BooBounder
2018-08-14, 04:14
I am starting this thread before the first PC is quite finished (my son is home from college for a few days).
This is a laptop that is on our home LAN every few months. It runs Windows 10, and usually wireless through a university's network. Lots of surfing, but not too many intentional downloads. No overt symptoms other than it runs slowly.
Did the "Before you post ..."
The registry backup shows 18 for 18.
The two FRST logs are pasted below.
aswMBR started, updated its virus definitions, ran for a while, and then got a BSOD. Repeated and got the same behavior.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Ben (administrator) on DESKTOP-CMTMU7M (13-08-2018 14:23:55)
Running from C:\Users\bentu\Desktop
Loaded Profiles: Ben (Available Profiles: Ben & hopet & bentu)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.9.175.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Everything\Everything.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe
() C:\Program Files\Everything\Everything.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(McAfee Inc.) C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
(AnchorFree Inc.) C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9072128 2016-11-17] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3925504 2016-08-09] (Dell Inc.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3255888 2018-05-12] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\RunOnce: [Uninstall 17.3.6917.0607\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bentu\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64"
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\RunOnce: [Uninstall 17.3.6917.0607] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bentu\AppData\Local\Microsoft\OneDrive\17.3.6917.0607"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-07-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Tcpip\..\Interfaces\{88969653-4e71-40d9-9e34-9dcd05c8beed}: [DhcpNameServer] 172.20.120.20
Tcpip\..\Interfaces\{ddce5a6b-debf-436b-baab-8eba462a12dc}: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Internet Explorer:
==================
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-13] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-13] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-06-15] (McAfee, Inc.)
FireFox:
========
FF DefaultProfile: c0yahhbe.default
FF ProfilePath: C:\Users\bentu\AppData\Roaming\Mozilla\Firefox\Profiles\c0yahhbe.default [2017-06-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-07] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-13] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default [2018-08-13]
CHR Extension: (Slides) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-13]
CHR Extension: (Docs) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-13]
CHR Extension: (Google Drive) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-13]
CHR Extension: (YouTube) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-13]
CHR Extension: (Sheets) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-13]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-13]
CHR Extension: (Gmail) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-12-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-07] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-10-13] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-10-13] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-10-16] (McAfee, Inc.)
R3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-05-16] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.766\McCHSvc.exe [405392 2018-07-11] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1676024 2018-05-01] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-19] ()
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-29] (McAfee, Inc.)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [46632 2017-04-17] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [321024 2016-11-17] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-10-24] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-08] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-08] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-19] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54160 2016-09-15] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0310274.inf_amd64_51be3a3306cacb44\atikmdag.sys [26574344 2017-01-11] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0310274.inf_amd64_51be3a3306cacb44\atikmpag.sys [529304 2017-01-11] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-29] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32352 2016-10-13] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32952 2016-10-13] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk03; no ImagePath
U3 mfeavfk04; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543624 2018-04-30] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-04-30] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66104 2017-12-19] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-07-08] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-08] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-08] (Microsoft Corporation)
S3 mfeplk01; \Device\mfeplk01.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-13 14:23 - 2018-08-13 14:25 - 000022873 _____ C:\Users\bentu\Desktop\FRST.txt
2018-08-13 14:23 - 2018-08-13 14:23 - 000000000 ____D C:\FRST
2018-08-13 14:23 - 2018-08-13 14:23 - 000000000 _____ C:\WINDOWS\erdntdos.loc
2018-08-13 14:22 - 2018-08-13 14:22 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-CMTMU7M-Windows-10-Home-(64-bit).dat
2018-08-13 14:22 - 2018-08-13 14:22 - 000000000 ____D C:\RegBackup
2018-08-13 14:21 - 2018-08-13 14:22 - 000018111 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-08-13 14:21 - 2018-08-13 14:21 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3126702148-3971270183-1363190335-1001
2018-08-13 14:21 - 2018-08-13 14:21 - 000002314 _____ C:\Users\bentu\Desktop\Tweaking.com - Registry Backup.lnk
2018-08-13 14:21 - 2018-08-13 14:21 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-08-13 14:21 - 2018-08-13 14:21 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-08-13 14:20 - 2018-08-13 14:20 - 005198336 _____ (AVAST Software) C:\Users\bentu\Desktop\aswMBR.exe
2018-08-13 14:19 - 2018-08-13 14:19 - 005766144 _____ (Tweaking.com) C:\Users\bentu\Desktop\tweaking.com_registry_backup_setup.exe
2018-08-13 14:19 - 2018-08-13 14:19 - 002412544 _____ (Farbar) C:\Users\bentu\Desktop\FRST64.exe
2018-08-13 14:14 - 2018-08-13 14:14 - 000000000 ____D C:\Users\bentu\AppData\LocalLow\AMD
2018-08-13 13:54 - 2018-08-13 13:54 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-13 13:54 - 2018-08-13 13:54 - 000002285 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-13 13:50 - 2018-08-13 13:50 - 000000918 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-08-13 13:50 - 2018-08-13 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-08-13 13:47 - 2018-08-13 13:47 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-08-13 13:43 - 2018-08-13 13:37 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2018-08-13 13:26 - 2018-08-13 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-08-13 13:25 - 2018-08-13 13:25 - 000000000 ____D C:\Program Files\ATI Technologies
2018-08-13 13:24 - 2018-08-13 13:24 - 000000000 ____D C:\Users\bentu\AppData\Local\PDFCreator
2018-08-13 13:22 - 2018-08-13 13:22 - 000000879 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2018-08-13 13:22 - 2018-08-13 13:22 - 000000000 ____D C:\Users\bentu\AppData\LocalLow\Sun
2018-08-13 13:22 - 2018-08-13 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2018-08-13 13:21 - 2018-08-13 13:21 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2018-08-13 13:21 - 2018-08-13 13:21 - 000001180 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2018-08-13 13:16 - 2018-08-13 13:16 - 000001417 _____ C:\Users\bentu\Desktop\Microsoft Edge.lnk
2018-08-13 13:16 - 2018-08-13 13:16 - 000000000 ___HD C:\Users\bentu\MicrosoftEdgeBackups
