Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Second PC

  1. #1
    Junior Member
    Join Date
    Aug 2018
    Posts
    26

    Default Second PC

    I am starting this thread before the first PC is quite finished (my son is home from college for a few days).

    This is a laptop that is on our home LAN every few months. It runs Windows 10, and usually wireless through a university's network. Lots of surfing, but not too many intentional downloads. No overt symptoms other than it runs slowly.

    Did the "Before you post ..."

    The registry backup shows 18 for 18.

    The two FRST logs are pasted below.

    aswMBR started, updated its virus definitions, ran for a while, and then got a BSOD. Repeated and got the same behavior.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
    Ran by Ben (administrator) on DESKTOP-CMTMU7M (13-08-2018 14:23:55)
    Running from C:\Users\bentu\Desktop
    Loaded Profiles: Ben (Available Profiles: Ben & hopet & bentu)
    Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (McAfee, LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
    (McAfee, LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
    (McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
    (McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.9.175.0\McCSPServiceHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    () C:\Program Files\Everything\Everything.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe
    () C:\Program Files\Everything\Everything.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (McAfee Inc.) C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
    (AnchorFree Inc.) C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe
    () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9072128 2016-11-17] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3925504 2016-08-09] (Dell Inc.)
    HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
    HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-12-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3255888 2018-05-12] (Dominik Reichl)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
    HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
    HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\RunOnce: [Uninstall 17.3.6917.0607\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bentu\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64"
    HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\RunOnce: [Uninstall 17.3.6917.0607] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bentu\AppData\Local\Microsoft\OneDrive\17.3.6917.0607"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-07-21]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe (McAfee, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102
    Tcpip\..\Interfaces\{88969653-4e71-40d9-9e34-9dcd05c8beed}: [DhcpNameServer] 172.20.120.20
    Tcpip\..\Interfaces\{ddce5a6b-debf-436b-baab-8eba462a12dc}: [DhcpNameServer] 74.211.15.210 74.211.15.211 24.56.178.102

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
    HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-31] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-13] (Oracle Corporation)
    BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-13] (Oracle Corporation)
    BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-06-15] (McAfee, Inc.)

