Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Pete!

Pages: [1] 2
1
Suggestions and Site Feedback / "Web News" Section
« on: January 19, 2019, 05:15:40 PM »
The "Web News" section of this forum appears to be mostly posts linking readers to off-site content.
Recently, new posts have been getting lost among a plethora of offsite news.

Would it be possible to have posts in this section NOT included when a user clicks "Show unread posts since last visit" ?

I recall, a while back when one of "Scot's Newsletter Forums" most prolific posters was a bot, they did this with it's "Computerworld News" section.

They use different forum software. I don't know if we have that capability here.

2
Is this a known issue with Win 10 version 1803?
I got some updates yesterday, shut down last night, and rebooted this morning.

When I checked, "Updates" it indicated that I needed a restart for the "cumulative update".
When I check  "Update History" it indicates that the same update (and the others) were successfully installed.
The update troubleshooter found no problems.

see attachments:

3
Computer Problems, Questions and Solutions! / Dell Backup and Recovery
« on: December 16, 2017, 05:13:55 PM »
"Dell Backup and Recovery" was pre-installed when I got the computer.
It appears to be an easy way to go back to the original Windows 8 set-up, but most of the useful features require a paid upgrade. As is, I can do a better backup with the Windows 10 utilities and/or 3rd party imaging software.

I don't want to uninstall it but I'd like to stop it from starting and running in the background whenever I boot up.

It's not in "Start-up" nor "Delayed Start"

Opening "Services" and disabling everything "Dell", stopped "Support Assist", but not "Backup and Recovery".

I can turn it off in Task Manager, but every time I reboot it's back.

Is there an easy way to disable this, short of dumping it altogether?

4
Security Software Programs / SUPERAntiSpyware discussion
« on: August 22, 2017, 08:37:10 PM »
SUPERAntiSpyware 6.0.1248
Released 22 August 2017
I downloaded the free version...BUT, for some reason, they decided to give me another free trial of the "pro" version.

BTW: Be wary of a PUP during installation.

5
Testing / Upload test
« on: May 14, 2017, 08:38:22 PM »
testing upload

6
Analysis and Malware Removal / Ransom: Win32/Nemreq.A ?
« on: January 30, 2017, 06:09:22 PM »
Earlier today a "Windows Defender limited Periotic scan" detected Ransom: Win32/Nemreq.A and asked me to reboot so it could be removed. I rebooted.
I then opened the History tab and "removed" it from "Quarantined items" and from "All detected items".

There don't appear to be any aftereffects, I could open a couple of randomly chosen Word .doc files without incident.

Wondering if I should have a checkup......
I rebooted again before I downloaded the tools

 SALog.txt and FRST.txt, follow....
Addition.txt in next reply
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Microsoft Windows 10 Home X64
UAC is Enabled!
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - Up to Date)
Emsisoft Anti-Malware (Enabled - Up to Date)
ESET Smart Security Premium 10.0.386.0 (Enabled - Up to Date)
Emsisoft Anti-Malware (Enabled - Up to Date)
ESET Smart Security Premium 10.0.386.0 (Enabled - Up to Date)
Windows Defender (Disabled - Up to Date)
ESET Personal firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 24 NPAPI (version 24.0.0.194)
CCleaner (version 5.25)
Firefox (version 51)
Malwarebytes Anti-Exploit (version 1.8.1.2572)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)
SpywareBlaster (version 5.5)
SUPERAntiSpyware (version 6)
Thunderbird (version 45)
Windows Live Essentials (version 16.4)
WinPatrol (version 33.6)


***----------------Analysis Complete-------------------------***

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by pete (administrator) on DELL (30-01-2017 14:55:42)
Running from C:\Users\pete\Desktop
Loaded Profiles: pete (Available Profiles: pete & Guest)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(SanDisk) C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Wistron Corporation) C:\Program Files\DELLOSD\VolumeCtlSrv.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security Premium\egui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP52BF5C7B0\SETUP64.EXE [1574528 2011-02-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8140696 2017-01-24] (Emsisoft Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-12-14] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKU\S-1-5-21-2229908789-3868270222-3131126828-1001\...\Run: [WinPatrol Background Change Monitor] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1231240 2016-11-13] (Ruiware)
HKU\S-1-5-21-2229908789-3868270222-3131126828-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-09] (SUPERAntiSpyware)
HKU\S-1-5-21-2229908789-3868270222-3131126828-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Billminder.lnk [2016-06-02]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit)
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\HP Digital Imaging Monitor.lnk [2014-01-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Microsoft Find Fast.lnk [2013-12-25]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\MRU-Blaster Silent Clean.lnk [2016-05-18]
ShortcutTarget: MRU-Blaster Silent Clean.lnk -> C:\Program Files (x86)\MRU-Blaster\mrublaster.exe ()
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Quicken Scheduled Updates.lnk [2016-06-02]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Quicken Startup.lnk [2016-06-02]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit)
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Billminder.lnk [2016-06-02]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit)
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\HP Digital Imaging Monitor.lnk [2014-01-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Microsoft Find Fast.lnk [2013-12-25]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\MRU-Blaster Silent Clean.lnk [2016-05-18]
ShortcutTarget: MRU-Blaster Silent Clean.lnk -> C:\Program Files (x86)\MRU-Blaster\mrublaster.exe ()
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Quicken Scheduled Updates.lnk [2016-06-02]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\Users\pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Quicken Startup.lnk [2016-06-02]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{61f8113e-0f86-4440-be01-624156da2f71}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c7f830c1-2c56-4a4d-8112-10a7fe0c5f37}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2229908789-3868270222-3131126828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://areacode.six03.net
HKU\S-1-5-21-2229908789-3868270222-3131126828-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2229908789-3868270222-3131126828-1001 -> DefaultScope {AF0E5B00-3CC0-417F-A24C-5C78FDA540F2} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2229908789-3868270222-3131126828-1001 -> {AF0E5B00-3CC0-417F-A24C-5C78FDA540F2} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
DPF: HKLM-x32 {FA13A9FA-CA9B-11D2-9780-00104B242EA3} file:///D:/games/WebDriverFullInstall.exe
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2229908789-3868270222-3131126828-1001 -> hxxp://areacode.six03.net/
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.6.0_neutral__d55gg7py3s0m0 [2016-08-02]