2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\DropboxOEM
2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\VirtualStore
2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\DropboxOEM
2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\AMD
2018-08-06 20:43 - 2018-08-06 20:47 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\Packages
2018-08-06 20:43 - 2018-08-06 20:43 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\Intel
2018-08-06 20:43 - 2018-08-06 20:43 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\ConnectedDevicesPlatform
2018-08-06 20:42 - 2018-08-06 20:42 - 000000020 ___SH C:\Users\defaultuser1.DESKTOP-CMTMU7M\ntuser.ini
2018-08-06 20:42 - 2018-08-06 20:42 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M
2018-08-06 20:42 - 2018-04-11 17:34 - 000001105 _____ C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-31 18:50 - 2018-07-31 18:50 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-31 18:50 - 2018-07-31 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-27 15:11 - 2018-07-27 15:11 - 000000080 ___SH C:\bootTel.dat
2018-07-21 03:01 - 2018-07-21 03:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-07-21 03:01 - 2018-07-21 03:01 - 000000000 ____D C:\ProgramData\McAfee Security Scan
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erunt.exe
2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erdntwin.loc
2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erdnt.e_e
2018-08-13 14:21 - 2018-06-07 23:11 - 000002369 _____ C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-13 14:21 - 2017-06-07 17:15 - 000000000 ___HD C:\OneDriveTemp
2018-08-13 14:21 - 2017-06-07 16:47 - 000000000 ___RD C:\Users\bentu\OneDrive
2018-08-13 14:19 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-13 14:13 - 2018-06-21 17:33 - 000000000 ____D C:\ProgramData\Packages
2018-08-13 14:13 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-13 14:12 - 2017-06-07 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-13 14:11 - 2018-01-05 22:39 - 000000000 ____D C:\Users\bentu\AppData\Local\Packages
2018-08-13 14:06 - 2017-12-10 01:48 - 000000000 ____D C:\ProgramData\Avid
2018-08-13 14:06 - 2017-12-10 01:48 - 000000000 ____D C:\Program Files\Avid
2018-08-13 14:03 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-13 13:59 - 2017-12-10 01:59 - 000000000 ____D C:\Users\bentu\Documents\Scores
2018-08-13 13:57 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-08-13 13:54 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-13 13:52 - 2018-06-07 23:39 - 000003142 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-08-13 13:52 - 2017-06-07 23:32 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2018-08-13 13:52 - 2017-06-07 23:32 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2018-08-13 13:52 - 2017-06-07 23:29 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-08-13 13:51 - 2017-06-07 23:29 - 000001280 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2018-08-13 13:51 - 2017-06-07 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-08-13 13:49 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files\VideoLAN
2018-08-13 13:47 - 2017-06-07 23:28 - 000001114 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\Program Files\WinRAR
2018-08-13 13:46 - 2017-06-07 23:28 - 000001073 _____ C:\Users\Public\Desktop\IrfanView.lnk
2018-08-13 13:46 - 2017-06-07 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2018-08-13 13:46 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files (x86)\IrfanView
2018-08-13 13:37 - 2017-06-07 23:26 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-08-13 13:37 - 2017-06-07 23:26 - 000000000 ____D C:\Program Files\Java
2018-08-13 13:29 - 2017-06-11 22:37 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Skype
2018-08-13 13:24 - 2017-06-07 23:32 - 000000000 ____D C:\Program Files\PDFCreator
2018-08-13 13:23 - 2017-06-07 23:33 - 000117248 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2018-08-13 13:20 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-13 13:20 - 2017-11-03 21:52 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-08-13 13:18 - 2017-11-03 21:53 - 000000000 ____D C:\Users\bentu\AppData\Roaming\McAfee Safe Connect
2018-08-13 13:17 - 2018-01-05 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-08-13 13:16 - 2018-06-07 23:11 - 000000000 ____D C:\Users\bentu
2018-08-13 13:12 - 2018-02-08 01:13 - 000000000 ___RD C:\Users\bentu\3D Objects
2018-08-13 13:12 - 2018-01-07 02:03 - 000000000 ____D C:\ProgramData\AMD
2018-08-13 13:12 - 2017-05-29 06:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-13 13:10 - 2018-06-07 23:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-13 13:10 - 2018-06-07 23:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-11 17:06 - 2017-06-07 23:48 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\LocalLow\Mozilla
2018-08-11 17:05 - 2017-06-08 00:11 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\MuseScore
2018-08-11 16:48 - 2017-06-07 23:56 - 000000000 ___RD C:\Users\bentu.DESKTOP-CMTMU7M\OneDrive
2018-08-11 16:44 - 2018-04-11 15:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-08-11 16:44 - 2017-05-29 05:48 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2018-08-11 16:43 - 2017-06-11 22:35 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\Everything
2018-08-11 03:41 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-11 00:34 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-11 00:34 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-10 15:41 - 2017-06-07 23:21 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-10 15:34 - 2017-05-29 06:06 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-08-10 15:33 - 2018-06-07 23:11 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M
2018-08-10 14:14 - 2018-06-07 23:39 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3126702148-3971270183-1363190335-1005
2018-08-10 14:12 - 2018-06-07 23:11 - 000002417 _____ C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-10 01:17 - 2017-06-07 23:22 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 01:17 - 2017-06-07 23:22 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 14:05 - 2017-05-29 06:06 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-08-06 19:45 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-08-05 01:14 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-02 19:18 - 2018-06-07 23:39 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-07-31 18:50 - 2017-05-29 06:22 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-31 18:50 - 2017-05-29 06:22 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-31 18:50 - 2017-05-29 06:22 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-31 18:48 - 2017-05-29 06:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-21 03:01 - 2018-03-30 23:58 - 000002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-07-21 03:01 - 2017-11-03 22:18 - 000000000 ____D C:\Program Files\McAfee Security Scan
==================== Files in the root of some directories =======
2017-12-10 02:07 - 2017-12-10 02:07 - 000000604 _____ () C:\Program Files (x86)\QSt1
2017-12-10 01:46 - 2017-12-10 01:48 - 001456536 _____ () C:\Users\bentu\AppData\Roaming\AvidApplicationManager_Install.log
Some files in TEMP:
====================
2018-08-13 13:20 - 2018-08-13 13:20 - 000290304 _____ (Microsoft Corporation) C:\Users\bentu\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2018-08-13 13:22 - 2018-08-13 13:22 - 000152576 _____ () C:\Users\bentu\AppData\Local\Temp\ext6332090241354469138.dll
2018-08-13 13:32 - 2018-08-13 13:32 - 001906040 _____ (Oracle Corporation) C:\Users\bentu\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-08-11 00:39 - 2018-08-11 00:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1200377776596583780.dll
2018-07-12 00:40 - 2018-07-12 00:40 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1582734924496815086.dll
2018-08-02 22:38 - 2018-08-02 22:38 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1667639434396831625.dll
2018-08-07 03:20 - 2018-08-07 03:20 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1678428571542818517.dll
