[Sugartooth]

Hello,

 

Yesterday and today, the attached image popped up on my laptop as I was online. It included an automated female voice reading the warning. I was able to close the window with Ctrl, Alt, Delete. After which, I did a full scan with Avira and it did not detect anything. I would like your help in removing the malware.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Anna (administrator) on DESKTOP-1T88022 (14-07-2018 13:13:14)
Running from C:\Users\Anna\Desktop
Loaded Profiles: Anna &  (Available Profiles: Anna)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5753112 2015-05-05] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [714160 2015-09-21] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3754168 2018-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-02-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118058\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118302\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2018-03-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Run: [Amazon Music] => C:\Users\Anna\AppData\Local\Amazon Music\Amazon Music.exe [19504616 2018-03-22] (Amazon Services LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Run: [Amazon Music Helper] => C:\Users\Anna\AppData\Local\Amazon Music\Amazon Music Helper.exe [3057128 2018-03-22] (Amazon Services LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Policies\system: [DisableLockWorkstation] 1
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2018-03-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Run: [Amazon Music] => C:\Users\Anna\AppData\Local\Amazon Music\Amazon Music.exe [19504616 2018-03-22] (Amazon Services LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Run: [Amazon Music Helper] => C:\Users\Anna\AppData\Local\Amazon Music\Amazon Music Helper.exe [3057128 2018-03-22] (Amazon Services LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Policies\system: [DisableLockWorkstation] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{012ec000-68b3-41a2-887f-039768862372}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e1d40a55-879e-4bf4-ba9a-557fffeb6eaf}: [DhcpNameServer] 10.1.0.30

Internet Explorer:
==================
HKU\S-1-5-21-5170115-1249461234-645129025-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-5170115-1249461234-645129025-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-5170115-1249461234-645129025-1002 -> DefaultScope {669EAF6B-ED5D-427A-A85D-5FC8A417BEA8} URL =
SearchScopes: HKU\S-1-5-21-5170115-1249461234-645129025-1002 -> {669EAF6B-ED5D-427A-A85D-5FC8A417BEA8} URL =
SearchScopes: HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430 -> DefaultScope {669EAF6B-ED5D-427A-A85D-5FC8A417BEA8} URL =
SearchScopes: HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430 -> {669EAF6B-ED5D-427A-A85D-5FC8A417BEA8} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-26] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: oj1c79fr.default-1522376397810
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\oj1c79fr.default-1522376397810 [2018-07-14]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2018-07-06] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-06] () [File not signed]
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [880040 2018-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [225384 2018-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [225384 2018-07-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1164808 2018-07-12] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [346528 2018-05-17] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [103328 2018-06-15] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-30] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-26] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51392 2018-07-12] (Dropbox, Inc.)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-07] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2018-03-09] (Sandboxie Holdings, LLC)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [43480 2018-05-11] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [566192 2015-08-19] (Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-13] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [18968 2015-05-12] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [84224 2015-08-22] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4325808 2016-07-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-07-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-07-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.)
S3 Delldiag; C:\__de11csattestfolder2016__\DDDriver.sys [30360 2017-02-24] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-13] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [412400 2015-09-11] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228208 2018-03-08] (Sandboxie Holdings, LLC)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-06-13] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-06-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-14 13:13 - 2018-07-14 13:14 - 000020037 _____ C:\Users\Anna\Desktop\FRST.txt
2018-07-14 13:12 - 2018-07-14 13:13 - 000000000 ____D C:\FRST
2018-07-14 13:11 - 2018-07-14 13:12 - 000000000 ____D C:\Users\Anna\Desktop\Stuff to Keep 2
2018-07-14 13:08 - 2018-07-14 13:11 - 000000000 ____D C:\Users\Anna\Desktop\Stuff to keep
2018-07-14 13:06 - 2018-07-14 13:06 - 002412544 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2018-07-14 10:52 - 2018-07-14 10:52 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-14 10:52 - 2018-07-14 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-13 14:15 - 2018-07-13 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-13 10:21 - 2018-07-13 10:21 - 000000000 ____D C:\Users\Anna\AppData\Local\D3DSCache
2018-07-12 19:01 - 2018-07-12 19:01 - 000051392 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-07-12 19:01 - 2018-07-12 19:01 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-07-12 19:01 - 2018-07-12 19:01 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-07-12 19:01 - 2018-07-12 19:01 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-07-06 23:50 - 2018-07-06 23:50 - 001991480 _____ C:\Users\Anna\Downloads\new_01052018102738140.pdf
2018-06-30 12:00 - 2018-06-30 12:02 - 000019288 _____ C:\WINDOWS\SysWOW64\Defrag.debuglog