FireFox:
========
FF ProfilePath: C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default [2017-01-30]
FF NewTab: Mozilla\Firefox\Profiles\y9wjajgv.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\y9wjajgv.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\y9wjajgv.default -> Google
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\y9wjajgv.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\y9wjajgv.default -> Secure Search
FF Homepage: Mozilla\Firefox\Profiles\y9wjajgv.default -> hxxp://willrun.4beer.today/
FF Extension: (CanvasBlocker) - C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2016-12-13]
FF Extension: (Classic Theme Restorer) - C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-12-13]
FF Extension: (NoScript) - C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-25]
FF Extension: (BugMeNot Plugin) - C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2016-04-27]
FF Extension: (WOT) - C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: (Adblock Plus) - C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-13]
FF Extension: (BetterPrivacy) - C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-12-13]
FF SearchPlugin: C:\Users\pete\AppData\Roaming\Mozilla\Firefox\Profiles\y9wjajgv.default\searchplugins\McSiteAdvisor.xml [2016-03-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2013-10-01] (Simon Bünzli)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2229908789-3868270222-3131126828-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US1134D20160210&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR Profile: C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default [2017-01-29]
CHR Extension: (Google Slides) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-24]
CHR Extension: (Docs) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-24]
CHR Extension: (Google Drive) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-24]
CHR Extension: (YouTube) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-24]
CHR Extension: (Google Sheets) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-24]
CHR Extension: (SiteAdvisor) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-04-24]
CHR Extension: (Google Docs Offline) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-24]
CHR Extension: (Gmail) - C:\Users\pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9461280 2017-01-24] (Emsisoft Ltd)
R2 AcfXAudioService; C:\WINDOWS\SysWOW64\ACFXAU64.dll [436736 2011-02-14] (Conexant Systems, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2836296 2016-12-14] (ESET)
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-12-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
R2 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2016-10-14] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [47104 2016-10-14] (Microsoft Corporation)
S3 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 VolumeCtlSrv; C:\Program Files\DELLOSD\VolumeCtlSrv.exe [221696 2012-07-20] (Wistron Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
S2 0245531483186370mcinstcleanup; C:\WINDOWS\TEMP\024553~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acfva; C:\WINDOWS\system32\DRIVERS\ACFVA64.sys [122624 2011-02-14] (Conexant Systems Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
S3 dgcfltr; C:\WINDOWS\system32\DRIVERS\ACFDCP64.sys [34944 2011-02-14] (Conexant Systems, Inc.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2016-12-05] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2016-12-05] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-12-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2016-12-05] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2016-12-05] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2016-12-05] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2016-12-05] (ESET)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-12-14] ()
R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [27856 2015-06-03] (ITE Tech. Inc. )
R2 mdmxsdk; C:\WINDOWS\system32\DRIVERS\ACFSDK64.sys [17024 2011-02-14] (Conexant)
S3 MODEMCSA; C:\WINDOWS\system32\drivers\MODEMCSA.sys [26624 2016-07-16] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 pcdrndisprot; C:\WINDOWS\system32\DRIVERS\pcdrndisprot.sys [37936 2013-02-14] (Windows (R) Win 7 DDK provider)
S1 pqadtgqv; C:\WINDOWS\system32\drivers\pqadtgqv.sys [55168 2017-01-30] (Microsoft Corporation)
R3 PQAWRwa; C:\Program Files\DELLOSD\PQAWDrv.sys [12384 2008-03-01] () [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 XAudio; C:\WINDOWS\system32\DRIVERS\ACFXAU64.sys [10240 2011-02-14] (Conexant Systems, Inc.)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 14:55 - 2017-01-30 14:56 - 00053572 _____ C:\Users\pete\Desktop\FRST.txt
2017-01-30 14:54 - 2017-01-30 14:55 - 00000000 ____D C:\FRST
2017-01-30 14:52 - 2017-01-30 14:53 - 02420736 _____ (Farbar) C:\Users\pete\Desktop\FRST64.exe
2017-01-30 14:52 - 2017-01-30 14:52 - 00899072 _____ C:\Users\pete\Desktop\RGSA.exe
2017-01-30 14:51 - 2017-01-30 14:51 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pqadtgqv.sys
2017-01-30 14:47 - 2017-01-30 14:47 - 00000486 _____ C:\Users\pete\Documents\Ransom Win32 NemreqA.txt
2017-01-27 10:09 - 2017-01-27 10:09 - 01750366 _____ C:\Users\pete\Desktop\DEED.pdf
2017-01-27 09:26 - 2017-01-27 09:26 - 00103678 _____ C:\Users\pete\Desktop\Claim Acknowledgment 01.27.17.pdf
2017-01-26 12:57 - 2017-01-26 12:57 - 06942621 _____ C:\Users\pete\Desktop\Rec'd fr RML 01-26-2016.pdf
2017-01-26 12:53 - 2017-01-26 12:55 - 06942621 _____ C:\Users\pete\Desktop\Rec'd 01-26-2016.pdf
2017-01-26 12:36 - 2017-01-26 15:10 - 08591079 _____ C:\Users\pete\Desktop\TitleInsurance.pdf
2017-01-26 11:20 - 2017-01-26 11:20 - 00102237 _____ C:\Users\pete\Desktop\RML Update of P&M Fee Program.pdf
2017-01-25 07:57 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 07:57 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 18:51 - 2017-01-25 07:43 - 00000000 ____D C:\ProgramData\Emsisoft
2017-01-24 18:38 - 2017-01-30 14:50 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-01-24 13:05 - 2017-01-24 13:05 - 00000000 ____D C:\Users\pete\AppData\Roaming\www.shadowexplorer.com
2017-01-24 13:05 - 2017-01-24 13:05 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer
2017-01-24 13:03 - 2017-01-24 13:03 - 00000000 ____D C:\Users\pete\Downloads\ShadowExplorer
2017-01-23 13:47 - 2017-01-23 13:47 - 01223507 _____ C:\Users\pete\Documents\AccidentReport .pdf
2017-01-22 13:27 - 2017-01-24 14:50 - 00001857 _____ C:\Users\pete\Documents\Passwords 2017.txt
2017-01-18 14:27 - 2017-01-20 09:46 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-18 14:27 - 2017-01-18 14:29 - 00000000 ____D C:\ProgramData\McAfee
2017-01-16 14:23 - 2017-01-16 14:23 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-01-16 09:15 - 2017-01-16 11:33 - 00000000 ____D C:\Users\pete\Documents\Profile1
2017-01-15 11:22 - 2017-01-15 11:22 - 00000000 ____D C:\ProgramData\WinPatrol
2017-01-10 15:13 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 15:13 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 15:13 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 15:13 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 15:13 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 15:13 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 15:13 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 15:13 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 15:13 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 15:13 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 15:13 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 15:13 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 15:13 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 15:13 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 15:13 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 15:13 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 15:13 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 15:13 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 15:13 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 15:13 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 15:13 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 15:13 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 15:13 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 15:13 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 15:13 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 15:13 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 15:13 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 15:13 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 15:13 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 15:13 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 15:13 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDO

7
Phishing, Spam and Hoaxes / Microsoft E-mail - phishing or legit?
« on: July 23, 2016, 12:51:57 PM »
Got an email in my Hotmail account this morning, inviting me to click on some links.

From: Microsoft <msa@communication.microsoft.com>
Subject: Updates to our terms of use and privacy statement

The headers look legitimate.
The links look (sort of) legitimate - eg. https://go.microsoft.com/fwlink/?LinkID=799609.

"Thunderbird" blocked remote content.
In an abundance of caution, I didn't click on anything.

Did anyone else get this? Is it legitimate?

Source w/my email censored:
Quote
From - Sat Jul 23 09:05:48 2016
X-Account-Key: account9
X-UIDL: F50B7C95-50AC-11E6-8E38-78E3B5079BFA
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
x-store-info:Ru8Mzrcu9BgQ2IiRwdjyVnl2gZBK0uAo59m4pdoJXDY=
Authentication-Results: hotmail.com; spf=pass (sender IP is 65.55.234.209; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=msa@communication.microsoft.com; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=communication.microsoft.com; x-hmca=pass header.id=msa@communication.microsoft.com
X-SID-PRA: msa@communication.microsoft.com
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MTtsPTE7YT0xO0Q9MDtHRD0wO1NDTD0w
X-Message-Info: AuEzbeVr9u6ITJ84TuOjIlf+zQoQZu32xyO9Vwo9E62yt+7edwAVrPED28cu6Sdl+OKBFIYUw33WzWujKnMhqe6RlvulEj6iB/xv69BYnHH8Twd/v+wqMZKZ6SxE0/2Fn2B0U7zfMr+HV82R1U3rzxWpmzC8jeFgJ3sJw4cQCPYyzyUkSqSlaPQLLHw0GLtFHcOOepaBkU8PhJXCbJVjOZhvFVy3XpK2x3dJMWBxufyVIE8XnL/7e9F0aC655Vo7
Received: from smtpi.msn.com ([65.55.234.209]) by COL004-MC5F25.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
    Sat, 23 Jul 2016 01:10:51 -0700
Date: Sat, 23 Jul 2016 01:10:19 -0700
From: Microsoft <msa@communication.microsoft.com>
To: <CENSORED@hotmail.com>
Message-ID: <em8.970a8bb.20160722230652.1.-.384.698262.8797701@communication.microsoft.com>
Subject: Updates to our terms of use and privacy statement
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-----15616ce1369_482"
X-Mailer: 10.0.3.2.38; msn
X-rpcampaign: msft4788882
Return-Path: msa@communication.microsoft.com
X-Message-Routing:
 UGJTXKGhEfrJ0UY0luL8ourTfsWK0fGSoKqKpfNjYv6HmI8z0oNduAs8Xyu57WC5MfR25L0qQDBpOFBY5rxI7Y+pCxGVmSlf9ROm2+RA3rAfkca0=
X-OriginalArrivalTime: 23 Jul 2016 08:10:51.0238 (UTC) FILETIME=[BA138860:01D1E4B9]