2018-07-13 16:45 - 2018-07-13 16:45 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1766651094965134530.dll
2018-07-22 22:11 - 2018-07-22 22:11 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1795083251683454653.dll
2018-08-11 16:49 - 2018-08-11 16:49 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2380574594638886471.dll
2018-07-13 14:52 - 2018-07-13 14:52 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2740162228422230216.dll
2018-08-03 16:44 - 2018-08-03 16:44 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext3448410766088429106.dll
2018-07-27 15:17 - 2018-07-27 15:17 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5042693861776630395.dll
2018-07-21 02:59 - 2018-07-21 02:59 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5225656312186083399.dll
2018-07-28 19:08 - 2018-07-28 19:08 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5237310288792390540.dll
2018-08-10 15:39 - 2018-08-10 15:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5307622848095017232.dll
2018-07-25 10:15 - 2018-07-25 10:15 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5958978940808632055.dll
2018-08-05 20:03 - 2018-08-05 20:03 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext6366294823380981193.dll
2018-07-19 19:29 - 2018-07-19 19:29 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7242339546304965834.dll
2018-08-08 13:58 - 2018-08-08 13:58 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext742730689880490877.dll
2018-08-01 17:30 - 2018-08-01 17:30 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7836162853681593769.dll
2018-08-06 20:56 - 2018-08-06 20:57 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext8898844936738300830.dll
2018-08-04 18:56 - 2018-08-04 18:56 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext969040020052368496.dll
Some zero byte size files/folders:
==========================
C:\Windows\erunt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-07 23:03
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Ben (13-08-2018 14:26:42)
Running from C:\Users\bentu\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-06-08 05:40:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3126702148-3971270183-1363190335-500 - Administrator - Disabled)
Ben (S-1-5-21-3126702148-3971270183-1363190335-1001 - Administrator - Enabled) => C:\Users\bentu
bentu (S-1-5-21-3126702148-3971270183-1363190335-1005 - Limited - Enabled) => C:\Users\bentu.DESKTOP-CMTMU7M
DefaultAccount (S-1-5-21-3126702148-3971270183-1363190335-503 - Limited - Disabled)
Guest (S-1-5-21-3126702148-3971270183-1363190335-501 - Limited - Disabled)
hopet (S-1-5-21-3126702148-3971270183-1363190335-1003 - Limited - Enabled) => C:\Users\hopet
mjutu (S-1-5-21-3126702148-3971270183-1363190335-1002 - Limited - Enabled)
tufte (S-1-5-21-3126702148-3971270183-1363190335-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3126702148-3971270183-1363190335-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Catalyst Control Center Next Localization BR (HKLM\...\{628CF93E-16BF-11EF-919B-59C31EF717B3}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{658D9D92-2733-E8FA-B31E-C264902DDFBD}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{743885D6-1B53-7B56-437D-56B32DAAF522}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{19F1603B-1CC7-9057-27D6-7376D2EC0165}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{51D588C1-A0C9-1C56-DF03-7BECEB829770}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A652F661-BB60-2C31-229E-B24857F95E11}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{D1000796-511E-0A49-39B4-D125C8258CA6}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{E599475E-3898-9504-C3A6-86CB7AF3B37E}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DBB0B902-73E6-3521-15C2-6998C63A6129}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{EB0B7E10-2B2E-C2B0-B3EF-B97811D365FC}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{99B2E1B4-5D98-8B59-DD39-4E4992821703}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{11F850B6-2E7A-09A5-5866-F7105729B74D}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A67403D6-8FA6-BEB2-E55B-91635BFF70B3}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{D876E0E3-97E4-2462-A13A-C193EEC82F6C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{DD0C2473-8594-5D35-8048-5FAF76196D9E}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{EB9486CA-01B6-5FE0-3CCE-069DBE0C32DA}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{FFED5E09-AA96-7352-22FB-944FC47BBCB5}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{416D7723-3B10-D406-0A84-8DF69ED131ED}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{C9D56DB9-8F88-8C76-00DE-46AE7177E338}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06301DF5-2B9A-0C81-6352-772B58ACCEE0}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{75959794-FADB-743F-70C9-1BFAB0B37E24}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{B7CC66D4-D5B7-C345-BF1D-1695ABF7C23A}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CF0E2A7F-DEB3-95C9-A56C-8585B1C2D27C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{16B1FA91-4603-4E4D-2BE8-9E9752CBC064}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{3261D423-2791-D2C6-68FF-B248B1412F12}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{884B39AE-C737-8EE2-AB54-64E593B42C4C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{EABFE52D-1399-E1AA-B17E-87487ABA1142}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{A23F282A-9E16-7CAE-8064-67ECCD06B65B}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C7A04DCF-0305-1955-6663-8905CF530A11}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B1D749B2-AA49-620C-C03A-DDF67E407A1C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D7438F64-B441-1F37-FB0A-C9EAF4ECFDAB}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D447284-F649-D2BC-5FD7-E8853CA26E24}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C1776FAC-8CC8-3EE2-47A5-38671A83661B}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{967CEFF4-8D1A-C70C-FACE-C81F07DF0553}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{7D7982D5-9BA1-47EF-DE19-896D78027265}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.4.0.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell SupportAssistAgent (HKLM-x32\...\{CD2DF2B3-01E7-47FF-AF9C-725FC5FF6409}) (Version: 1.3.2.3 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.3.6855.72 - PC-Doctor, Inc.) Hidden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Finale (HKLM\...\{167CCA89-3470-4987-B722-66B792188A9C}) (Version: 25.5.0.290 - MakeMusic)
Google Chrome (HKLM\...\{98305915-759E-39B2-A385-5818CDBB9F5B}) (Version: 68.0.3440.106 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl)
K-Lite Codec Pack 14.3.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.6 - KLCP)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R12 - McAfee, Inc.)
McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.766.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
MuseScore 2 (HKLM-x32\...\{6088F9C1-491A-431F-94D1-81FA26AF7620}) (Version: 2.3.1 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.2 - pdfforge GmbH)
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (HKLM\...\{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.) Hidden
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.38 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05799A63-8654-4458-A239-5C8D130074F6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {0D0EBE4D-82F6-412C-9A50-A2F9BB387982} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {11650227-5090-4E97-B4B1-F4496EE87729} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-31] (Microsoft Corporation)
Task: {1819D3B2-71E3-4C3B-9C08-F8F2EC0A018F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {1D68CC9E-9A61-4DD0-A77D-F28278F87FBF} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {1FDC0462-02E0-4AA4-B972-6E673511BF2B} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {28142768-BDAC-46BC-9524-1143E581E4EC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-07] (Dropbox, Inc.)