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-14 13:13 - 2018-03-03 23:58 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-07-14 12:58 - 2016-12-17 01:09 - 000000000 ____D C:\Users\Anna\AppData\LocalLow\Mozilla
2018-07-14 11:52 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-14 10:52 - 2016-09-20 06:42 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-14 10:52 - 2016-09-20 06:42 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-14 10:52 - 2016-09-20 06:42 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-14 10:50 - 2016-09-20 06:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-14 10:44 - 2018-05-20 11:23 - 000004238 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-07-14 10:41 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-14 10:41 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-14 10:41 - 2017-11-20 19:37 - 000000000 ____D C:\Users\Anna\AppData\Local\Packages
2018-07-13 22:11 - 2018-05-20 10:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-13 18:49 - 2018-05-20 11:23 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E60DEA9F-A703-4890-B747-E281A9FE14E5}
2018-07-13 14:16 - 2016-09-20 06:49 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-07-13 10:25 - 2018-06-09 21:34 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-13 10:25 - 2018-05-20 11:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-13 10:24 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-13 10:24 - 2017-05-22 07:25 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-07-13 10:11 - 2016-11-26 23:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-13 10:06 - 2016-11-26 23:40 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-13 09:10 - 2018-05-20 11:23 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-5170115-1249461234-645129025-1002
2018-07-13 09:10 - 2018-05-20 10:54 - 000002405 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-13 09:10 - 2016-11-26 14:38 - 000000000 ___RD C:\Users\Anna\OneDrive
2018-07-13 09:09 - 2018-05-20 11:23 - 000004586 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-13 09:09 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-13 09:09 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-13 01:00 - 2016-11-26 14:54 - 000002326 _____ C:\WINDOWS\Sandboxie.ini
2018-07-12 17:38 - 2018-05-20 11:23 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-12 17:38 - 2017-01-12 19:18 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-12 17:06 - 2017-01-02 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-12 17:03 - 2017-11-20 18:36 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-07-12 17:03 - 2017-11-20 18:36 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-07-12 15:42 - 2016-09-20 06:30 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-12 10:42 - 2017-10-08 18:15 - 000052784 _____ C:\Users\Anna\Documents\Job Activity Log.xlsx
2018-07-07 11:15 - 2016-12-17 01:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-07 11:15 - 2016-12-17 01:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-07 01:15 - 2016-12-17 04:34 - 000000000 ___RD C:\Users\Anna\Documents\Scanned Documents
2018-07-06 14:56 - 2016-12-17 01:09 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-02 14:16 - 2018-06-12 22:32 - 000000000 ____D C:\ProgramData\Packages
2018-07-01 11:39 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-01 11:38 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 10:47