-------15616ce1369_482
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable


* Your Services Agreement and Privacy Statement made clearer *

You=E2=80=99re receiving this email because we are updating the Microsoft S=
ervices Agreement, which applies to one or more Microsoft products or servi=
ces you use. We=E2=80=99re making these updates to clarify our terms and en=
sure that they remain transparent for you, as well as to cover additional M=
icrosoft products, services and features.=20

The Microsoft Services Agreement is an agreement between you and Microsoft =
(or one of its affiliates) that governs your use of Microsoft consumer onli=
ne products and services.

Here are some of the most notable changes to the Microsoft Services Agreeme=
nt:=20
=E2=80=A2=09Coverage for additional services (like GroupMe and Group Messag=
ing) and new functionality and features for covered services (like Skype, B=
ing and our Rewards program)=20
=E2=80=A2=09Clarifications that your work or school account is covered by d=
ifferent terms
=E2=80=A2=09Notice that Xbox now requires that you sign in at least every 5=
 years to keep your gamertag active =20
=E2=80=A2=09Explanation of data storage limits for OneDrive and factors tha=
t could affect syncing and uploading to OneDrive services

You can read the entire Microsoft Services Agreement [here]. You can also l=
earn more about these updates on our FAQ page [here]. The updates to the Mi=
crosoft Services Agreement will take effect on September 15, 2016. If you c=
ontinue to use our products and services on or after September 15, 2016, yo=
u are agreeing to the updated Microsoft Services Agreement.=20
https://go.microsoft.com/fwlink/?LinkId=3D799609
https://go.microsoft.com/fwlink/?LinkId=3D799610

We are also updating the Microsoft Privacy Statement.  These updates are de=
scribed on our FAQ page [here], and are effective as of August 2, 2016.
https://go.microsoft.com/fwlink/?LinkId=3D799610

If you do not agree, you can choose to discontinue using the products and s=
ervices, and close your Microsoft account before these terms become effecti=
ve. If you are a parent or guardian, you are responsible for your child=E2=
=80=99s or teenager=E2=80=99s use of Microsoft products and services, inclu=
ding purchases. =20

Thank you for using Microsoft products and services.

******************************

[Microsoft Privacy Statement]
https://go.microsoft.com/fwlink/?LinkId=3D521839

[Microsoft Services Agreement]
https://go.microsoft.com/fwlink/?LinkId=3D799609

[Frequently Asked Questions]
https://go.microsoft.com/fwlink/?LinkId=3D799610

******************************

[Microsoft]
https://go.microsoft.com/fwlink/?LinkID=3D271181

Microsoft respects your privacy. To learn more, please read our [Privacy St=
atement].
https://go.microsoft.com/fwlink/?LinkId=3D521839

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052=20


.

-------15616ce1369_482
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.=
w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3.org/1999/xhtml" xmlns:o=3D"urn:schemas-microso=
ft-com:office:office">
<head>
<!--[if gte mso 9]>
=09<xml>
=09=09<o:OfficeDocumentSettings>
=09=09<o:PixelsPerInch>96</o:PixelsPerInch>
=09=09</o:OfficeDocumentSettings>
=09</xml>
<![endif]-->
=09<meta http-equiv=3D"Content-type" content=3D"text/html;charset=3Dutf-8" =
/>
=09<meta name=3D"format-detection" content=3D"telephone=3Dno" />
=09<meta name=3D"format-detection" content=3D"date=3Dno" />
=09<meta name=3D"format-detection" content=3D"address=3Dno" />
=09<meta name=3D"format-detection" content=3D"email=3Dno" />
=09<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge" />
=09<meta name=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=
=3D1.0" />
=09
=09<style type=3D"text/css">
=09=09@import url(https://asgcdn.azureedge.net/general/fonts/fontface.css);

=09=09body{font-size:0;line-height:0;mso-line-height-rule:exactly;}
=09=09table{border-collapse:collapse;margin:0;-ms-text-size-adjust:auto;-we=
bkit-text-size-adjust:100%;}
=09=09tr{font-size:0;mso-line-height-rule:exactly;}
=09=09td{mso-line-height-rule:exactly;}
=09=09input::-moz-focus-inner{border:0;outline:0;}
=09=09.-liox-gmailapp-fix{display:none;}

=09=09@media screen and (max-width: 480px)
=09=09{
=09=09body[yahoofix] .full_width{width:100% !important;}
=09=09body[yahoofix] .mobpadding{padding-left:10px !important;padding-right=
:10px !important;}
=09=09body[yahoofix] .mobpadding0{padding-left:0px !important;padding-right=
:0px !important;}
=09=09body[yahoofix] .full_width_image{width:100% !important;height:auto;}
=09=09}
=09</style>
=09<title>Updates to our terms of use and privacy statement </title>
</head>


<body yahoofix=3D"yahoofix" style=3D"color:#ffffff;">
<table width=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" bgco=
lor=3D"#ffffff" style=3D"min-width:100%;">
<tr>
<td align=3D"center" class=3D"full_width" >
<table class=3D"full_width" width=3D"600" border=3D"0" cellspacing=3D"0" ce=
llpadding=3D"0" align=3D"center" style=3D"width:600px;">