Task: {2A68D709-88ED-4ECB-A247-3FF113F81309} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-07] (Dropbox, Inc.)
Task: {34E93AA7-4ED2-4F53-9E7E-D6C0976A075E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
Task: {3B3239D4-1372-4C8A-BD3D-E7AA8FF5AE55} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {3D98DB75-02C8-4371-B926-283542E84A71} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {4B845D5C-085F-4C49-A6D3-0E6A435BF4EB} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4F9D3C58-AD88-484D-9A64-8B55DCB2A301} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-17] (Realtek Semiconductor)
Task: {53032758-2A3C-4FD3-9E3E-13CFDBA1F47F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {62E2FF18-A89D-4FC9-83D9-871176FB0BAA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6DE66706-FEA7-45A0-8D54-9D9D891279C9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {6EA6A71D-12E9-4383-A194-B1D062F3408E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {96ECA797-9D2F-4BC8-A15E-2AA1802EFB6B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {983C0F21-4783-406A-8A04-439ED917C177} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {A6B176E8-9E23-4B89-9D2C-ABA96565BEFD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-22] (McAfee, Inc.)
Task: {A931D0EC-AA2A-4AF1-814C-792A7E8DF681} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {B2FE0F3A-51BA-433A-A407-E6A86CD27971} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {BA92AFC5-202B-471D-A58D-C01E6E563066} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {CCA7AA6C-077A-4276-8F80-418610D6D379} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-10-24] (Dell Inc.)
Task: {CF4D064C-53D2-44C6-BBDA-AC6419E38FD9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-06-08] (McAfee, Inc.)
Task: {e2beb945-b098-405d-96dd-5401c0e97b01} - no filepath
Task: {F184978F-32AB-450A-B945-2D3DE39321FE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {F54720BC-DAAC-4896-A932-C32CEB93A20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP CMTMU7M
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-06 05:05 - 2018-04-06 05:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2018-07-10 21:30 - 2018-07-06 00:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-26 17:41 - 2018-07-26 17:41 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-07-26 17:41 - 2018-07-26 17:41 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-03 17:38 - 2017-10-03 17:40 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-03 20:30 - 2018-05-03 20:33 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 15:35 - 2018-04-05 16:01 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-07-26 17:41 - 2018-07-26 17:41 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-07-26 17:41 - 2018-07-26 17:41 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-29 20:51 - 2018-05-29 20:54 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-07-26 17:41 - 2018-07-26 17:41 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-07 23:27 - 2014-08-05 19:04 - 001441792 _____ () C:\Program Files\Everything\Everything.exe
2016-12-06 20:43 - 2016-12-06 20:43 - 000155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-08-10 01:15 - 2018-08-07 18:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-10 01:15 - 2018-08-07 18:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2017-05-29 05:58 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 16:28 - 2014-12-08 16:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2016-09-09 09:32 - 2016-09-09 09:32 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-05-02 15:46 - 2016-05-02 15:46 - 000134008 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 15:03 - 2018-07-21 03:01 - 000000865 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 74.211.15.210 - 74.211.15.211
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4CDEFEFF-F23F-4C1C-8A15-026D556F0907}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE
FirewallRules: [{9221CB9C-6085-4AE5-9021-A8AB8326CDC9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
FirewallRules: [{0EDA389B-E8F1-4478-ADED-70DFF8081EF3}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{787B9959-F87C-48B2-AA8E-404813270051}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{27E9D83D-449B-45AF-B92C-4EBAE8E086DC}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{8B2B8C4D-4EA5-459E-8FFD-F7D59BB5D00F}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{C74C3FF1-DAAB-4724-A636-FD370A7C60EA}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{930E654D-D3CB-484D-B593-57E941C9DAC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B01EC76-1CA3-488D-BE9F-F1A1510A2792}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{416CADEF-2CCC-457B-90F5-F160E37B2303}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A15BA2F-C5B4-4B0F-9D2A-2C329896B558}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{B60E35FE-3AF3-41F4-B9E0-582F0D9370AC}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{937FE4B4-9E0C-4746-A339-937C6983F419}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{F0F525CB-C33E-4D5E-9CDB-0C9BF789A1C3}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{4DFC50C3-E929-4A3C-992F-078B4383684D}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{51F93DB6-0DE6-4D1C-9510-78F97BAC97FD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F1E30803-FA67-4C5F-BFB1-42A3FB7FD502}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
13-08-2018 13:57:29 Removed Sibelius.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2018 02:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.137, time stamp: 0xecd85e98
Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0xf4df6dc2
Exception code: 0xc0000374
Fault offset: 0x00000000000f4d1b
Faulting process id: 0x2904
Faulting application start time: 0x01d43342a9808103
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0efa8ae8-a47b-403e-8106-d1e0f193ba95
Faulting package full name:
Faulting package-relative application ID:
Error: (08/13/2018 01:48:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:47:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:46:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:44:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:41:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:40:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:34:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
System errors:
=============
Error: (08/13/2018 02:14:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CMTMU7M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-CMTMU7M\Ben SID (S-1-5-21-3126702148-3971270183-1363190335-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:21:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:20:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:19:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:16:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Help & Support service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/13/2018 01:13:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Help & Support service to connect.
Error: (08/13/2018 01:11:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2018-08-13 13:10:47.050
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-11 16:45:28.268
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-11 00:34:52.589
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-10 15:34:34.001
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-08 13:51:39.907
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-07 03:15:24.269
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-06 20:50:32.813
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-05 19:58:39.874
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A6-9200 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 66%
Total physical RAM: 3964.91 MB
Available physical RAM: 1345.81 MB
Total Virtual: 9852.91 MB
Available Virtual: 6815.22 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.81 GB) (Free:395.08 GB) NTFS
\\?\Volume{407e078c-a4e7-4ef1-8e03-9fcf7d186252}\ () (Fixed) (Total:0.78 GB) (Free:0.34 GB) NTFS
\\?\Volume{c5df1d11-387f-4f70-9426-ee82a58daa60}\ (Image) (Fixed) (Total:12.44 GB) (Free:0.18 GB) NTFS
\\?\Volume{925fbbd5-6df4-47ab-a117-421d5cdfeb80}\ (DELLSUPPORT) (Fixed) (Total:1.12 GB) (Free:0.53 GB) NTFS
\\?\Volume{24758548-076e-4e05-bbed-af86845e21b3}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 66133000)
Partition: GPT.