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Anna (14-07-2018 13:14:59)
Running from C:\Users\Anna\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-20 18:24:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-5170115-1249461234-645129025-500 - Administrator - Disabled)
Anna (S-1-5-21-5170115-1249461234-645129025-1002 - Administrator - Enabled) => C:\Users\Anna
DefaultAccount (S-1-5-21-5170115-1249461234-645129025-503 - Limited - Disabled)
Guest (S-1-5-21-5170115-1249461234-645129025-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-5170115-1249461234-645129025-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Amazon Amazon Music) (Version: 6.4.0.1321 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Amazon Amazon Music) (Version: 6.4.0.1321 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{4A04AD5F-67AC-079E-8ACD-2E38E25E39E7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.14.1.26975 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A7F41426-5F75-4695-BE5D-B011821079A3}) (Version: 2.0.5.48230 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.7.0.7260 - Avira Operations GmbH & Co. KG)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{122666A9-2995-4E47-A75E-6423A827B7AF}) (Version: 2.2.0.253 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 53.4.67 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6568.0 - Waves Audio Ltd.) Hidden
Medical Terminology for Health Professions (HKLM-x32\...\Medical Terminology for Health Professions_is1) (Version:  - Cengage Delmar Learning)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.3 - Qualcomm Atheros)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.006 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Sandboxie 5.24 (64-bit) (HKLM\...\Sandboxie) (Version: 5.24 - Sandboxie Holdings, LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-07-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-07-12] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {075070BC-A904-4491-A8F1-D91DEF8AACBA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {09DF5E2E-DD9C-482C-B94C-E8D58CE2FE1B} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-14] (Microsoft Corporation)
Task: {1D5058AD-6922-4594-993E-0E1CFFC291F0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-26] (Dropbox, Inc.)
Task: {25A26C76-DBB3-4FF5-9AD5-B5A44F9C4913} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-05-11] (Dell Inc.)
Task: {45B98106-29B4-489C-858E-CAC60A5FA002} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {495C31D1-C82C-47DF-BAED-A98EE748FB39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {4C1E42D4-9AFB-42CE-87CE-C16B7BCC916F} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {5120C6F9-2A44-4424-BDBF-27584921C416} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-26] (Dropbox, Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {715627E6-DEF7-49B3-9E24-947C2209C91E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {75A844C6-C506-4BDD-9564-943B99F65A28} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {781CA0A7-C885-4480-83E1-F7F23A24CFFD} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {8BA0E1EF-37CA-4208-80F8-FFEBE8190097} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-14] (Microsoft Corporation)
Task: {AACC68C1-6BDF-4AE0-9788-22753A168701} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM)
Task: {B178C1E2-6600-4B05-917C-A20C837E74DA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {BB866A73-9742-4426-A5DC-B9C50E686B6B} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-03-03] (Avira Operations GmbH & Co. KG )
Task: {CF04F0D9-121D-4DA0-9C4B-8EF60EA0AFA3} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-07-12] (Avira Operations GmbH & Co. KG)
Task: {D6BE390D-917E-4A82-A2D9-22319CBD91E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {DE8CA77A-4D01-4AD8-B96E-69E3EF0E7467} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-14] (Microsoft Corporation)
Task: {F12DF295-873E-4697-87CD-25B2BFFC9FC7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-14] (Microsoft Corporation)
Task: {F2DAD6BE-481C-4DC0-A81F-3591959F7B56} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-02-26] (Avira Operations GmbH & Co. KG)
Task: {FCFDD420-91E7-4BE6-ABBC-A2EE0AB60903} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-07] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP 1T88022