<tr>
=09<td  class=3D"full_width mobpadding0" height=3D"1" style=3D"padding:0;fo=
nt-weight:normal;font-family:'Segoe UI','Segoe UI Regular',SUWR,Arial,Sans-=
Serif;line-height:2px;font-size:1px;color:#ffffff;display:none;visibility:h=
idden;">
=09=09Your Services Agreement and Privacy Statement made clearer. You=E2=80=
=99re receiving this email because we are updating the Microsoft Services A=
greement, which applies to one or more Microsoft products or services you u=
se. We=E2=80=99re making these updates to clarify our terms and ensure that=
 they remain transparent for you, as well as to cover additional Microsoft =
products, services and features.=20
=09</td>
</tr>

<!-- LOGO LEFT ALIGNED BEGIN -->
<tr>
=09<td align=3D"left" class=3D"full_width mobpadding" style=3D"padding:15px=
 28px;">
=09=09<a href=3D"https://go.microsoft.com/fwlink/?LinkID=3D271181" target=
=3D"_blank"><img src=3D"https://asgcdn.azureedge.net/general/mslogos/ms_log=
o_g_double.png" width=3D"113" height=3D"24" alt=3D"Microsoft" border=3D"0" =
style=3D"display:inline-block;" />[/url]
=09</td>
</tr>
<!-- LOGO LEFT ALIGNED END -->


<!-- HERO IMAGE BEGIN -->
<tr>
=09<td class=3D"full_width">
=09=09<img src=3D"https://wdgcdn.azureedge.net/2016-05-msa-email-and-faq/im=
ages/en-us/hero-image.jpg" width=3D"600" height=3D"251" border=3D"0" alt=3D=
"Your Services Agreement and Privacy Statement made clearer" class=3D"full_=
width_image" style=3D"display:block;" />
=09</td>
</tr>

<tr>
=09<td align=3D"left" class=3D"full_width mobpadding" style=3D"padding:20px=
 20px 0 20px;">
=09=09<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" class=3D"full=
_width" style=3D"width:100%;display:table;">
=09=09=09<tr>
=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI','Segoe U=
I Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px; color:#=
000000;padding:10px 0;">
=09=09=09=09=09You=E2=80=99re receiving this email because we are updating =
the Microsoft Services Agreement, which applies to one or more Microsoft pr=
oducts or services you use. We=E2=80=99re making these updates to clarify o=
ur terms and ensure that they remain transparent for you, as well as to cov=
er additional Microsoft products, services and&nbsp;features.=20
=09=09=09=09</td>
=09=09=09</tr>
=09=09=09<tr>
=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI','Segoe U=
I Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px; color:#=
000000;padding:10px 0;">
=09=09=09=09=09The Microsoft Services Agreement is an agreement between you=
 and Microsoft (or one of its affiliates) that governs your use of Microsof=
t consumer online products and&nbsp;services.
=09=09=09=09</td>
=09=09=09</tr>
=09=09</table>
=09</td>
</tr>

<tr>
=09<td align=3D"left" class=3D"full_width mobpadding" style=3D"padding:0 20=
px;">
=09=09<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" class=3D"full=
_width" style=3D"width:100%;display:table;">
=09=09=09<tr>
=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI','Segoe U=
I Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px; color:#=
000000;padding:10px 0;">
=09=09=09=09=09Here are some of the most notable changes to the Microsoft S=
ervices&nbsp;Agreement:=20
=09=09=09=09</td>
=09=09=09</tr>
=09=09=09<tr>
=09=09=09=09<td class=3D"full_width mobpadding" style=3D"padding:0 0 0 20px=
;">
=09=09=09=09=09<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" clas=
s=3D"full_width" style=3D"width:100%;display:table;">
=09=09=09=09=09=09<tr>
=09=09=09=09=09=09=09<td width=3D"10" valign=3D"top" style=3D"font-weight:n=
ormal;font-family:'Segoe UI','Segoe UI Regular',SUWR,Arial,Sans-Serif; line=
-height:18px; font-size:12px; color:#000000;padding:5px 10px 0 0;">=E2=80=
=A2</td>
=09=09=09=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI'=
,'Segoe UI Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px=
; color:#000000;padding:5px 0;">Coverage for additional services (like Grou=
pMe and Group Messaging) and new functionality and features for covered ser=
vices (like Skype, Bing and our Rewards&nbsp;program)</td>
=09=09=09=09=09=09</tr>
=09=09=09=09=09=09<tr>
=09=09=09=09=09=09=09<td width=3D"10" valign=3D"top" style=3D"font-weight:n=
ormal;font-family:'Segoe UI','Segoe UI Regular',SUWR,Arial,Sans-Serif; line=
-height:18px; font-size:12px; color:#000000;padding:5px 10px 0 0;">=E2=80=
=A2</td>
=09=09=09=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI'=
,'Segoe UI Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px=
; color:#000000;padding:5px 0;">Clarifications that your work or school acc=
ount is covered by different&nbsp;terms</td>
=09=09=09=09=09=09</tr>
=09=09=09=09=09=09<tr>
=09=09=09=09=09=09=09<td width=3D"10" valign=3D"top" style=3D"font-weight:n=
ormal;font-family:'Segoe UI','Segoe UI Regular',SUWR,Arial,Sans-Serif; line=
-height:18px; font-size:12px; color:#000000;padding:5px 10px 0 0;">=E2=80=
=A2</td>
=09=09=09=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI'=
,'Segoe UI Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px=
; color:#000000;padding:5px 0;">Notice that Xbox now requires that you sign=
 in at least every 5 years to keep your gamertag&nbsp;active</td>
=09=09=09=09=09=09</tr>
=09=09=09=09=09=09<tr>
=09=09=09=09=09=09=09<td width=3D"10" valign=3D"top" style=3D"font-weight:n=
ormal;font-family:'Segoe UI','Segoe UI Regular',SUWR,Arial,Sans-Serif; line=
-height:18px; font-size:12px; color:#000000;padding:5px 10px 0 0;">=E2=80=
=A2</td>
=09=09=09=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI'=
,'Segoe UI Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px=
; color:#000000;padding:5px 0;">Explanation of data storage limits for OneD=
rive and factors that could affect syncing and uploading to OneDrive&nbsp;s=
ervices</td>
=09=09=09=09=09=09</tr>
=09=09=09=09=09</table>
=09=09=09=09</td>
=09=09=09</tr>
=09=09</table>
=09</td>
</tr>