==================== End of Addition.txt ============================
This is a laptop that is on our home LAN every few months. It runs Windows 10, and usually wireless through a university's network. Lots of surfing, but not too many intentional downloads. No overt symptoms other than it runs slowly.
Did the "Before you post ..."
The registry backup shows 18 for 18.
The two FRST logs are pasted below.
aswMBR started, updated its virus definitions, ran for a while, and then got a BSOD. Repeated and got the same behavior.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Ben (administrator) on DESKTOP-CMTMU7M (13-08-2018 14:23:55)
Running from C:\Users\bentu\Desktop
Loaded Profiles: Ben (Available Profiles: Ben & hopet & bentu)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.9.175.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Everything\Everything.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe
() C:\Program Files\Everything\Everything.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(McAfee Inc.) C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
(AnchorFree Inc.) C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9072128 2016-11-17] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3925504 2016-08-09] (Dell Inc.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3255888 2018-05-12] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\RunOnce: [Uninstall 17.3.6917.0607\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bentu\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64"
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\RunOnce: [Uninstall 17.3.6917.0607] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bentu\AppData\Local\Microsoft\OneDrive\17.3.6917.0607"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-07-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Tcpip\..\Interfaces\{88969653-4e71-40d9-9e34-9dcd05c8beed}: [DhcpNameServer] 172.20.120.20
Tcpip\..\Interfaces\{ddce5a6b-debf-436b-baab-8eba462a12dc}: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
Internet Explorer:
==================
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-13] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-13] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-06-15] (McAfee, Inc.)
FireFox:
========
FF DefaultProfile: c0yahhbe.default
FF ProfilePath: C:\Users\bentu\AppData\Roaming\Mozilla\Firefox\Profiles\c0yahhbe.default [2017-06-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-07] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-13] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default [2018-08-13]
CHR Extension: (Slides) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-13]
CHR Extension: (Docs) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-13]
CHR Extension: (Google Drive) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-13]
CHR Extension: (YouTube) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-13]
CHR Extension: (Sheets) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-13]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-13]
CHR Extension: (Gmail) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-12-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-07] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-10-13] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-10-13] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-10-16] (McAfee, Inc.)
R3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-05-16] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.766\McCHSvc.exe [405392 2018-07-11] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1676024 2018-05-01] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-19] ()
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-29] (McAfee, Inc.)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [46632 2017-04-17] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [321024 2016-11-17] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-10-24] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-08] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-08] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-19] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54160 2016-09-15] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0310274.inf_amd64_51be3a3306cacb44\atikmdag.sys [26574344 2017-01-11] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0310274.inf_amd64_51be3a3306cacb44\atikmpag.sys [529304 2017-01-11] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-29] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32352 2016-10-13] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32952 2016-10-13] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk03; no ImagePath
U3 mfeavfk04; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543624 2018-04-30] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-04-30] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66104 2017-12-19] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-07-08] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-08] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-08] (Microsoft Corporation)
S3 mfeplk01; \Device\mfeplk01.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-13 14:23 - 2018-08-13 14:25 - 000022873 _____ C:\Users\bentu\Desktop\FRST.txt
2018-08-13 14:23 - 2018-08-13 14:23 - 000000000 ____D C:\FRST
2018-08-13 14:23 - 2018-08-13 14:23 - 000000000 _____ C:\WINDOWS\erdntdos.loc
2018-08-13 14:22 - 2018-08-13 14:22 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-CMTMU7M-Windows-10-Home-(64-bit).dat
2018-08-13 14:22 - 2018-08-13 14:22 - 000000000 ____D C:\RegBackup
2018-08-13 14:21 - 2018-08-13 14:22 - 000018111 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-08-13 14:21 - 2018-08-13 14:21 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3126702148-3971270183-1363190335-1001
2018-08-13 14:21 - 2018-08-13 14:21 - 000002314 _____ C:\Users\bentu\Desktop\Tweaking.com - Registry Backup.lnk
2018-08-13 14:21 - 2018-08-13 14:21 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-08-13 14:21 - 2018-08-13 14:21 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-08-13 14:20 - 2018-08-13 14:20 - 005198336 _____ (AVAST Software) C:\Users\bentu\Desktop\aswMBR.exe
2018-08-13 14:19 - 2018-08-13 14:19 - 005766144 _____ (Tweaking.com) C:\Users\bentu\Desktop\tweaking.com_registry_backup_setup.exe
2018-08-13 14:19 - 2018-08-13 14:19 - 002412544 _____ (Farbar) C:\Users\bentu\Desktop\FRST64.exe
2018-08-13 14:14 - 2018-08-13 14:14 - 000000000 ____D C:\Users\bentu\AppData\LocalLow\AMD
2018-08-13 13:54 - 2018-08-13 13:54 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-13 13:54 - 2018-08-13 13:54 - 000002285 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-13 13:50 - 2018-08-13 13:50 - 000000918 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-08-13 13:50 - 2018-08-13 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-08-13 13:47 - 2018-08-13 13:47 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-08-13 13:43 - 2018-08-13 13:37 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2018-08-13 13:26 - 2018-08-13 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-08-13 13:25 - 2018-08-13 13:25 - 000000000 ____D C:\Program Files\ATI Technologies
2018-08-13 13:24 - 2018-08-13 13:24 - 000000000 ____D C:\Users\bentu\AppData\Local\PDFCreator
2018-08-13 13:22 - 2018-08-13 13:22 - 000000879 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2018-08-13 13:22 - 2018-08-13 13:22 - 000000000 ____D C:\Users\bentu\AppData\LocalLow\Sun
2018-08-13 13:22 - 2018-08-13 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2018-08-13 13:21 - 2018-08-13 13:21 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2018-08-13 13:21 - 2018-08-13 13:21 - 000001180 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2018-08-13 13:16 - 2018-08-13 13:16 - 000001417 _____ C:\Users\bentu\Desktop\Microsoft Edge.lnk
2018-08-13 13:16 - 2018-08-13 13:16 - 000000000 ___HD C:\Users\bentu\MicrosoftEdgeBackups
2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\DropboxOEM