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-06 21:39 - 2015-08-06 21:39 - 000127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-06-08 19:31 - 2018-06-09 21:34 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-08-06 21:39 - 2015-08-06 21:39 - 000138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-12 20:49 - 2018-06-08 01:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-22 21:50 - 2018-05-22 21:51 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-22 21:50 - 2018-05-22 21:51 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-22 21:50 - 2018-05-22 21:51 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-22 21:50 - 2018-05-22 21:51 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-22 21:50 - 2018-05-22 21:51 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-19 10:35 - 2017-09-19 10:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 16:26 - 2015-06-23 16:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-09-20 06:52 - 2014-12-08 00:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 15:28 - 2014-12-08 15:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 06:46 - 2015-10-30 00:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118058\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118302\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-5170115-1249461234-645129025-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Anna\Desktop\All Pictures\12-16-17 Kylo Ren and Rei at Star Wars The Last Jedi movie playing at Arden.JPG
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\Control Panel\Desktop\\Wallpaper -> C:\Users\Anna\Desktop\All Pictures\12-16-17 Kylo Ren and Rei at Star Wars The Last Jedi movie playing at Arden.JPG
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\StartupApproved\Run: => "Amazon Music Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{89CF1726-FAF3-4D11-B659-52315D3C2CCF}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{385603B6-8303-40F1-B3B6-F831E5E16050}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{B2577BFE-793C-4868-8E59-19F04E281787}] => (Block) C:\users\anna\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{45753A5F-BBCB-4CE0-B9BF-1E2E14972BEA}] => (Block) C:\users\anna\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{7BE8EF8E-C570-4220-B763-78F0DBDEA5B7}C:\users\anna\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\anna\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{5C95D33A-1900-4F21-BBA0-BC232FD43FEC}C:\users\anna\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\anna\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{17A4E085-6983-4D56-9062-10BAF6367E53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7256D030-CBC8-4EEF-9899-C6998546CFE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{913FB12B-66F1-4D46-885E-EDB5DC659C5D}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE
FirewallRules: [{0B3182BE-2664-4324-8CA0-20C1F26AFFF5}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
FirewallRules: [{DED2D34D-1C35-4C68-803D-EB84701F3F06}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{8C841DE6-A037-47FC-A6ED-F0896D573121}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{CAF7A323-AF2B-4BC5-94B9-AE82F5768AD8}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{7705E3C7-8667-479D-8517-BAA9D89C60BD}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{4560BA30-0229-49DD-80D3-D016B45A5B3A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

07-07-2018 11:28:03 Scheduled Checkpoint
13-07-2018 10:05:03 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2018 12:57:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Faulting module name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Exception code: 0xc000041d
Fault offset: 0x00000000000041d0
Faulting process id: 0x3f38
Faulting application start time: 0x01d41bacd3eb7898
Faulting application path: C:\Program Files\Dell\QuickSet\quickset.exe
Faulting module path: C:\Program Files\Dell\QuickSet\quickset.exe
Report Id: c3b5ed8c-e1e9-4dd5-aedc-02bb7ffa208d
Faulting package full name:
Faulting package-relative application ID:

Error: (07/14/2018 12:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Faulting module name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Exception code: 0xc0000005
Fault offset: 0x00000000000041d0
Faulting process id: 0x3f38
Faulting application start time: 0x01d41bacd3eb7898
Faulting application path: C:\Program Files\Dell\QuickSet\quickset.exe
Faulting module path: C:\Program Files\Dell\QuickSet\quickset.exe
Report Id: 90866af0-30f7-4eaa-a100-ba8684c761bf
Faulting package full name:
Faulting package-relative application ID:

Error: (07/14/2018 10:44:22 AM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP-1T88022)
Description: Product: Dell SupportAssist -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: WickInstaller.1.5CE21306_A484_4807_9F74_29446153A569, location: C:\Program Files\Dell\SupportAssistAgent\PCDr\Installer\SupportAssist_6.0.6992.1111_x64.exe, command: --INTERNAL_UninstallFromMsm

Error: (07/14/2018 10:42:03 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/14/2018 10:39:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Faulting module name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Exception code: 0xc000041d
Fault offset: 0x00000000000041d0
Faulting process id: 0x339c
Faulting application start time: 0x01d41b99a191e141
Faulting application path: C:\Program Files\Dell\QuickSet\quickset.exe
Faulting module path: C:\Program Files\Dell\QuickSet\quickset.exe
Report Id: e9f7fc02-072b-45bc-9139-a553e1d1b76b
Faulting package full name:
Faulting package-relative application ID:

Error: (07/14/2018 10:39:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Faulting module name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Exception code: 0xc0000005
Fault offset: 0x00000000000041d0
Faulting process id: 0x339c
Faulting application start time: 0x01d41b99a191e141
Faulting application path: C:\Program Files\Dell\QuickSet\quickset.exe
Faulting module path: C:\Program Files\Dell\QuickSet\quickset.exe
Report Id: 7a52e079-6d1b-45d8-a6b7-44d99f7351d6
Faulting package full name:
Faulting package-relative application ID:

Error: (07/14/2018 10:38:34 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (07/14/2018 10:38:32 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (07/14/2018 12:56:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/14/2018 10:42:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2018 10:42:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2018 10:42:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2018 10:41:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/14/2018 10:38:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/13/2018 10:11:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/13/2018 07:00:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.0.132.
The computer with the IP address 10.0.0.202 did not allow the name to be claimed by
this computer.


Windows Defender:
===================================
Date: 2018-06-13 06:13:13.567
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...47&enterprise=0
Name: TrojanDownloader:JS/Nemucod.HD
ID: 2147717547
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\Anna\AppData\Local\Mozilla\Firefox\Profiles\oj1c79fr.default-1522376397810\cache2\entries\B2183EA995CAD5BAE66D965207B97546F9DE89D9
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.237.343.0, AS: 1.237.343.0, NIS: 1.237.343.0
Engine Version: AM: 1.1.13504.0, NIS: 1.1.13504.0

Date: 2018-06-13 06:13:00.021
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...47&enterprise=0
Name: TrojanDownloader:JS/Nemucod.HD
ID: 2147717547
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\Anna\AppData\Local\Mozilla\Firefox\Profiles\oj1c79fr.default-1522376397810\cache2\entries\B2183EA995CAD5BAE66D965207B97546F9DE89D9
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.237.343.0, AS: 1.237.343.0, NIS: 1.237.343.0
Engine Version: AM: 1.1.13504.0, NIS: 1.1.13504.0

CodeIntegrity:
===================================

Date: 2018-07-05 13:21:04.817
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-05 13:21:04.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-05 13:21:04.787
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-05 13:21:04.771
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-05 13:21:04.756
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-05 13:21:04.731
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-05 13:21:04.714
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-05 13:21:04.693
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 57%
Total physical RAM: 5056.32 MB
Available physical RAM: 2141.72 MB
Total Virtual: 7360.32 MB
Available Virtual: 3951.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.32 GB) (Free:405.5 GB) NTFS

\\?\Volume{8ab0db6d-a33f-495d-99a7-a85235ec3278}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{c5559f13-916a-489a-9ec7-301aa12b67e3}\ (Image) (Fixed) (Total:12.38 GB) (Free:0.64 GB) NTFS
\\?\Volume{6e84b3b6-f204-40c6-a462-38b7eb36f9d1}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 404075F8)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Thumbnails

• 

[Advertisements]

The only thing I see is:

 

Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...47&enterprise=0
Name: TrojanDownloader:JS/Nemucod.HD
ID: 2147717547
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\Anna\AppData\Local\Mozilla\Firefox\Profiles\oj1c79fr.default-1522376397810\cache2\entries\B2183EA995CAD5BAE66D965207B97546F9DE89D9
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection

 

 

Clear the cache for each browser you have seen the message on:

 

http://kb.mit.edu/co...?pageId=3902928

 

Sometimes a site or the advertising delivered by the site will be compromised to deliver these bogus warning.  Do you know what site you visited that gave you the warning?

 

Install the free Ublock Origin extension for each browser you use (except IE get Addblock plus for IE).   That will prevent an infected ad from getting to you.  Expect if you dig a bit deeper you will find that the website's full URL is being hidden and that it's not support.microsoft.com but support.microsoft.com.nastysite.tv.  or similar. 

 

If you use Facebook, get the F B Purity extension for your browser https://www.fbpurity.com/ That will prevent ads on Facebook.

 

It is possible to fake the URL at least it used to be on Firefox:

 

To test it you can go to:

https://www.xn--80ak6aa92e.com/

 

If the fake is possible it will change to say https://www.apple.combut will obviously not be the apple website.  To fix it on Firefox:

In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

 

Current versions of Chrome, IE & Edge no longer have this problem.