<tr>
=09<td align=3D"left" class=3D"full_width mobpadding" style=3D"padding:0 20=
px 10px;">
=09=09<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" class=3D"full=
_width" style=3D"width:100%;display:table;">
=09=09=09<tr>
=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI','Segoe U=
I Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px; color:#=
000000;padding:10px 0;">
=09=09=09=09=09You can read the entire Microsoft Services Agreement <a href=
=3D"https://go.microsoft.com/fwlink/?LinkID=3D799609" target=3D"_blank" sty=
le=3D"text-decoration:none;color:#00188f;"><strong style=3D"color:#00188f;"=
><span style=3D"color:#00188f;">here</span></strong>[/url]. You can also lear=
n more about these updates on our FAQ page <a href=3D"https://go.microsoft.=
com/fwlink/?LinkID=3D799610" target=3D"_blank" style=3D"text-decoration:non=
e;color:#00188f;"><strong style=3D"color:#00188f;"><span style=3D"color:#00=
188f;">here</span></strong>[/url]. The updates to the Microsoft Services Agre=
ement will take effect on Septe&zwj;mber 15, 20&zwj;16. If you continue to =
use our products and services on or after Septem&zwj;ber 15, 20&zwj;16, you=
 are agreeing to the updated Microsoft Services&nbsp;Agreement.=20
=09=09=09=09</td>
=09=09=09</tr>
=09=09=09<tr>
=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI','Segoe U=
I Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px; color:#=
000000;padding:10px 0;">
=09=09=09=09=09We are also updating the Microsoft Privacy Statement.  These=
 updates are described on our FAQ page <a href=3D"https://go.microsoft.com/=
fwlink/?LinkID=3D799610" target=3D"_blank" style=3D"text-decoration:none;co=
lor:#00188f;"><strong style=3D"color:#00188f;"><span style=3D"color:#00188f=
;">here</span></strong>[/url], and are effective as of August 2, 2016.
=09=09=09=09</td>
=09=09=09</tr>
=09=09=09<tr>
=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI','Segoe U=
I Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px; color:#=
000000;padding:10px 0;">
=09=09=09=09=09If you do not agree, you can choose to discontinue using the=
 products and services, and close your Microsoft account before these terms=
 become effective. If you are a parent or guardian, you are responsible for=
 your child=E2=80=99s or teenager=E2=80=99s use of Microsoft products and s=
ervices, including&nbsp;purchases. =20
=09=09=09=09</td>
=09=09=09</tr>
=09=09=09<tr>
=09=09=09=09<td style=3D"font-weight:normal;font-family:'Segoe UI','Segoe U=
I Regular',SUWR,Arial,Sans-Serif; line-height:18px; font-size:12px; color:#=
000000;padding:10px 0;">
=09=09=09=09=09Thank you for using Microsoft products and&nbsp;services.
=09=09=09=09</td>
=09=09=09</tr>
=09=09</table>
=09</td>
</tr>


<tr>
=09<td align=3D"left" class=3D"full_width mobpadding" style=3D"padding:10px=
 10px 25px 20px;">
=09=09<table width=3D"178" cellspacing=3D"0" cellpadding=3D"0" border=3D"0"=
 class=3D"full_width" style=3D"border:2px solid #ffffff;width:178px;display=
:table;" align=3D"left">
=09=09=09<!--[if !mso]><!--><tr><td class=3D"-liox-gmailapp-fix" style=3D"w=
ord-break:break-all;font-size:1px;line-height:0;letter-spacing:80px;font-we=
ight:normal;font-family:Arial,Sans-Serif;color:#ffffff;">&nbsp; &nbsp; &nbs=
p; &nbsp;</td></tr><!--<![endif]-->
=09=09=09<tr>
=09=09=09=09<td align=3D"center" valign=3D"top" style=3D"padding:0 0 4px 0;=
" bgcolor=3D"#137ad4">
=09=09=09=09=09<a href=3D"https://go.microsoft.com/fwlink/?LinkID=3D521839"=
 target=3D"_blank"><img src=3D"https://wdgcdn.azureedge.net/2016-05-msa-ema=
il-and-faq/images/en-us/CTA-button01.gif" width=3D"178" height=3D"38" alt=
=3D"Microsoft Privacy Statement" border=3D"0"   style=3D"display:block;" />=
[/url]
=09=09=09=09</td>
=09=09=09</tr>
=09=09</table>
=09=09<table width=3D"190" cellspacing=3D"0" cellpadding=3D"0" border=3D"0"=
 class=3D"full_width" style=3D"border:2px solid #ffffff;width:190px;display=
:table;" align=3D"left" >
=09=09=09<!--[if !mso]><!--><tr><td class=3D"-liox-gmailapp-fix" style=3D"w=
ord-break:break-all;font-size:1px;line-height:0;letter-spacing:80px;font-we=
ight:normal;font-family:Arial,Sans-Serif;color:#ffffff;">&nbsp; &nbsp; &nbs=
p; &nbsp;</td></tr><!--<![endif]-->
=09=09=09<tr>
=09=09=09=09<td align=3D"center" valign=3D"top" style=3D"padding:0 0 4px 0;=
" bgcolor=3D"#137ad4">
=09=09=09=09=09<a href=3D"https://go.microsoft.com/fwlink/?LinkID=3D799609"=
 target=3D"_blank"><img src=3D"https://wdgcdn.azureedge.net/2016-05-msa-ema=
il-and-faq/images/en-us/CTA-button02.gif" width=3D"190" height=3D"38" alt=
=3D"Microsoft Services Agreement" border=3D"0"   style=3D"display:block;" /=
>[/url]
=09=09=09=09</td>

8
Internet / But I'm not using AdBlock
« on: May 24, 2016, 06:27:46 PM »
Whenever I try to read an article at Forbes website (using FireFox), I'm redirected to a screen that tells me turn off AdBlock or AdBlock Plus. HULU does the same thing.
BUT... I don't have adblock installed !
Disabling NoScript doesn't help.

Does anyone know if any of my extensions or addons, would trigger whatever they use to detect AdBlock?

Extensions:
    BugMeNot
    CanvasBlocker
    Classic Theme Restorer
    NoScript
    WOT
    BetterPrivacy (disabled)
    Skype (disabled)

Plugins:
    Intel Identity Protection Technology
    OpenH262 Video Codec provided by Cisco Systems
    Prometime Content Decryption Module provided by Adobe Systems
    Silverlight Plug-in
    McAfee SecurityCenter
    Photo Gallery
    Shockwave Flash
    SumatraPDF Browser Plugin
    PDF Exchange Viewer (disabled)
I'm using the default theme, and don't have any "services" ad-ons installed.
I have ZERO space allocated for Flash(LSO) Cookies.
Pop-ups are blocked.

9
Analysis and Malware Removal / Tracking Cookies on my Wife's computer
« on: April 18, 2016, 04:09:59 PM »
My wife keeps her computer at her business location and uses it for online banking, checking credit card balances, to read the local newspaper, and to check the NJ State Lottery site... Very little else.
She's running Windows 10 (upgraded from Windows 8.X), using Edge as her browser.
Note: Edge is "touch friendly", since this was her first computer, she's "mouse challenged", a traditional browser would be a hardship.

Whenever her computer is scanned with Malwarebytes Anti-Malware it seldom found anything except a "PUP" called "WeatherBug"

When it's scanned with the McAfee anti-virus suite supplied by Verizon (her ISP), it seldom finds anything.

However, when it's scanned with SuperAntiSpyware, in addition to the above PUP, it also finds several hundred tracking cookies.

A week ago ...
I expressed my suspicions about all the adds being displayed by WeatherBug, and she allowed me to remove it. Since it didn't have an entry in "Programs and Features", I disabled it with WinPatrol and attempted to remove it with MBAM, Superantispyware, and AdwCleaner. The program stopped running, but the directories and files were still there.

Yesterday:
She hadn't gone online since I disabled WeatherBug but ...Superantispyware found 75 tracking cookies.
I deleted the WeatherBug directory manually (it's still in the recycle bin).
I'm not an Edge user, so I snooped around a bit, and set it to block third party cookies, block pop-ups, enabled "Send do not track requests", and enabled "SmartScreen filter".

Today:
She went online to check her bank balance, and to see what the winning lottery number was. Her "homepage" is the local paper, so she may have been briefly exposed to their advertisers. Then she ran SuperAntiSpyware.... Over 400 tracking cookies.

I read the same newspaper online, and visit a lot more sites than she does, and seldom get a tracking cookie (on FF w/a lot of security add-ons).

I've been tweaking Firefox since version 2, but my exposure to Edge can be measured in minutes... is/are there some other setting(s) I should tweak?

I was under the understanding that tracking cookies came from websites (and possibly from the ads being displayed by adware like "WeatherBug").
Should I be looking for some other malware that I missed. The next time I'm there I'll probably run Junkware Removal Tool, but I'm not optimistic about it finding what the other tools may have missed.

BTW: This computer is at her business location, normally I only see it about once a week, while I'm there for other reasons. Submitting RGSA and  FRST scans for analysis would be a long drawn out process.

10
My wife bought a Norton Key from our local Staples store for the computer she uses at her business (no CD, just a card with a key number). Up until now, she'd been on her son-in-laws Norton "family plan, it expires in seven days....

When she entered it on the "Norton" site, she got an error message with a toll free number to call.

The "tech" had her install a program that allowed him to take control of her computer. He fussed around for a while and said he'd call her back. He got (at least) the key number and her phone number....