2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\VirtualStore
2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\DropboxOEM
2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\AMD
2018-08-06 20:43 - 2018-08-06 20:47 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\Packages
2018-08-06 20:43 - 2018-08-06 20:43 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\Intel
2018-08-06 20:43 - 2018-08-06 20:43 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\ConnectedDevicesPlatform
2018-08-06 20:42 - 2018-08-06 20:42 - 000000020 ___SH C:\Users\defaultuser1.DESKTOP-CMTMU7M\ntuser.ini
2018-08-06 20:42 - 2018-08-06 20:42 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M
2018-08-06 20:42 - 2018-04-11 17:34 - 000001105 _____ C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-31 18:50 - 2018-07-31 18:50 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-31 18:50 - 2018-07-31 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-27 15:11 - 2018-07-27 15:11 - 000000080 ___SH C:\bootTel.dat
2018-07-21 03:01 - 2018-07-21 03:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-07-21 03:01 - 2018-07-21 03:01 - 000000000 ____D C:\ProgramData\McAfee Security Scan
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erunt.exe
2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erdntwin.loc
2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erdnt.e_e
2018-08-13 14:21 - 2018-06-07 23:11 - 000002369 _____ C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-13 14:21 - 2017-06-07 17:15 - 000000000 ___HD C:\OneDriveTemp
2018-08-13 14:21 - 2017-06-07 16:47 - 000000000 ___RD C:\Users\bentu\OneDrive
2018-08-13 14:19 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-13 14:13 - 2018-06-21 17:33 - 000000000 ____D C:\ProgramData\Packages
2018-08-13 14:13 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-13 14:12 - 2017-06-07 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-13 14:11 - 2018-01-05 22:39 - 000000000 ____D C:\Users\bentu\AppData\Local\Packages
2018-08-13 14:06 - 2017-12-10 01:48 - 000000000 ____D C:\ProgramData\Avid
2018-08-13 14:06 - 2017-12-10 01:48 - 000000000 ____D C:\Program Files\Avid
2018-08-13 14:03 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-13 13:59 - 2017-12-10 01:59 - 000000000 ____D C:\Users\bentu\Documents\Scores
2018-08-13 13:57 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-08-13 13:54 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-13 13:52 - 2018-06-07 23:39 - 000003142 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-08-13 13:52 - 2017-06-07 23:32 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2018-08-13 13:52 - 2017-06-07 23:32 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2018-08-13 13:52 - 2017-06-07 23:29 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-08-13 13:51 - 2017-06-07 23:29 - 000001280 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2018-08-13 13:51 - 2017-06-07 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-08-13 13:49 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files\VideoLAN
2018-08-13 13:47 - 2017-06-07 23:28 - 000001114 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\Program Files\WinRAR
2018-08-13 13:46 - 2017-06-07 23:28 - 000001073 _____ C:\Users\Public\Desktop\IrfanView.lnk
2018-08-13 13:46 - 2017-06-07 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2018-08-13 13:46 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files (x86)\IrfanView
2018-08-13 13:37 - 2017-06-07 23:26 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-08-13 13:37 - 2017-06-07 23:26 - 000000000 ____D C:\Program Files\Java
2018-08-13 13:29 - 2017-06-11 22:37 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Skype
2018-08-13 13:24 - 2017-06-07 23:32 - 000000000 ____D C:\Program Files\PDFCreator
2018-08-13 13:23 - 2017-06-07 23:33 - 000117248 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2018-08-13 13:20 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-13 13:20 - 2017-11-03 21:52 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-08-13 13:18 - 2017-11-03 21:53 - 000000000 ____D C:\Users\bentu\AppData\Roaming\McAfee Safe Connect
2018-08-13 13:17 - 2018-01-05 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-08-13 13:16 - 2018-06-07 23:11 - 000000000 ____D C:\Users\bentu
2018-08-13 13:12 - 2018-02-08 01:13 - 000000000 ___RD C:\Users\bentu\3D Objects
2018-08-13 13:12 - 2018-01-07 02:03 - 000000000 ____D C:\ProgramData\AMD
2018-08-13 13:12 - 2017-05-29 06:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-13 13:10 - 2018-06-07 23:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-13 13:10 - 2018-06-07 23:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-11 17:06 - 2017-06-07 23:48 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\LocalLow\Mozilla
2018-08-11 17:05 - 2017-06-08 00:11 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\MuseScore
2018-08-11 16:48 - 2017-06-07 23:56 - 000000000 ___RD C:\Users\bentu.DESKTOP-CMTMU7M\OneDrive
2018-08-11 16:44 - 2018-04-11 15:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-08-11 16:44 - 2017-05-29 05:48 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2018-08-11 16:43 - 2017-06-11 22:35 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\Everything
2018-08-11 03:41 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-11 00:34 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-11 00:34 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-10 15:41 - 2017-06-07 23:21 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-10 15:34 - 2017-05-29 06:06 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-08-10 15:33 - 2018-06-07 23:11 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M
2018-08-10 14:14 - 2018-06-07 23:39 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3126702148-3971270183-1363190335-1005
2018-08-10 14:12 - 2018-06-07 23:11 - 000002417 _____ C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-10 01:17 - 2017-06-07 23:22 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 01:17 - 2017-06-07 23:22 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 14:05 - 2017-05-29 06:06 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-08-06 19:45 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-08-05 01:14 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-02 19:18 - 2018-06-07 23:39 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-07-31 18:50 - 2017-05-29 06:22 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-31 18:50 - 2017-05-29 06:22 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-31 18:50 - 2017-05-29 06:22 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-31 18:48 - 2017-05-29 06:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-21 03:01 - 2018-03-30 23:58 - 000002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-07-21 03:01 - 2017-11-03 22:18 - 000000000 ____D C:\Program Files\McAfee Security Scan
==================== Files in the root of some directories =======
2017-12-10 02:07 - 2017-12-10 02:07 - 000000604 _____ () C:\Program Files (x86)\QSt1
2017-12-10 01:46 - 2017-12-10 01:48 - 001456536 _____ () C:\Users\bentu\AppData\Roaming\AvidApplicationManager_Install.log
Some files in TEMP:
====================
2018-08-13 13:20 - 2018-08-13 13:20 - 000290304 _____ (Microsoft Corporation) C:\Users\bentu\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2018-08-13 13:22 - 2018-08-13 13:22 - 000152576 _____ () C:\Users\bentu\AppData\Local\Temp\ext6332090241354469138.dll
2018-08-13 13:32 - 2018-08-13 13:32 - 001906040 _____ (Oracle Corporation) C:\Users\bentu\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-08-11 00:39 - 2018-08-11 00:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1200377776596583780.dll
2018-07-12 00:40 - 2018-07-12 00:40 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1582734924496815086.dll
2018-08-02 22:38 - 2018-08-02 22:38 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1667639434396831625.dll
2018-08-07 03:20 - 2018-08-07 03:20 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1678428571542818517.dll
