I have a dell inspiron 15 laptop running Win7 x64 and it may be infected with malware. I say this because it’s acting up. I’ve been trying to reinstall my dell wireless driver and does not let me. The DVD drive does not run and internet explorer, either. Can somebody, please, check the results of the frst scan and see if I do have a malware. If so, help me remove it………..
thank you
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by irene santander (administrator) on IRENESANTANDER (01-04-2017 19:30:33)
Running from C:\Users\irene santander\Desktop
Loaded Profiles: irene santander (Available Profiles: irene santander)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Inuvo Inc.) C:\Users\irene santander\AppData\LocalLow\alotservice\alotservice.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Waterfox Ltd) C:\Users\irene santander\Desktop\WaterfoxPortable\WaterfoxPortable.exe
(Waterfox) C:\Users\irene santander\Desktop\WaterfoxPortable\App\Waterfox\waterfox.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-913611297-729162832-2297564686-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-913611297-729162832-2297564686-1000\...\MountPoints2: {3490d69b-c8d6-11e2-89fb-24b6fd490b1a} - E:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-913611297-729162832-2297564686-1000\...\MountPoints2: {7fce786a-7819-11e3-8e47-24b6fd490b1a} - E:\setup.exe -a
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => No File
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5CAFA7B4-C7E0-4D0B-BB7A-21A0C50F489F}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Linksicle -> {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} -> C:\Program Files\Linksicle\IE\LinksicleClientIE.dll [2013-10-02] (Linksicle)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-913611297-729162832-2297564686-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
DefaultPrefix-x32: => <==== ATTENTION
Prefixes-x32: [home]=> <==== ATTENTION
Prefixes-x32: [www]=> <==== ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AlotService; C:\Users\irene santander\AppData\LocalLow\alotservice\alotservice.exe [256328 2013-01-25] (Inuvo Inc.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-03-08] (Dell Products, LP.) [File not signed]
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Wondershare)
S3 McAWFwk; no ImagePath
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 DDDriver; C:\windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 lsnfd; C:\windows\System32\drivers\lsnfd.sys [58192 2013-10-02] (Linksicle)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 sscdserd; C:\windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 19:30 - 2017-04-01 19:30 - 00008533 _____ C:\Users\irene santander\Desktop\FRST.txt
2017-04-01 19:28 - 2017-04-01 19:30 - 00000000 ____D C:\FRST
2017-04-01 19:26 - 2017-04-01 19:26 - 02424832 _____ (Farbar) C:\Users\irene santander\Desktop\FRST64.exe
2017-03-04 21:09 - 2017-03-04 21:09 - 35282427 _____ C:\Users\irene santander\Desktop\RTL819xCU_AutoInstallPackage (2).zip
2017-03-04 21:08 - 2017-03-04 21:08 - 35282265 _____ C:\Users\irene santander\Desktop\RTL819xCU_AutoInstallPackage.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 19:29 - 2009-07-13 23:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 19:29 - 2009-07-13 23:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 19:23 - 2009-07-14 00:13 - 00006214 _____ C:\windows\system32\PerfStringBackup.INI
2017-04-01 19:20 - 2017-01-07 17:08 - 00000000 ____D C:\Users\irene santander\AppData\Roaming\Mozilla
2017-04-01 19:20 - 2017-01-07 17:08 - 00000000 ____D C:\Users\irene santander\AppData\LocalLow\Mozilla
2017-04-01 19:19 - 2012-05-25 17:38 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-04-01 19:19 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-30 14:08 - 2010-11-20 22:27 - 00513192 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-04-18 12:47 - 2015-04-18 12:47 - 0000288 _____ () C:\Users\irene santander\AppData\Roaming\.backup.dm
2016-11-26 10:35 - 2016-11-26 10:35 - 0000065 _____ () C:\Users\irene santander\AppData\Roaming\mbam.context.scan
2015-10-17 19:53 - 2016-08-02 15:54 - 0000230 _____ () C:\Users\irene santander\AppData\Roaming\WB.CFG
2015-11-26 09:17 - 2016-02-18 22:54 - 1134080 _____ () C:\ProgramData\TrezaaSetupx30039.msi
2016-06-04 18:48 - 2016-09-24 22:54 - 1134592 _____ () C:\ProgramData\TrezaaSetupx30044.msi
Some files in TEMP:
====================
2015-12-25 22:10 - 2015-12-25 22:10 - 0983096 _____ (Generic Internet ) C:\Users\irene santander\AppData\Local\Temp\ICReinstall_FlashPlayerPro.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-29 15:52
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by irene santander (01-04-2017 19:31:14)
Running from C:\Users\irene santander\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-28 17:44:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-913611297-729162832-2297564686-500 - Administrator - Disabled)
Guest (S-1-5-21-913611297-729162832-2297564686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-913611297-729162832-2297564686-1002 - Limited - Enabled)
irene santander (S-1-5-21-913611297-729162832-2297564686-1000 - Administrator - Enabled) => C:\Users\irene santander
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AOL Toolbar (HKU\S-1-5-21-913611297-729162832-2297564686-1000\...\AOL Toolbar) (Version: - )
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {052F316C-4755-4476-8971-13D9103C081C} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {28D1865E-F9F6-41FD-922E-8756C4C75477} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {3862B587-E104-4C20-8393-41CF362A593D} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
Task: {471EA265-8E9C-46E2-AAD0-2F8BB347D46A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {76B5E005-FC3A-4609-84F8-BF5B9F6B6635} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
Task: {79F377D6-F5DC-4D6A-BF8E-51426D5E4F6A} - System32\Tasks\{1ACA138B-ADB6-4AD4-B589-B29DD3F3E2A5} => pcalua.exe -a "C:\Users\irene santander\Desktop\DW1704_W7_A00_Setup-F042R_ZPE.exe" -d "C:\Users\irene santander\Desktop"
Task: {9785CD96-3AC5-4E1C-B577-C1168B3DB395} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
Task: {9DE918E4-25DB-4270-89A5-58A3BE9AF9A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-24] (Adobe Systems Incorporated)
Task: {9F040355-1EF2-4C4A-A005-84BD8FE183C5} - System32\Tasks\NetRadioUpdater => C:\Program Files (x86)\NetRadio\lstrest.exe [2016-08-12] (Microsoft)
Task: {B6852FA7-5990-4BAC-8F50-E7C4DA121DCE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {CFD2345B-EC84-4FB5-BAEF-7669ADA2F02D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {EDFE7EF3-845E-4694-8E55-3A81CD95E23D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-08-02] (PC-Doctor, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-06-15 20:14 - 2015-06-15 20:14 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 04:59 - 2014-11-13 04:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00029696 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\registry.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00008704 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\newadvsplash.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00011264 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\System.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-913611297-729162832-2297564686-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\irene santander\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^irene santander^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_39A70FF9FB099BEDC0E2065ECB28F6C1 => "C:\Users\irene santander\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: WeatherBug => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{07785994-F3C9-4C24-9E79-76A41293AF12}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Allow) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
FirewallRules: [UDP Query User{E8F08F29-F371-481D-BF72-8D90943108E3}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Allow) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
==================== Restore Points =========================
26-11-2016 08:46:01 Windows Update
30-12-2016 15:52:37 Windows Update
07-01-2017 16:26:48 Windows Update
17-01-2017 20:46:22 Windows Update
31-01-2017 20:09:09 Windows Update
07-02-2017 19:32:49 Windows Update
23-02-2017 16:11:15 Windows Update
02-03-2017 19:35:33 Windows Update
01-04-2017 19:20:21 Windows Update
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2017 07:23:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/01/2017 07:23:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/01/2017 07:23:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/01/2017 07:23:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/01/2017 07:19:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/23/2017 08:04:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (03/23/2017 08:04:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (03/23/2017 08:01:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/18/2017 03:08:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/04/2017 09:01:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (04/01/2017 07:23:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell SupportAssist Agent service terminated unexpectedly. It has done this 3 time(s).
Error: (04/01/2017 07:23:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated with the following error:
The keyset is not defined.
Error: (04/01/2017 07:23:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell SupportAssist Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 32767 milliseconds: Run the configured recovery program.
Error: (04/01/2017 07:22:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell SupportAssist Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 32767 milliseconds: Run the configured recovery program.
Error: (04/01/2017 07:22:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Nero Update service terminated with the following error:
The keyset is not defined.
Error: (04/01/2017 07:22:45 PM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070002'. In Windows Media Player, turn off media sharing, and then turn it back on.
Error: (04/01/2017 07:22:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Rapid Storage Technology service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/01/2017 07:22:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
Error: (04/01/2017 07:22:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Update Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/01/2017 07:22:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Update Service service to connect.
==================== Memory info ===========================
Processor: Intel® Core i3 CPU M 390 @ 2.67GHz
Percentage of memory in use: 46%
Total physical RAM: 3894.68 MB
Available physical RAM: 2084.09 MB
Total Virtual: 7787.55 MB
Available Virtual: 5663.63 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:395.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C788EA28)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================