When he called back, he gave her a line of BS? that she didn't understand about how compromised her computer was, and tried to sell her at least three other programs to clean it up.

When I realized what was happening, I stopped her before any credit card information was exchanged, and told her to hang up.

I uninstalled the remote control program, and told her, I'd find a replacement AV, and deal with it in the Morning.

Is there a fake Norton website that a Google search could have sent her to?
Is there any chance this was a legitimate Norton tech?

My tentative plan:
    1. Uninstall her son-in-law's Norton 360.

    2. Activate the Windows Firewall and AV.

    3. She has a "security package", from her ISP, that includes McAfee, that she never installed. I'll check out what it includes, and then we'll decide whether to use some or all of it.

    4. If I don't like what the McAfee package includes, we can continue with Windows, or go with free AVG or Avast & possibly supplement the windows firewall with  "Windows 10 Firewall Control" (makes configuring the Windows Firewall for "two way" control a lot easier).

    5. Run scans with whatever AV we choose, as well as MBAM, Superantispywae, and adwCleaner.
I suggested, she try to return the Norton package she bought, if my suspicions are correct, the key may have just been pirated.

11
General Software News, Updates & Discussions / Thunderbird Malware ???
« on: August 17, 2015, 06:45:34 PM »
A week ago my wife asked me to add her Verizon Email to her set-up. Since Verizon doesn't have an IMAP server, I couldn't use the Windows Mail App.

When I tried to run the Installer for Mozilla Thunderbird, her Norton AV tried to stop me.
I installed it by running as an administrator, and everything worked.

I noticed that it was a newer version, so later that day I updated my computer's copy.

Today, on my computer I got a pop-up from AVG. It wanted to quarantine an old Thunderbird installation file that i had on a USB stick.

Recalling the recent problems with the Winpatrol website.......

Is there something going on in the AV industry, that's creating false positives?
OR
Is the latest version of Thunderbird actually Malware?



12
I may have broken MBAE yesterday...

I was experiencing occasional "netio.sys" crashes...so I ran "verifier" and rebooted.
After the reboot my system was running very sluggish, so I decided to do it at a more convenient time  and stopped the process (verifier /reset).

Ever since..... MBAE hasn't been loading, even if I click the shortcut.
Quote
Malwarebytes Anti Exploit protection is not started. The anti exploit process will be terminated.

I uninstalled MBAE with the included uninstall program, and reinstalled the latest version.
It still won't load properly, I'm still getting the above error message.

Any suggestions?

~~~~~EDIT~~~~~
I'm using the "free" version od MBAE
WinPatrol Plus verifies it's one of my "Startup programs", but not an "Active Task".
OS is Windows 8.1, 64 bit

13
Jokes / Who loves you?
« on: March 17, 2015, 09:09:16 PM »
If you want to see who loves you most, your spouse or your dog, try this....

Park your car in the shade...
Lock your spouse in the trunk of the car for a few hours, then open the trunk...
Do the same thing with your dog...

Who was glad to see you ?

14
Computer Problems, Questions and Solutions! / PointGrab ?
« on: March 08, 2015, 06:37:34 PM »
My wife has a computer at her business, that was set up by her son-in-law (Win 8 updated to 8.1).
He had a family license for Norton, so he use that as an AV.
Unknown to her... His license expired, and he diidn't renew it until a month later.
She was unprotected for most of January....

I noticed that the webcam on this computer was always on....
She let me check it...
Attempting to run "Camera", resulted in a notice that the camera was being used by another program.

A scan with Norton "repaired" 27 "risks".
I installed MBAM, a scan found over 200 "PUPs" and one baddie. I let it quarantine them all without even checking what they were.

The webcam was still on....
I installed WinPatrol, and asked her about every running process and start-up item.
She didn't recognize two entries labeled "PointGrab".

The list of programs that could be uninstalled also had two "PointGrab" entries, one was something about "Hand Gesture Control".

I uninstalled them, and the webcam light went out.

Was that some kind of spyware, or a legitimate program?

15
Security Software Programs / McAfee Multi Access ?
« on: March 01, 2015, 06:47:06 PM »
I'm a new customer for Cablevision/Optimum.
They're offering their internet customers a security suite called "McAfee Multi Access".
The PC package includes:
    Anti-virus/Anti-spyware       
    Anti-spam       
    Firewall        
    Browsing Protection with SiteAdvisor®           
    Home network defense           
    File Shredder           
    Data Encryption           
    Vulnerability Scanner           
    Password Manager-SafeKey
    Parental Controls        
    Monitor Online Activities           
    Instant Message Monitoring           
    Program Blocking
I probably wouldn't use the last five features...
Updates are only available as long as I'm an Optimum customer.

I currently use:
    AVG Anti Virus (free version)
    Zone Alarm Firewall (free version)
    SpywareBlaster (free version)
    Malwarebytes Anti Malware (free version)
    Malwarebytes Anti Exploit (Free)
    WinPatrol Plus (lifetime license)
    NoScript (add-on for FireFox)
    BetterPrivacy (add-on for FireFox)
    WebOfTrust (add-on for FireFox)

Since it's a BAD IDEA to run two AVs or two Firewalls, I'm wondering if I should switch.
Do any of you have experience with this McAfee product.
Am I better off taking it, or better off staying with AVG, ZoneAlarm, & etc.?

As far as I know, I've never had a virus.
MBAM has uncovered a few "PUPs" that predate my using it.

Pages: [1] 2