2018-07-13 16:45 - 2018-07-13 16:45 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1766651094965134530.dll
2018-07-22 22:11 - 2018-07-22 22:11 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1795083251683454653.dll
2018-08-11 16:49 - 2018-08-11 16:49 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2380574594638886471.dll
2018-07-13 14:52 - 2018-07-13 14:52 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2740162228422230216.dll
2018-08-03 16:44 - 2018-08-03 16:44 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext3448410766088429106.dll
2018-07-27 15:17 - 2018-07-27 15:17 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5042693861776630395.dll
2018-07-21 02:59 - 2018-07-21 02:59 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5225656312186083399.dll
2018-07-28 19:08 - 2018-07-28 19:08 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5237310288792390540.dll
2018-08-10 15:39 - 2018-08-10 15:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5307622848095017232.dll
2018-07-25 10:15 - 2018-07-25 10:15 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5958978940808632055.dll
2018-08-05 20:03 - 2018-08-05 20:03 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext6366294823380981193.dll
2018-07-19 19:29 - 2018-07-19 19:29 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7242339546304965834.dll
2018-08-08 13:58 - 2018-08-08 13:58 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext742730689880490877.dll
2018-08-01 17:30 - 2018-08-01 17:30 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7836162853681593769.dll
2018-08-06 20:56 - 2018-08-06 20:57 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext8898844936738300830.dll
2018-08-04 18:56 - 2018-08-04 18:56 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext969040020052368496.dll
Some zero byte size files/folders:
==========================
C:\Windows\erunt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-07 23:03
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Ben (13-08-2018 14:26:42)
Running from C:\Users\bentu\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-06-08 05:40:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3126702148-3971270183-1363190335-500 - Administrator - Disabled)
Ben (S-1-5-21-3126702148-3971270183-1363190335-1001 - Administrator - Enabled) => C:\Users\bentu
bentu (S-1-5-21-3126702148-3971270183-1363190335-1005 - Limited - Enabled) => C:\Users\bentu.DESKTOP-CMTMU7M
DefaultAccount (S-1-5-21-3126702148-3971270183-1363190335-503 - Limited - Disabled)
Guest (S-1-5-21-3126702148-3971270183-1363190335-501 - Limited - Disabled)
hopet (S-1-5-21-3126702148-3971270183-1363190335-1003 - Limited - Enabled) => C:\Users\hopet
mjutu (S-1-5-21-3126702148-3971270183-1363190335-1002 - Limited - Enabled)
tufte (S-1-5-21-3126702148-3971270183-1363190335-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3126702148-3971270183-1363190335-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Catalyst Control Center Next Localization BR (HKLM\...\{628CF93E-16BF-11EF-919B-59C31EF717B3}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{658D9D92-2733-E8FA-B31E-C264902DDFBD}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{743885D6-1B53-7B56-437D-56B32DAAF522}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{19F1603B-1CC7-9057-27D6-7376D2EC0165}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{51D588C1-A0C9-1C56-DF03-7BECEB829770}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A652F661-BB60-2C31-229E-B24857F95E11}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{D1000796-511E-0A49-39B4-D125C8258CA6}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{E599475E-3898-9504-C3A6-86CB7AF3B37E}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DBB0B902-73E6-3521-15C2-6998C63A6129}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{EB0B7E10-2B2E-C2B0-B3EF-B97811D365FC}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{99B2E1B4-5D98-8B59-DD39-4E4992821703}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{11F850B6-2E7A-09A5-5866-F7105729B74D}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A67403D6-8FA6-BEB2-E55B-91635BFF70B3}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{D876E0E3-97E4-2462-A13A-C193EEC82F6C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{DD0C2473-8594-5D35-8048-5FAF76196D9E}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{EB9486CA-01B6-5FE0-3CCE-069DBE0C32DA}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{FFED5E09-AA96-7352-22FB-944FC47BBCB5}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{416D7723-3B10-D406-0A84-8DF69ED131ED}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{C9D56DB9-8F88-8C76-00DE-46AE7177E338}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06301DF5-2B9A-0C81-6352-772B58ACCEE0}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{75959794-FADB-743F-70C9-1BFAB0B37E24}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{B7CC66D4-D5B7-C345-BF1D-1695ABF7C23A}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CF0E2A7F-DEB3-95C9-A56C-8585B1C2D27C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{16B1FA91-4603-4E4D-2BE8-9E9752CBC064}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{3261D423-2791-D2C6-68FF-B248B1412F12}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{884B39AE-C737-8EE2-AB54-64E593B42C4C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{EABFE52D-1399-E1AA-B17E-87487ABA1142}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{A23F282A-9E16-7CAE-8064-67ECCD06B65B}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C7A04DCF-0305-1955-6663-8905CF530A11}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B1D749B2-AA49-620C-C03A-DDF67E407A1C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D7438F64-B441-1F37-FB0A-C9EAF4ECFDAB}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D447284-F649-D2BC-5FD7-E8853CA26E24}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C1776FAC-8CC8-3EE2-47A5-38671A83661B}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{967CEFF4-8D1A-C70C-FACE-C81F07DF0553}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{7D7982D5-9BA1-47EF-DE19-896D78027265}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.4.0.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell SupportAssistAgent (HKLM-x32\...\{CD2DF2B3-01E7-47FF-AF9C-725FC5FF6409}) (Version: 1.3.2.3 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.3.6855.72 - PC-Doctor, Inc.) Hidden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Finale (HKLM\...\{167CCA89-3470-4987-B722-66B792188A9C}) (Version: 25.5.0.290 - MakeMusic)
Google Chrome (HKLM\...\{98305915-759E-39B2-A385-5818CDBB9F5B}) (Version: 68.0.3440.106 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl)
K-Lite Codec Pack 14.3.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.6 - KLCP)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R12 - McAfee, Inc.)
McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.766.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
MuseScore 2 (HKLM-x32\...\{6088F9C1-491A-431F-94D1-81FA26AF7620}) (Version: 2.3.1 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.2 - pdfforge GmbH)
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (HKLM\...\{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.) Hidden
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.38 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05799A63-8654-4458-A239-5C8D130074F6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {0D0EBE4D-82F6-412C-9A50-A2F9BB387982} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {11650227-5090-4E97-B4B1-F4496EE87729} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-31] (Microsoft Corporation)
Task: {1819D3B2-71E3-4C3B-9C08-F8F2EC0A018F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {1D68CC9E-9A61-4DD0-A77D-F28278F87FBF} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {1FDC0462-02E0-4AA4-B972-6E673511BF2B} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {28142768-BDAC-46BC-9524-1143E581E4EC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-07] (Dropbox, Inc.)
Task: {2A68D709-88ED-4ECB-A247-3FF113F81309} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-07] (Dropbox, Inc.)
Task: {34E93AA7-4ED2-4F53-9E7E-D6C0976A075E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
Task: {3B3239D4-1372-4C8A-BD3D-E7AA8FF5AE55} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {3D98DB75-02C8-4371-B926-283542E84A71} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {4B845D5C-085F-4C49-A6D3-0E6A435BF4EB} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4F9D3C58-AD88-484D-9A64-8B55DCB2A301} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-17] (Realtek Semiconductor)
Task: {53032758-2A3C-4FD3-9E3E-13CFDBA1F47F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {62E2FF18-A89D-4FC9-83D9-871176FB0BAA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6DE66706-FEA7-45A0-8D54-9D9D891279C9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {6EA6A71D-12E9-4383-A194-B1D062F3408E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {96ECA797-9D2F-4BC8-A15E-2AA1802EFB6B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {983C0F21-4783-406A-8A04-439ED917C177} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {A6B176E8-9E23-4B89-9D2C-ABA96565BEFD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-22] (McAfee, Inc.)
Task: {A931D0EC-AA2A-4AF1-814C-792A7E8DF681} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {B2FE0F3A-51BA-433A-A407-E6A86CD27971} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {BA92AFC5-202B-471D-A58D-C01E6E563066} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {CCA7AA6C-077A-4276-8F80-418610D6D379} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-10-24] (Dell Inc.)
Task: {CF4D064C-53D2-44C6-BBDA-AC6419E38FD9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-06-08] (McAfee, Inc.)
Task: {e2beb945-b098-405d-96dd-5401c0e97b01} - no filepath
Task: {F184978F-32AB-450A-B945-2D3DE39321FE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {F54720BC-DAAC-4896-A932-C32CEB93A20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP CMTMU7M
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-06 05:05 - 2018-04-06 05:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2018-07-10 21:30 - 2018-07-06 00:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-26 17:41 - 2018-07-26 17:41 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-07-26 17:41 - 2018-07-26 17:41 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-03 17:38 - 2017-10-03 17:40 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-03 20:30 - 2018-05-03 20:33 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 15:35 - 2018-04-05 16:01 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-07-26 17:41 - 2018-07-26 17:41 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-07-26 17:41 - 2018-07-26 17:41 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-29 20:51 - 2018-05-29 20:54 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-15 01:46 - 2018-07-15 01:48 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-07-26 17:41 - 2018-07-26 17:41 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-07 23:27 - 2014-08-05 19:04 - 001441792 _____ () C:\Program Files\Everything\Everything.exe
2016-12-06 20:43 - 2016-12-06 20:43 - 000155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-08-10 01:15 - 2018-08-07 18:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-10 01:15 - 2018-08-07 18:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2017-05-29 05:58 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 16:28 - 2014-12-08 16:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2016-09-09 09:32 - 2016-09-09 09:32 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-05-02 15:46 - 2016-05-02 15:46 - 000134008 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 15:03 - 2018-07-21 03:01 - 000000865 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 74.211.15.210 - 74.211.15.211
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4CDEFEFF-F23F-4C1C-8A15-026D556F0907}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE
FirewallRules: [{9221CB9C-6085-4AE5-9021-A8AB8326CDC9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
FirewallRules: [{0EDA389B-E8F1-4478-ADED-70DFF8081EF3}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{787B9959-F87C-48B2-AA8E-404813270051}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{27E9D83D-449B-45AF-B92C-4EBAE8E086DC}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{8B2B8C4D-4EA5-459E-8FFD-F7D59BB5D00F}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{C74C3FF1-DAAB-4724-A636-FD370A7C60EA}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{930E654D-D3CB-484D-B593-57E941C9DAC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B01EC76-1CA3-488D-BE9F-F1A1510A2792}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{416CADEF-2CCC-457B-90F5-F160E37B2303}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A15BA2F-C5B4-4B0F-9D2A-2C329896B558}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{B60E35FE-3AF3-41F4-B9E0-582F0D9370AC}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{937FE4B4-9E0C-4746-A339-937C6983F419}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{F0F525CB-C33E-4D5E-9CDB-0C9BF789A1C3}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{4DFC50C3-E929-4A3C-992F-078B4383684D}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{51F93DB6-0DE6-4D1C-9510-78F97BAC97FD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F1E30803-FA67-4C5F-BFB1-42A3FB7FD502}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
13-08-2018 13:57:29 Removed Sibelius.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2018 02:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.137, time stamp: 0xecd85e98
Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0xf4df6dc2
Exception code: 0xc0000374
Fault offset: 0x00000000000f4d1b
Faulting process id: 0x2904
Faulting application start time: 0x01d43342a9808103
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0efa8ae8-a47b-403e-8106-d1e0f193ba95
Faulting package full name:
Faulting package-relative application ID:
Error: (08/13/2018 01:48:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:47:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:46:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:44:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:41:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:40:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
Error: (08/13/2018 01:34:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.
System errors:
=============
Error: (08/13/2018 02:14:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CMTMU7M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-CMTMU7M\Ben SID (S-1-5-21-3126702148-3971270183-1363190335-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:21:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:20:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:19:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:16:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/13/2018 01:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Help & Support service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/13/2018 01:13:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Help & Support service to connect.
Error: (08/13/2018 01:11:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2018-08-13 13:10:47.050
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-11 16:45:28.268
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-11 00:34:52.589
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-10 15:34:34.001
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-08 13:51:39.907
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-07 03:15:24.269
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-06 20:50:32.813
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-08-05 19:58:39.874
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A6-9200 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 66%
Total physical RAM: 3964.91 MB
Available physical RAM: 1345.81 MB
Total Virtual: 9852.91 MB
Available Virtual: 6815.22 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.81 GB) (Free:395.08 GB) NTFS
\\?\Volume{407e078c-a4e7-4ef1-8e03-9fcf7d186252}\ () (Fixed) (Total:0.78 GB) (Free:0.34 GB) NTFS
\\?\Volume{c5df1d11-387f-4f70-9426-ee82a58daa60}\ (Image) (Fixed) (Total:12.44 GB) (Free:0.18 GB) NTFS
\\?\Volume{925fbbd5-6df4-47ab-a117-421d5cdfeb80}\ (DELLSUPPORT) (Fixed) (Total:1.12 GB) (Free:0.53 GB) NTFS
\\?\Volume{24758548-076e-4e05-bbed-af86845e21b3}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 66133000)
Partition: GPT.
==================== End of Addition.txt ============================