    FireFox:
    ========
    FF DefaultProfile: c0yahhbe.default
    FF ProfilePath: C:\Users\bentu\AppData\Roaming\Mozilla\Firefox\Profiles\c0yahhbe.default [2017-06-07]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-27]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-07] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
    FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-13] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-13] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
    FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default [2018-08-13]
    CHR Extension: (Slides) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-13]
    CHR Extension: (Docs) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-13]
    CHR Extension: (Google Drive) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-13]
    CHR Extension: (YouTube) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-13]
    CHR Extension: (Sheets) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-13]
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-08-13]
    CHR Extension: (Google Docs Offline) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-13]
    CHR Extension: (Gmail) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-13]
    CHR Extension: (Chrome Media Router) - C:\Users\bentu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-13]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-12-06] ()
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
    S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-07] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-07] (Dropbox, Inc.)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
    S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
    R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.)
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-10-13] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-10-13] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-10-16] (McAfee, Inc.)
    R3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
    R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-05-16] (McAfee, Inc.)
    S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.766\McCHSvc.exe [405392 2018-07-11] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
    S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
    R3 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1676024 2018-05-01] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-19] ()
    R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-29] (McAfee, Inc.)
    R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [46632 2017-04-17] (Dell)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [321024 2016-11-17] (Realtek Semiconductor)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-10-24] (Dell Inc.)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated)
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-08] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-08] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-19] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
    R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc)
    R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54160 2016-09-15] (Advanced Micro Devices, Inc)
    S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
    R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0310274.inf_amd64_51be3a3306cacb44\atikmdag.sys [26574344 2017-01-11] (Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0310274.inf_amd64_51be3a3306cacb44\atikmpag.sys [529304 2017-01-11] (Advanced Micro Devices, Inc.)
    R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-29] (Advanced Micro Devices)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32352 2016-10-13] (Dell Inc.)
    R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32952 2016-10-13] (Dell Computer Corporation)
    R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)
    R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
    U3 mfeavfk03; no ImagePath
    U3 mfeavfk04; no ImagePath
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543624 2018-04-30] (McAfee LLC.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-04-30] (McAfee LLC.)
    R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
    R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
    R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
    R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66104 2017-12-19] (Synaptics Incorporated)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-07-08] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-08] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-08] (Microsoft Corporation)
    S3 mfeplk01; \Device\mfeplk01.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-08-13 14:23 - 2018-08-13 14:25 - 000022873 _____ C:\Users\bentu\Desktop\FRST.txt
    2018-08-13 14:23 - 2018-08-13 14:23 - 000000000 ____D C:\FRST
    2018-08-13 14:23 - 2018-08-13 14:23 - 000000000 _____ C:\WINDOWS\erdntdos.loc
    2018-08-13 14:22 - 2018-08-13 14:22 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-CMTMU7M-Windows-10-Home-(64-bit).dat
    2018-08-13 14:22 - 2018-08-13 14:22 - 000000000 ____D C:\RegBackup
    2018-08-13 14:21 - 2018-08-13 14:22 - 000018111 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2018-08-13 14:21 - 2018-08-13 14:21 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3126702148-3971270183-1363190335-1001
    2018-08-13 14:21 - 2018-08-13 14:21 - 000002314 _____ C:\Users\bentu\Desktop\Tweaking.com - Registry Backup.lnk
    2018-08-13 14:21 - 2018-08-13 14:21 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2018-08-13 14:21 - 2018-08-13 14:21 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2018-08-13 14:20 - 2018-08-13 14:20 - 005198336 _____ (AVAST Software) C:\Users\bentu\Desktop\aswMBR.exe
    2018-08-13 14:19 - 2018-08-13 14:19 - 005766144 _____ (Tweaking.com) C:\Users\bentu\Desktop\tweaking.com_registry_backup_setup.exe
    2018-08-13 14:19 - 2018-08-13 14:19 - 002412544 _____ (Farbar) C:\Users\bentu\Desktop\FRST64.exe
    2018-08-13 14:14 - 2018-08-13 14:14 - 000000000 ____D C:\Users\bentu\AppData\LocalLow\AMD
    2018-08-13 13:54 - 2018-08-13 13:54 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
    2018-08-13 13:54 - 2018-08-13 13:54 - 000002285 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
    2018-08-13 13:50 - 2018-08-13 13:50 - 000000918 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2018-08-13 13:50 - 2018-08-13 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2018-08-13 13:47 - 2018-08-13 13:47 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
    2018-08-13 13:43 - 2018-08-13 13:37 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
    2018-08-13 13:26 - 2018-08-13 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
    2018-08-13 13:25 - 2018-08-13 13:25 - 000000000 ____D C:\Program Files\ATI Technologies
    2018-08-13 13:24 - 2018-08-13 13:24 - 000000000 ____D C:\Users\bentu\AppData\Local\PDFCreator
    2018-08-13 13:22 - 2018-08-13 13:22 - 000000879 _____ C:\Users\Public\Desktop\PDFCreator.lnk
    2018-08-13 13:22 - 2018-08-13 13:22 - 000000000 ____D C:\Users\bentu\AppData\LocalLow\Sun
    2018-08-13 13:22 - 2018-08-13 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
    2018-08-13 13:21 - 2018-08-13 13:21 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
    2018-08-13 13:21 - 2018-08-13 13:21 - 000001180 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
    2018-08-13 13:16 - 2018-08-13 13:16 - 000001417 _____ C:\Users\bentu\Desktop\Microsoft Edge.lnk
    2018-08-13 13:16 - 2018-08-13 13:16 - 000000000 ___HD C:\Users\bentu\MicrosoftEdgeBackups
    2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\DropboxOEM
    2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\VirtualStore
    2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\DropboxOEM
    2018-08-06 20:44 - 2018-08-06 20:44 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\AMD
    2018-08-06 20:43 - 2018-08-06 20:47 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\Packages
    2018-08-06 20:43 - 2018-08-06 20:43 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\Intel
    2018-08-06 20:43 - 2018-08-06 20:43 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Local\ConnectedDevicesPlatform
    2018-08-06 20:42 - 2018-08-06 20:42 - 000000020 ___SH C:\Users\defaultuser1.DESKTOP-CMTMU7M\ntuser.ini
    2018-08-06 20:42 - 2018-08-06 20:42 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-CMTMU7M
    2018-08-06 20:42 - 2018-04-11 17:34 - 000001105 _____ C:\Users\defaultuser1.DESKTOP-CMTMU7M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-07-31 18:50 - 2018-07-31 18:50 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2018-07-31 18:50 - 2018-07-31 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2018-07-27 15:11 - 2018-07-27 15:11 - 000000080 ___SH C:\bootTel.dat
    2018-07-21 03:01 - 2018-07-21 03:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2018-07-21 03:01 - 2018-07-21 03:01 - 000000000 ____D C:\ProgramData\McAfee Security Scan

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erunt.exe
    2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erdntwin.loc
    2018-08-13 14:23 - 2015-12-05 04:24 - 000000000 _____ C:\WINDOWS\erdnt.e_e
    2018-08-13 14:21 - 2018-06-07 23:11 - 000002369 _____ C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-08-13 14:21 - 2017-06-07 17:15 - 000000000 ___HD C:\OneDriveTemp
    2018-08-13 14:21 - 2017-06-07 16:47 - 000000000 ___RD C:\Users\bentu\OneDrive
    2018-08-13 14:19 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-08-13 14:13 - 2018-06-21 17:33 - 000000000 ____D C:\ProgramData\Packages
    2018-08-13 14:13 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-08-13 14:12 - 2017-06-07 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2018-08-13 14:11 - 2018-01-05 22:39 - 000000000 ____D C:\Users\bentu\AppData\Local\Packages
    2018-08-13 14:06 - 2017-12-10 01:48 - 000000000 ____D C:\ProgramData\Avid
    2018-08-13 14:06 - 2017-12-10 01:48 - 000000000 ____D C:\Program Files\Avid
    2018-08-13 14:03 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-08-13 13:59 - 2017-12-10 01:59 - 000000000 ____D C:\Users\bentu\Documents\Scores
    2018-08-13 13:57 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files (x86)\Audacity
    2018-08-13 13:54 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Google
    2018-08-13 13:52 - 2018-06-07 23:39 - 000003142 _____ C:\WINDOWS\System32\Tasks\klcp_update
    2018-08-13 13:52 - 2017-06-07 23:32 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
    2018-08-13 13:52 - 2017-06-07 23:32 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
    2018-08-13 13:52 - 2017-06-07 23:29 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
    2018-08-13 13:51 - 2017-06-07 23:29 - 000001280 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
    2018-08-13 13:51 - 2017-06-07 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2018-08-13 13:49 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files\VideoLAN
    2018-08-13 13:47 - 2017-06-07 23:28 - 000001114 _____ C:\Users\Public\Desktop\WinRAR.lnk
    2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2018-08-13 13:47 - 2017-06-07 23:27 - 000000000 ____D C:\Program Files\WinRAR
    2018-08-13 13:46 - 2017-06-07 23:28 - 000001073 _____ C:\Users\Public\Desktop\IrfanView.lnk
    2018-08-13 13:46 - 2017-06-07 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
    2018-08-13 13:46 - 2017-06-07 23:28 - 000000000 ____D C:\Program Files (x86)\IrfanView
    2018-08-13 13:37 - 2017-06-07 23:26 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2018-08-13 13:37 - 2017-06-07 23:26 - 000000000 ____D C:\Program Files\Java
    2018-08-13 13:29 - 2017-06-11 22:37 - 000000000 ____D C:\Users\bentu\AppData\Roaming\Skype
    2018-08-13 13:24 - 2017-06-07 23:32 - 000000000 ____D C:\Program Files\PDFCreator
    2018-08-13 13:23 - 2017-06-07 23:33 - 000117248 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
    2018-08-13 13:20 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
    2018-08-13 13:20 - 2017-11-03 21:52 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
    2018-08-13 13:18 - 2017-11-03 21:53 - 000000000 ____D C:\Users\bentu\AppData\Roaming\McAfee Safe Connect
    2018-08-13 13:17 - 2018-01-05 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2018-08-13 13:16 - 2018-06-07 23:11 - 000000000 ____D C:\Users\bentu
    2018-08-13 13:12 - 2018-02-08 01:13 - 000000000 ___RD C:\Users\bentu\3D Objects
    2018-08-13 13:12 - 2018-01-07 02:03 - 000000000 ____D C:\ProgramData\AMD
    2018-08-13 13:12 - 2017-05-29 06:10 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-08-13 13:10 - 2018-06-07 23:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-08-13 13:10 - 2018-06-07 23:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-08-11 17:06 - 2017-06-07 23:48 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\LocalLow\Mozilla
    2018-08-11 17:05 - 2017-06-08 00:11 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\MuseScore
    2018-08-11 16:48 - 2017-06-07 23:56 - 000000000 ___RD C:\Users\bentu.DESKTOP-CMTMU7M\OneDrive
    2018-08-11 16:44 - 2018-04-11 15:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
    2018-08-11 16:44 - 2017-05-29 05:48 - 000065536 _____ C:\WINDOWS\psp_storage.bin
    2018-08-11 16:43 - 2017-06-11 22:35 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\Everything
    2018-08-11 03:41 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-08-11 00:34 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-08-11 00:34 - 2017-06-07 23:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-08-10 15:41 - 2017-06-07 23:21 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-08-10 15:34 - 2017-05-29 06:06 - 000000000 ____D C:\Program Files (x86)\McAfee
    2018-08-10 15:33 - 2018-06-07 23:11 - 000000000 ____D C:\Users\bentu.DESKTOP-CMTMU7M
    2018-08-10 14:14 - 2018-06-07 23:39 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3126702148-3971270183-1363190335-1005
    2018-08-10 14:12 - 2018-06-07 23:11 - 000002417 _____ C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-08-10 01:17 - 2017-06-07 23:22 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-08-10 01:17 - 2017-06-07 23:22 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-08-08 14:05 - 2017-05-29 06:06 - 000000000 ____D C:\Program Files\Common Files\mcafee
    2018-08-06 19:45 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-08-05 01:14 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-08-02 19:18 - 2018-06-07 23:39 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
    2018-07-31 18:50 - 2017-05-29 06:22 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2018-07-31 18:50 - 2017-05-29 06:22 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2018-07-31 18:50 - 2017-05-29 06:22 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2018-07-31 18:48 - 2017-05-29 06:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-07-21 03:01 - 2018-03-30 23:58 - 000002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2018-07-21 03:01 - 2017-11-03 22:18 - 000000000 ____D C:\Program Files\McAfee Security Scan

    ==================== Files in the root of some directories =======

    2017-12-10 02:07 - 2017-12-10 02:07 - 000000604 _____ () C:\Program Files (x86)\QSt1
    2017-12-10 01:46 - 2017-12-10 01:48 - 001456536 _____ () C:\Users\bentu\AppData\Roaming\AvidApplicationManager_Install.log

    Some files in TEMP:
    ====================
    2018-08-13 13:20 - 2018-08-13 13:20 - 000290304 _____ (Microsoft Corporation) C:\Users\bentu\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
    2018-08-13 13:22 - 2018-08-13 13:22 - 000152576 _____ () C:\Users\bentu\AppData\Local\Temp\ext6332090241354469138.dll
    2018-08-13 13:32 - 2018-08-13 13:32 - 001906040 _____ (Oracle Corporation) C:\Users\bentu\AppData\Local\Temp\jre-8u181-windows-au.exe
    2018-08-11 00:39 - 2018-08-11 00:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1200377776596583780.dll
    2018-07-12 00:40 - 2018-07-12 00:40 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1582734924496815086.dll
    2018-08-02 22:38 - 2018-08-02 22:38 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1667639434396831625.dll
    2018-08-07 03:20 - 2018-08-07 03:20 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1678428571542818517.dll
    2018-07-13 16:45 - 2018-07-13 16:45 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1766651094965134530.dll
    2018-07-22 22:11 - 2018-07-22 22:11 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1795083251683454653.dll
    2018-08-11 16:49 - 2018-08-11 16:49 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2380574594638886471.dll
    2018-07-13 14:52 - 2018-07-13 14:52 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2740162228422230216.dll
    2018-08-03 16:44 - 2018-08-03 16:44 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext3448410766088429106.dll
    2018-07-27 15:17 - 2018-07-27 15:17 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5042693861776630395.dll
    2018-07-21 02:59 - 2018-07-21 02:59 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5225656312186083399.dll
    2018-07-28 19:08 - 2018-07-28 19:08 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5237310288792390540.dll
    2018-08-10 15:39 - 2018-08-10 15:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5307622848095017232.dll
    2018-07-25 10:15 - 2018-07-25 10:15 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5958978940808632055.dll
    2018-08-05 20:03 - 2018-08-05 20:03 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext6366294823380981193.dll
    2018-07-19 19:29 - 2018-07-19 19:29 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7242339546304965834.dll
    2018-08-08 13:58 - 2018-08-08 13:58 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext742730689880490877.dll
    2018-08-01 17:30 - 2018-08-01 17:30 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7836162853681593769.dll
    2018-08-06 20:56 - 2018-08-06 20:57 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext8898844936738300830.dll
    2018-08-04 18:56 - 2018-08-04 18:56 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext969040020052368496.dll

    Some zero byte size files/folders:
    ==========================
    C:\Windows\erunt.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-07 23:03

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
    Ran by Ben (13-08-2018 14:26:42)
    Running from C:\Users\bentu\Desktop
    Windows 10 Home Version 1803 17134.165 (X64) (2018-06-08 05:40:39)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3126702148-3971270183-1363190335-500 - Administrator - Disabled)
    Ben (S-1-5-21-3126702148-3971270183-1363190335-1001 - Administrator - Enabled) => C:\Users\bentu
    bentu (S-1-5-21-3126702148-3971270183-1363190335-1005 - Limited - Enabled) => C:\Users\bentu.DESKTOP-CMTMU7M
    DefaultAccount (S-1-5-21-3126702148-3971270183-1363190335-503 - Limited - Disabled)
    Guest (S-1-5-21-3126702148-3971270183-1363190335-501 - Limited - Disabled)
    hopet (S-1-5-21-3126702148-3971270183-1363190335-1003 - Limited - Enabled) => C:\Users\hopet
    mjutu (S-1-5-21-3126702148-3971270183-1363190335-1002 - Limited - Enabled)
    tufte (S-1-5-21-3126702148-3971270183-1363190335-1004 - Limited - Enabled)
    WDAGUtilityAccount (S-1-5-21-3126702148-3971270183-1363190335-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
    Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
    AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
    Catalyst Control Center Next Localization BR (HKLM\...\{628CF93E-16BF-11EF-919B-59C31EF717B3}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization BR (HKLM\...\{658D9D92-2733-E8FA-B31E-C264902DDFBD}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (HKLM\...\{743885D6-1B53-7B56-437D-56B32DAAF522}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (HKLM\...\{19F1603B-1CC7-9057-27D6-7376D2EC0165}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (HKLM\...\{51D588C1-A0C9-1C56-DF03-7BECEB829770}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (HKLM\...\{A652F661-BB60-2C31-229E-B24857F95E11}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (HKLM\...\{D1000796-511E-0A49-39B4-D125C8258CA6}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (HKLM\...\{E599475E-3898-9504-C3A6-86CB7AF3B37E}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (HKLM\...\{DBB0B902-73E6-3521-15C2-6998C63A6129}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (HKLM\...\{EB0B7E10-2B2E-C2B0-B3EF-B97811D365FC}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (HKLM\...\{99B2E1B4-5D98-8B59-DD39-4E4992821703}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (HKLM\...\{11F850B6-2E7A-09A5-5866-F7105729B74D}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (HKLM\...\{A67403D6-8FA6-BEB2-E55B-91635BFF70B3}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (HKLM\...\{D876E0E3-97E4-2462-A13A-C193EEC82F6C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (HKLM\...\{DD0C2473-8594-5D35-8048-5FAF76196D9E}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (HKLM\...\{EB9486CA-01B6-5FE0-3CCE-069DBE0C32DA}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (HKLM\...\{FFED5E09-AA96-7352-22FB-944FC47BBCB5}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (HKLM\...\{416D7723-3B10-D406-0A84-8DF69ED131ED}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (HKLM\...\{C9D56DB9-8F88-8C76-00DE-46AE7177E338}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (HKLM\...\{06301DF5-2B9A-0C81-6352-772B58ACCEE0}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (HKLM\...\{75959794-FADB-743F-70C9-1BFAB0B37E24}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (HKLM\...\{B7CC66D4-D5B7-C345-BF1D-1695ABF7C23A}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (HKLM\...\{CF0E2A7F-DEB3-95C9-A56C-8585B1C2D27C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (HKLM\...\{16B1FA91-4603-4E4D-2BE8-9E9752CBC064}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (HKLM\...\{3261D423-2791-D2C6-68FF-B248B1412F12}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (HKLM\...\{884B39AE-C737-8EE2-AB54-64E593B42C4C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (HKLM\...\{EABFE52D-1399-E1AA-B17E-87487ABA1142}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (HKLM\...\{A23F282A-9E16-7CAE-8064-67ECCD06B65B}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (HKLM\...\{C7A04DCF-0305-1955-6663-8905CF530A11}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (HKLM\...\{B1D749B2-AA49-620C-C03A-DDF67E407A1C}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (HKLM\...\{D7438F64-B441-1F37-FB0A-C9EAF4ECFDAB}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (HKLM\...\{4D447284-F649-D2BC-5FD7-E8853CA26E24}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (HKLM\...\{C1776FAC-8CC8-3EE2-47A5-38671A83661B}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (HKLM\...\{967CEFF4-8D1A-C70C-FACE-C81F07DF0553}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (HKLM\...\{7D7982D5-9BA1-47EF-DE19-896D78027265}) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
    Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
    Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.4.0.0 - Dell Inc.) Hidden
    Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
    Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
    Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\InstallShield_{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell)
    Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
    Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
    Dell SupportAssistAgent (HKLM-x32\...\{CD2DF2B3-01E7-47FF-AF9C-725FC5FF6409}) (Version: 1.3.2.3 - Dell)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
    Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
    Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
    Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
    Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
    DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.3.6855.72 - PC-Doctor, Inc.) Hidden
    Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
    Finale (HKLM\...\{167CCA89-3470-4987-B722-66B792188A9C}) (Version: 25.5.0.290 - MakeMusic)
    Google Chrome (HKLM\...\{98305915-759E-39B2-A385-5818CDBB9F5B}) (Version: 68.0.3440.106 - Google, Inc.)
    Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
    IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
    Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
    KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl)
    K-Lite Codec Pack 14.3.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.6 - KLCP)
    LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
    McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R12 - McAfee, Inc.)
    McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.766.1 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
    Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
    Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
    MuseScore 2 (HKLM-x32\...\{6088F9C1-491A-431F-94D1-81FA26AF7620}) (Version: 2.3.1 - Werner Schweer and Others)
    MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
    NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
    OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.2 - pdfforge GmbH)
    proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
    Product Registration (HKLM\...\{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.) Hidden
    QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.38 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
    Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
    WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
    ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-06] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05799A63-8654-4458-A239-5C8D130074F6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
    Task: {0D0EBE4D-82F6-412C-9A50-A2F9BB387982} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
    Task: {11650227-5090-4E97-B4B1-F4496EE87729} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-31] (Microsoft Corporation)
    Task: {1819D3B2-71E3-4C3B-9C08-F8F2EC0A018F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
    Task: {1D68CC9E-9A61-4DD0-A77D-F28278F87FBF} - System32\Tasks\klcp_update => CodecTweakTool.exe
    Task: {1FDC0462-02E0-4AA4-B972-6E673511BF2B} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
    Task: {28142768-BDAC-46BC-9524-1143E581E4EC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-07] (Dropbox, Inc.)
    Task: {2A68D709-88ED-4ECB-A247-3FF113F81309} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-07] (Dropbox, Inc.)
    Task: {34E93AA7-4ED2-4F53-9E7E-D6C0976A075E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
    Task: {3B3239D4-1372-4C8A-BD3D-E7AA8FF5AE55} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-02-17] (PC-Doctor, Inc.)
    Task: {3D98DB75-02C8-4371-B926-283542E84A71} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
    Task: {4B845D5C-085F-4C49-A6D3-0E6A435BF4EB} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {4F9D3C58-AD88-484D-9A64-8B55DCB2A301} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-17] (Realtek Semiconductor)
    Task: {53032758-2A3C-4FD3-9E3E-13CFDBA1F47F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
    Task: {62E2FF18-A89D-4FC9-83D9-871176FB0BAA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6DE66706-FEA7-45A0-8D54-9D9D891279C9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
    Task: {6EA6A71D-12E9-4383-A194-B1D062F3408E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
    Task: {96ECA797-9D2F-4BC8-A15E-2AA1802EFB6B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
    Task: {983C0F21-4783-406A-8A04-439ED917C177} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {A6B176E8-9E23-4B89-9D2C-ABA96565BEFD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-22] (McAfee, Inc.)
    Task: {A931D0EC-AA2A-4AF1-814C-792A7E8DF681} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {B2FE0F3A-51BA-433A-A407-E6A86CD27971} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
    Task: {BA92AFC5-202B-471D-A58D-C01E6E563066} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
    Task: {CCA7AA6C-077A-4276-8F80-418610D6D379} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-10-24] (Dell Inc.)
    Task: {CF4D064C-53D2-44C6-BBDA-AC6419E38FD9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-06-08] (McAfee, Inc.)
    Task: {e2beb945-b098-405d-96dd-5401c0e97b01} - no filepath
    Task: {F184978F-32AB-450A-B945-2D3DE39321FE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-02-17] (PC-Doctor, Inc.)
    Task: {F54720BC-DAAC-4896-A932-C32CEB93A20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP CMTMU7M

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-04-06 05:05 - 2018-04-06 05:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
    2018-07-10 21:30 - 2018-07-06 00:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-07-26 17:41 - 2018-07-26 17:41 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-07-26 17:41 - 2018-07-26 17:41 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2017-10-03 17:38 - 2017-10-03 17:40 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2018-07-15 01:46 - 2018-07-15 01:48 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2018-07-15 01:46 - 2018-07-15 01:48 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-05-03 20:30 - 2018-05-03 20:33 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
    2018-07-15 01:46 - 2018-07-15 01:48 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-04-05 15:35 - 2018-04-05 16:01 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2018-07-26 17:41 - 2018-07-26 17:41 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-07-15 01:46 - 2018-07-15 01:48 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2018-07-26 17:41 - 2018-07-26 17:41 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-05-29 20:51 - 2018-05-29 20:54 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-07-15 01:46 - 2018-07-15 01:48 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2018-07-26 17:41 - 2018-07-26 17:41 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-06-07 23:27 - 2014-08-05 19:04 - 001441792 _____ () C:\Program Files\Everything\Everything.exe
    2016-12-06 20:43 - 2016-12-06 20:43 - 000155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
    2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
    2016-09-13 01:51 - 2016-09-13 01:51 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
    2016-09-13 01:51 - 2016-09-13 01:51 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
    2016-09-13 01:50 - 2016-09-13 01:50 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
    2016-09-13 01:50 - 2016-09-13 01:50 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2018-08-10 01:15 - 2018-08-07 18:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
    2018-08-10 01:15 - 2018-08-07 18:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
    2017-05-29 05:58 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
    2014-12-08 16:28 - 2014-12-08 16:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
    2016-09-09 09:32 - 2016-09-09 09:32 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
    2016-05-02 15:46 - 2016-05-02 15:46 - 000134008 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
    2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
    2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-03-18 15:03 - 2018-07-21 03:01 - 000000865 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3126702148-3971270183-1363190335-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
    DNS Servers: 74.211.15.210 - 74.211.15.211
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{4CDEFEFF-F23F-4C1C-8A15-026D556F0907}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE
    FirewallRules: [{9221CB9C-6085-4AE5-9021-A8AB8326CDC9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
    FirewallRules: [{0EDA389B-E8F1-4478-ADED-70DFF8081EF3}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{787B9959-F87C-48B2-AA8E-404813270051}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{27E9D83D-449B-45AF-B92C-4EBAE8E086DC}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{8B2B8C4D-4EA5-459E-8FFD-F7D59BB5D00F}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{C74C3FF1-DAAB-4724-A636-FD370A7C60EA}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{930E654D-D3CB-484D-B593-57E941C9DAC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{8B01EC76-1CA3-488D-BE9F-F1A1510A2792}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{416CADEF-2CCC-457B-90F5-F160E37B2303}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{1A15BA2F-C5B4-4B0F-9D2A-2C329896B558}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
    FirewallRules: [{B60E35FE-3AF3-41F4-B9E0-582F0D9370AC}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
    FirewallRules: [{937FE4B4-9E0C-4746-A339-937C6983F419}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
    FirewallRules: [{F0F525CB-C33E-4D5E-9CDB-0C9BF789A1C3}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
    FirewallRules: [{4DFC50C3-E929-4A3C-992F-078B4383684D}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
    FirewallRules: [{51F93DB6-0DE6-4D1C-9510-78F97BAC97FD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{F1E30803-FA67-4C5F-BFB1-42A3FB7FD502}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    13-08-2018 13:57:29 Removed Sibelius.

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/13/2018 02:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.137, time stamp: 0xecd85e98
    Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0xf4df6dc2
    Exception code: 0xc0000374
    Fault offset: 0x00000000000f4d1b
    Faulting process id: 0x2904
    Faulting application start time: 0x01d43342a9808103
    Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 0efa8ae8-a47b-403e-8106-d1e0f193ba95
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/13/2018 01:48:28 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.

    Error: (08/13/2018 01:47:16 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.

    Error: (08/13/2018 01:46:03 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.

    Error: (08/13/2018 01:44:24 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.

    Error: (08/13/2018 01:41:58 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.

    Error: (08/13/2018 01:40:22 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.

    Error: (08/13/2018 01:34:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_fb429645306569ac.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.165_none_42efcd1c44e192b2.manifest.


    System errors:
    =============
    Error: (08/13/2018 02:14:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CMTMU7M)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-CMTMU7M\Ben SID (S-1-5-21-3126702148-3971270183-1363190335-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/13/2018 01:21:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/13/2018 01:20:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/13/2018 01:19:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/13/2018 01:16:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/13/2018 01:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Dell Help & Support service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (08/13/2018 01:13:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Help & Support service to connect.

    Error: (08/13/2018 01:11:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================

    Date: 2018-08-13 13:10:47.050
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-08-11 16:45:28.268
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-08-11 00:34:52.589
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-08-10 15:34:34.001
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-08-08 13:51:39.907
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-08-07 03:15:24.269
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-08-06 20:50:32.813
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-08-05 19:58:39.874
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: AMD A6-9200 RADEON R4, 5 COMPUTE CORES 2C+3G
    Percentage of memory in use: 66%
    Total physical RAM: 3964.91 MB
    Available physical RAM: 1345.81 MB
    Total Virtual: 9852.91 MB
    Available Virtual: 6815.22 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:450.81 GB) (Free:395.08 GB) NTFS

    \\?\Volume{407e078c-a4e7-4ef1-8e03-9fcf7d186252}\ () (Fixed) (Total:0.78 GB) (Free:0.34 GB) NTFS
    \\?\Volume{c5df1d11-387f-4f70-9426-ee82a58daa60}\ (Image) (Fixed) (Total:12.44 GB) (Free:0.18 GB) NTFS
    \\?\Volume{925fbbd5-6df4-47ab-a117-421d5cdfeb80}\ (DELLSUPPORT) (Fixed) (Total:1.12 GB) (Free:0.53 GB) NTFS
    \\?\Volume{24758548-076e-4e05-bbed-af86845e21b3}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 66133000)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,777

    Default

    Not much found

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    2018-08-13 13:20 - 2018-08-13 13:20 - 000290304 _____ (Microsoft Corporation) C:\Users\bentu\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
    2018-08-13 13:22 - 2018-08-13 13:22 - 000152576 _____ () C:\Users\bentu\AppData\Local\Temp\ext6332090241354469138.dll
    2018-08-13 13:32 - 2018-08-13 13:32 - 001906040 _____ (Oracle Corporation) C:\Users\bentu\AppData\Local\Temp\jre-8u181-windows-au.exe
    2018-08-11 00:39 - 2018-08-11 00:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1200377776596583780.dll
    2018-07-12 00:40 - 2018-07-12 00:40 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1582734924496815086.dll
    2018-08-02 22:38 - 2018-08-02 22:38 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1667639434396831625.dll
    2018-08-07 03:20 - 2018-08-07 03:20 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1678428571542818517.dll
    2018-07-13 16:45 - 2018-07-13 16:45 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1766651094965134530.dll
    2018-07-22 22:11 - 2018-07-22 22:11 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1795083251683454653.dll
    2018-08-11 16:49 - 2018-08-11 16:49 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2380574594638886471.dll
    2018-07-13 14:52 - 2018-07-13 14:52 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2740162228422230216.dll
    2018-08-03 16:44 - 2018-08-03 16:44 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext3448410766088429106.dll
    2018-07-27 15:17 - 2018-07-27 15:17 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5042693861776630395.dll
    2018-07-21 02:59 - 2018-07-21 02:59 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5225656312186083399.dll
    2018-07-28 19:08 - 2018-07-28 19:08 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5237310288792390540.dll
    2018-08-10 15:39 - 2018-08-10 15:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5307622848095017232.dll
    2018-07-25 10:15 - 2018-07-25 10:15 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5958978940808632055.dll
    2018-08-05 20:03 - 2018-08-05 20:03 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext6366294823380981193.dll
    2018-07-19 19:29 - 2018-07-19 19:29 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7242339546304965834.dll
    2018-08-08 13:58 - 2018-08-08 13:58 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext742730689880490877.dll
    2018-08-01 17:30 - 2018-08-01 17:30 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7836162853681593769.dll
    2018-08-06 20:56 - 2018-08-06 20:57 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext8898844936738300830.dll
    2018-08-04 18:56 - 2018-08-04 18:56 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext969040020052368496.dll
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

    ~~~~~~~~~~~~~~~

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    created by Aura

    Please post these 3 logs when finished
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Aug 2018
    Posts
    26

    Default Two of Three Logs Pasted

    I ran RogueKiller successfully. It came up with a 7 PUMs and PUPs. However, it seems to overwrite its own logs, and I did. I can rerun it if needed.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
    Ran by Ben (14-08-2018 14:34:39) Run:1
    Running from C:\Users\bentu\Desktop
    Loaded Profiles: Ben & bentu (Available Profiles: Ben & hopet & bentu)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    2018-08-13 13:20 - 2018-08-13 13:20 - 000290304 _____ (Microsoft Corporation) C:\Users\bentu\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
    2018-08-13 13:22 - 2018-08-13 13:22 - 000152576 _____ () C:\Users\bentu\AppData\Local\Temp\ext6332090241354469138.dll
    2018-08-13 13:32 - 2018-08-13 13:32 - 001906040 _____ (Oracle Corporation) C:\Users\bentu\AppData\Local\Temp\jre-8u181-windows-au.exe
    2018-08-11 00:39 - 2018-08-11 00:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1200377776596583780.dll
    2018-07-12 00:40 - 2018-07-12 00:40 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1582734924496815086.dll
    2018-08-02 22:38 - 2018-08-02 22:38 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1667639434396831625.dll
    2018-08-07 03:20 - 2018-08-07 03:20 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1678428571542818517.dll
    2018-07-13 16:45 - 2018-07-13 16:45 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1766651094965134530.dll
    2018-07-22 22:11 - 2018-07-22 22:11 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1795083251683454653.dll
    2018-08-11 16:49 - 2018-08-11 16:49 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2380574594638886471.dll
    2018-07-13 14:52 - 2018-07-13 14:52 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2740162228422230216.dll
    2018-08-03 16:44 - 2018-08-03 16:44 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext3448410766088429106.dll
    2018-07-27 15:17 - 2018-07-27 15:17 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5042693861776630395.dll
    2018-07-21 02:59 - 2018-07-21 02:59 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5225656312186083399.dll
    2018-07-28 19:08 - 2018-07-28 19:08 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5237310288792390540.dll
    2018-08-10 15:39 - 2018-08-10 15:39 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5307622848095017232.dll
    2018-07-25 10:15 - 2018-07-25 10:15 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5958978940808632055.dll
    2018-08-05 20:03 - 2018-08-05 20:03 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext6366294823380981193.dll
    2018-07-19 19:29 - 2018-07-19 19:29 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7242339546304965834.dll
    2018-08-08 13:58 - 2018-08-08 13:58 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext742730689880490877.dll
    2018-08-01 17:30 - 2018-08-01 17:30 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7836162853681593769.dll
    2018-08-06 20:56 - 2018-08-06 20:57 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext8898844936738300830.dll
    2018-08-04 18:56 - 2018-08-04 18:56 - 000152576 _____ () C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext969040020052368496.dll
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\Users\bentu\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe => moved successfully
    C:\Users\bentu\AppData\Local\Temp\ext6332090241354469138.dll => moved successfully
    C:\Users\bentu\AppData\Local\Temp\jre-8u181-windows-au.exe => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1200377776596583780.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1582734924496815086.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1667639434396831625.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1678428571542818517.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1766651094965134530.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext1795083251683454653.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2380574594638886471.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext2740162228422230216.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext3448410766088429106.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5042693861776630395.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5225656312186083399.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5237310288792390540.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5307622848095017232.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext5958978940808632055.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext6366294823380981193.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7242339546304965834.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext742730689880490877.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext7836162853681593769.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext8898844936738300830.dll => moved successfully
    C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Local\Temp\ext969040020052368496.dll => moved successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 8413184 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18088341 B
    Java, Flash, Steam htmlcache => 1138 B
    Windows/system/drivers => 22072375 B
    Edge => 6722606 B
    Chrome => 27591371 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 2822294 B
    systemprofile32 => 0 B
    LocalService => 2431501 B
    LocalService => 0 B
    NetworkService => 25302 B
    NetworkService => 0 B
    bentu => 488465542 B
    hopet => 10955 B
    bentu.DESKTOP-CMTMU7M => 84432771 B
    defaultuser1.DESKTOP-CMTMU7M => 6656 B

