Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018 Ran by William (25-04-2018 16:26:52) Run:1 Running from C:\Users\Helen\Desktop Loaded Profiles: William (Available Profiles: William & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\MountPoints2: {28526191-8f46-11e4-824f-806e6f6e6963} - "D:\SETUP.EXE" HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\MountPoints2: {baa56436-3ccb-11e6-be98-240a646e54e5} - "E:\VZW_Software_upgrade_assistant.exe" SearchScopes: HKU\S-1-5-21-1890713058-2806932541-3226652281-1002 -> {5b59a0b6-949f-44b7-93b6-7ae39796c8ca} URL = hxxp://isearch.shopathome.com?user_id={afe413e5-9a57-4e7f-823e-e522902902cd}&q={searchTerms} SearchScopes: HKU\S-1-5-21-1890713058-2806932541-3226652281-1002 -> {E705114E-6C48-4AF1-BD3D-2C742F7F1EF3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US91044D20151212&p={searchTerms} S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X] S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" EmptyTemp: ***************** ========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RTHDVCPL REG_SZ "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s RtHDVBg REG_SZ "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 ETDCtrl REG_EXPAND_SZ %ProgramFiles%\Elantech\ETDCtrl.exe UMonit64 REG_SZ C:\Windows\SysWOW64\UMonit64.exe NvBackend REG_SZ "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" WindowsDefender REG_EXPAND_SZ "%ProgramFiles%\Windows Defender\MSASCuiL.exe" ========= End of Reg: ========= "HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28526191-8f46-11e4-824f-806e6f6e6963}" => removed successfully HKLM\Software\Classes\CLSID\{28526191-8f46-11e4-824f-806e6f6e6963} => not found "HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baa56436-3ccb-11e6-be98-240a646e54e5}" => removed successfully HKLM\Software\Classes\CLSID\{baa56436-3ccb-11e6-be98-240a646e54e5} => not found "HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b59a0b6-949f-44b7-93b6-7ae39796c8ca}" => removed successfully HKLM\Software\Classes\CLSID\{5b59a0b6-949f-44b7-93b6-7ae39796c8ca} => not found "HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E705114E-6C48-4AF1-BD3D-2C742F7F1EF3}" => removed successfully HKLM\Software\Classes\CLSID\{E705114E-6C48-4AF1-BD3D-2C742F7F1EF3} => not found "HKLM\System\CurrentControlSet\Services\xhunter1" => removed successfully xhunter1 => service removed successfully "HKLM\System\CurrentControlSet\Services\mfeelamk" => removed successfully mfeelamk => service removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => removed successfully HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => removed successfully HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => removed successfully HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" ========= Failed to clear log Microsoft-Windows-DxpTaskRingtone/Analytic. The system cannot find the file specified. Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 122641314 B Java, Flash, Steam htmlcache => 382800617 B Windows/system/drivers => 167720602 B Edge => 0 B Chrome => 1010126237 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 3162 B systemprofile32 => 128 B LocalService => 146790 B NetworkService => 2000466 B Helen => 1160449300 B Administrator => 20861 B RecycleBin => 0 B EmptyTemp: => 2.7 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 16:32:32 ====