If you want to be sure you can run the free ESET scan but it takes hours:

 

Use IE and go to https://www.eset.com...online-scanner/

  and click on SCAN NOW under ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  

IF you don't use IE it will still work but you must download a program and run it.

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

 

I am seeing errors in several Dell Programs so you might want to see if they have newer versions or just uninstall them:

Dell Data Vault Service  See: https://www.dell.com...lt/td-p/4775645

Dell SupportAssist
QuickSet64

[RKinner]

The only thing I see is:

 

Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...47&enterprise=0
Name: TrojanDownloader:JS/Nemucod.HD
ID: 2147717547
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\Anna\AppData\Local\Mozilla\Firefox\Profiles\oj1c79fr.default-1522376397810\cache2\entries\B2183EA995CAD5BAE66D965207B97546F9DE89D9
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection

 

 

Clear the cache for each browser you have seen the message on:

 

http://kb.mit.edu/co...?pageId=3902928

 

Sometimes a site or the advertising delivered by the site will be compromised to deliver these bogus warning.  Do you know what site you visited that gave you the warning?

 

Install the free Ublock Origin extension for each browser you use (except IE get Addblock plus for IE).   That will prevent an infected ad from getting to you.  Expect if you dig a bit deeper you will find that the website's full URL is being hidden and that it's not support.microsoft.com but support.microsoft.com.nastysite.tv.  or similar. 

 

If you use Facebook, get the F B Purity extension for your browser https://www.fbpurity.com/ That will prevent ads on Facebook.

 

It is possible to fake the URL at least it used to be on Firefox:

 

To test it you can go to:

https://www.xn--80ak6aa92e.com/

 

If the fake is possible it will change to say https://www.apple.combut will obviously not be the apple website.  To fix it on Firefox:

In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

 

Current versions of Chrome, IE & Edge no longer have this problem.

If you want to be sure you can run the free ESET scan but it takes hours:

 

Use IE and go to https://www.eset.com...online-scanner/

  and click on SCAN NOW under ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  

IF you don't use IE it will still work but you must download a program and run it.

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

 

I am seeing errors in several Dell Programs so you might want to see if they have newer versions or just uninstall them:

Dell Data Vault Service  See: https://www.dell.com...lt/td-p/4775645

Dell SupportAssist
QuickSet64

[Sugartooth]

Hi RKinner,

 

Thank you for helping me with this. I noticed that the Addition log listed "Date: 2018-06-13 06:13:13.567" for the bogus warning. I didn't notice a problem with my laptop until yesterday, when I received the first warning. Is it possible that it's been on my laptop since that time, or did I just get it yesterday? I was viewing employment opportunities and clicked on a site that I had never used before.
 

I cleared the cache on Firefox is that is the only browser I use. I installed the free Ublock Origin extension, F B Purity extension, and did the "about:config" for Firefox. However, for "network.standard-url.punycode-host", I left it at Default, but the Value I had was listed as true, not false.

 

Even though you are seeing Dell errors, I don't think it is affecting my laptop. I tried to uninstall the Dell Data Vault Service, but the directions you referred me to, weren't accurate.

 

I ran the ESET online scanner and no threats were found.

[RKinner]

Dates in the log files can be confusing.  Sometimes they use GMT and other times they use that of your current time zone.

 

If you haven't seen the warning again then I think you are probably OK.  Maybe stay away from that site you were talking about.

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/


If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.



If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

[Sugartooth]

Hello again,

 

I've uninstalled FRST64.exe. Checked to make sure my Adobe is the latest version and disabled javascript. By installing uBlock Origin, I've noticed a difference in my email! The ads were really slowing down my email and even affecting how long it would take for me to type an email. Thank you so much for recommending it! Everything seems to be working perfectly now.

[RKinner]

Glad we could help.