    RecycleBin => 17306664 B
    EmptyTemp: => 647 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 14:37:57 ====

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.2.0
    # -------------------------------
    # Build: 07-17-2018
    # Database: 2018-08-10.2
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 08-14-2018
    # Duration: 00:00:11
    # OS: Windows 10 Home
    # Cleaned: 0
    # Failed: 2


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Not Deleted Ask
    Not Deleted AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1281 octets] - [14/08/2018 15:19:11]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,777

    Default

    For Rogue Killer we can try this
    The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_DEL_mmddyyyy_hhmmss.log
    >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_DEL_mmddyyyy_hhmmss.log

    ~~


    Let's check for remnants

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here
    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    • After the installation IS complete let it update if it asks.
    • Under SETTINGS.....APPLICATIONS leave everything at default
    • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
    • Then go to the Dashboard and click on SCAN NOW
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
      Upon completion of the scan (or after the reboot), click the Reports tab.
      Double-click the Scan Log.
      At the bottom click Export and choose Text file.

      Save the file to your desktop and include its content in your next reply.

      You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
    • Then click on POST
    • Exit Malwarebytes

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Emsisoft Emergency Kit
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Please post these 2 logs when finished.

    Also, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Aug 2018
    Posts
    26

    Default 2 of 2 Logs Pasted

    I found the RogueKiller folder you referenced. Logs kept there are in JSON format and over 90K. I did not paste them (but I can if you want me to). I tried to attach them, but Spybot returned an error that they are invalid (perhaps JSON is a prohibited filetype?).

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 8/16/18
    Scan Time: 2:58 PM
    Log File: 2ff1d2b6-a197-11e8-b3b8-107d1a12032d.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.365
    Update Package Version: 1.0.6377
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.165)
    CPU: x64
    File System: NTFS
    User: DESKTOP-CMTMU7M\Ben

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 363439
    Threats Detected: 5
    Threats Quarantined: 5
    Time Elapsed: 22 min, 8 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 2
    PUP.Optional.AdvertisingExt, C:\USERS\BENTU.DESKTOP-CMTMU7M\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y8Y6U9QN.DEFAULT\BROWSER-EXTENSION-DATA\{FD03573A-9361-4F90-9C60-BE6013EBFB8E}, Quarantined, [1695], [531431],1.0.6377
    PUP.Optional.SearchEncrypt, C:\USERS\BENTU.DESKTOP-CMTMU7M\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y8Y6U9QN.DEFAULT\BROWSER-EXTENSION-DATA\@SEARCHENCRYPT, Quarantined, [1680], [544569],1.0.6377

    File: 3
    PUP.Optional.AdvertisingExt, C:\USERS\BENTU.DESKTOP-CMTMU7M\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y8Y6U9QN.DEFAULT\EXTENSIONS\{FD03573A-9361-4F90-9C60-BE6013EBFB8E}.XPI, Quarantined, [1695], [531434],1.0.6377
    PUP.Optional.AdvertisingExt, C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\Mozilla\Firefox\Profiles\y8y6u9qn.default\browser-extension-data\{fd03573a-9361-4f90-9c60-be6013ebfb8e}\storage.js, Quarantined, [1695], [531431],1.0.6377
    PUP.Optional.SearchEncrypt, C:\Users\bentu.DESKTOP-CMTMU7M\AppData\Roaming\Mozilla\Firefox\Profiles\y8y6u9qn.default\browser-extension-data\@searchencrypt\storage.js, Quarantined, [1680], [544569],1.0.6377

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

    Emsisoft Emergency Kit - Version 2018.6
    Last update: 8/16/2018 3:54:15 PM
    User account: DESKTOP-CMTMU7M\Ben
    Computer name: DESKTOP-CMTMU7M
    OS version: Windows 10x64

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    Scan mail archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 8/16/2018 3:54:55 PM

    Scanned 77101
    Found 0

    Scan end: 8/16/2018 4:02:07 PM
    Scan time: 0:07:12

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,777

    Default

    I did not paste them (but I can if you want me to). I tried to attach them, but Spybot returned an error that they are invalid (perhaps JSON is a prohibited filetype?).
    It might not be needed now, if you allowed it to quarantine what it found.

    How is the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,777

    Default

    Still need help?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Aug 2018
    Posts
    26

    Default I'm Back

    That laptop seems fine now.

    My son has gone back to school. Should I have him run that DelFix clean up tool you had me do on our first PC?

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,777

    Default

    Quote Originally Posted by BooBounder View Post
    That laptop seems fine now.

    My son has gone back to school. Should I have him run that DelFix clean up tool you had me do on our first PC?
    Yes, that would be the next step.

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ***********
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Aug 2018
    Posts
    26

    Default DelFix Done

    He says that's done.

    Do you need me to have him forward a log, or are we good to go.

    (I will be starting a thread on a third PC shortly).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •