

 

 

Probably barking up the wrong tree then but it won't hurt to let Inssider look at your setup.  

Usually there is a label on the router that tells you the login & password.  If not you can look up the make & part number and find the default login/password.

 

Usually there is a section on the wireless (often under advanced) where they have the channel select set to Auto.   With Auto it is supposed to select the best channel but I've never seen it work.

 

You have to change it to Manual then it gives you the option of putting in a different channel number.


  • 0

#15
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Wrong wireless.  Ours is CHouse.

 

How do you change channels.  My router came with the Infinity account.

 

Oh crap,  As I was responding I got a blue screen to restart.

stop code: kernel security check failure


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP