Infected Dell Inspiron win7

Discussion in 'Malware Removal' started by mikehende, Oct 18, 2017.

  1. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Hey Pete, how's it going? I can use some help with this machine please.

    PC works very fast but can't go to the net.

    MBAM on first run showed only PUP's and none on 2nd run. JRT found and deleted some stuff but both Adwcleaner and FRST wouldn't scan as they both show "checking for updates" but doesn;t go any further, help please?

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 10/18/17
    Scan Time: 11:17 AM
    Log File: 6a77404c-b417-11e7-91a2-b8ac6fe470cb.json
    Administrator: Yes

    -Software Information-
    Version: 3.2.2.2018
    Components Version: 1.0.186
    Update Package Version: 1.0.3042
    License: Free

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Webb-PC\Webb

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 395238
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 25 min, 54 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)
     
  2. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 7 Home Premium x64
    Ran by Webb (Administrator) on Wed 10/18/2017 at 12:13:28.46
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 46

    Successfully deleted: C:\ProgramData\avg safeguard toolbar (Folder)
    Successfully deleted: C:\ProgramData\babylon (Folder)
    Successfully deleted: C:\ProgramData\esellerate (Folder)
    Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\avg safeguard toolbar (Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage (File)
    Successfully deleted: C:\Users\Webb\AppData\Local\iac (Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\slimware utilities inc (Folder)
    Successfully deleted: C:\Users\Webb\Appdata\LocalLow\avg safeguard toolbar (Folder)
    Successfully deleted: C:\Users\Webb\Appdata\LocalLow\delta (Folder)
    Successfully deleted: C:\Users\Webb\AppData\Roaming\getrighttogo (Folder)
    Successfully deleted: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\Backup\user.js (File)
    Successfully deleted: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\bmsjta9e.default\user.js (File)
    Successfully deleted: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\extensions\bingsearch.full@microsoft.com\search.xml (File)
    Successfully deleted: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\searchplugins\safesearch.xml (File)
    Successfully deleted: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\user.js (File)
    Successfully deleted: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\vxmvpg0h.default\user.js (File)
    Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File)
    Successfully deleted: C:\Windows\wininit.ini (File)
    Successfully deleted: C:\Program Files (x86)\avg safeguard toolbar (Folder)
    Successfully deleted: C:\Program Files (x86)\GUTC513.tmp (File)
    Successfully deleted: C:\Program Files (x86)\oapps (Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IWZ68ZG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3D70L23 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM11YQ1S (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZWOMASI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3LI1P8O (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGV0I63I (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XE8DQPP7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUKUGDZS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IWZ68ZG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3D70L23 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM11YQ1S (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZWOMASI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3LI1P8O (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGV0I63I (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XE8DQPP7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUKUGDZS (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 10/18/2017 at 12:18:49.97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  3. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Also Pete, I am noticing in the DM that the Network driver has an issue as the attached pic shows but not sure on which of the two items that yellow exclamation mark belongs to.
    If it is relating to the Realtek driver then looking on Dell's site as the 2 pic shows, I am not seeing a network driver with the exact same name?
    Then too, if this is a network driver issue and not a virus issue then why won't the pc allow Adwcleaner and FRST to run? Very confusing.

    network.jpg network2.png
     
  4. starbuck United Kingdom

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR

    Joined:
    Jul 16, 2014
    Likes Received:
    258
    Trophy Points:
    83
    Hi Mike,

    If there's no internet, then AdwCleaner and FRST will not be able to update.... so you will get problems.
    Make sure that you have the latest versions.

    FRST64: .... https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    AdwCleaner: .... https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Obviously without internet you'll have to use another system and then transfer the tools via usb stick.

    For the internet issue, let's have a better look....

    Please download MiniToolBox and save it to your Desktop.

    Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click and select "Run as Administrator".

    Checkmark the following radio buttons:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List Devices (Only Problems)


    Note:
    When using "Reset FF Proxy Settings" option Firefox should be closed.


    Click Go the results will appear as MTB.txt on your Desktop.
    Please copy & paste this report in your next reply.
     
  5. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Thanks, taking a while though, for more than 30 minutes now and seems to be stuck on "Getting ipconfig"
     
  6. starbuck United Kingdom

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR

    Joined:
    Jul 16, 2014
    Likes Received:
    258
    Trophy Points:
    83
    Ok, just leave it for awhile and see if it continues.
     
  7. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Finished right after I last posted:

    MiniToolBox by Farbar Version: 17-06-2016
    Ran by Webb (administrator) on 18-10-2017 at 15:14:56
    Running from "C:\Users\Webb\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Model: Inspiron 560 Manufacturer: Dell Inc.
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    ========================= FF Proxy Settings: ==============================


    "Reset FF Proxy Settings": Firefox Proxy settings were reset.

    ========================= Hosts content: =================================
    ========================= IP Configuration: ================================

    Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Webb-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : fios-router.home

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : fios-router.home
    Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : B8-AC-6F-E4-70-CB
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::ec9d:d4da:5dd:2e83%10(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.96(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Wednesday, October 18, 2017 1:03:31 PM
    Lease Expires . . . . . . . . . . : Thursday, October 19, 2017 2:48:11 PM
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 246983791
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-77-3D-5D-B8-AC-6F-E4-70-CB
    DNS Servers . . . . . . . . . . . : 192.168.1.1
    NetBIOS over Tcpip. . . . . . . . : Enabled
    DNS request timed out.
    timeout was 2 seconds.
    Server: UnKnown
    Address: 192.168.1.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.

    Pinging google.com [172.217.10.238] with 32 bytes of data:
    Request timed out.
    General failure.

    Ping statistics for 172.217.10.238:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
    Server: UnKnown
    Address: 192.168.1.1

    Name: yahoo.com
    Addresses: 2001:4998:58:c02::a9
    2001:4998:c:a06::2:4008
    2001:4998:44:204::a7
    98.138.253.109
    98.139.180.149
    206.190.36.45


    Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
    Request timed out.
    General failure.

    Ping statistics for 98.139.180.149:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    10...b8 ac 6f e4 70 cb ......Realtek PCIe GBE Family Controller
    1...........................Software Loopback Interface 1
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.96 20
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.96 276
    192.168.1.96 255.255.255.255 On-link 192.168.1.96 276
    192.168.1.255 255.255.255.255 On-link 192.168.1.96 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.96 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.96 276
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    10 276 fe80::/64 On-link
    10 276 fe80::ec9d:d4da:5dd:2e83/128
    On-link
    1 306 ff00::/8 On-link
    10 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

    ========================= Devices: ================================

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Device ID: ROOT\*TEREDO\0000
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    **** End of log ****
     
  8. starbuck United Kingdom

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR

    Joined:
    Jul 16, 2014
    Likes Received:
    258
    Trophy Points:
    83
    Can you get the latest version of FRST to run?
     
  9. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    let me try
     
  10. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01
    Ran by Webb (administrator) on WEBB-PC (18-10-2017 16:38:42)
    Running from E:\
    Loaded Profiles: Webb (Available Profiles: Webb)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    () C:\Users\Webb\AppData\Local\Amazon Music\Amazon Music Helper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
    HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_14\TrayServer.exe
    HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
    HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-03] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [551488 2014-09-23] ()
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-08-11] ()
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [Amazon Music] => C:\Users\Webb\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] ()
    HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [Chromium] => "c:\users\webb\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
    HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-18] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-03]
    ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    CHR HKU\S-1-5-21-207249110-600702845-166796750-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{7BAF68A2-5E5E-4630-A2D4-91496139CC0F}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-207249110-600702845-166796750-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-207249110-600702845-166796750-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-09-26] (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll => No File
    BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL => No File
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL => No File
    BHO-x32: Wondershare AllMyTube 4.3.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2015-08-11] (Wondershare)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-09-26] (RealDownloader)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
    BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
    BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
    Toolbar: HKU\S-1-5-21-207249110-600702845-166796750-1000 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: osf - No CLSID Value
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
    Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-09-25] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-09-25] (McAfee, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default [2017-10-18]
    FF NewTab: Mozilla\Firefox\Profiles\t8ym71sf.default -> about:newtab
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo
    FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\t8ym71sf.default -> Bing
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo
    FF Homepage: Mozilla\Firefox\Profiles\t8ym71sf.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
    FF Extension: (Transit) - C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\Extensions\@Transit.xpi [2017-09-12]
    FF Extension: (Bing Extension) - C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\Extensions\bingsearch.full@microsoft.com [2017-10-18] [not signed]
    FF SearchPlugin: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\searchplugins\bing-.xml [2015-03-28]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-09-25]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-03] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{4642CD99-8FDF-4550-94E1-63360972C326}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
    FF Extension: (Wondershare AllMyTube) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2016-02-10] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-10-09] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-09-25] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-09-25] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-09] (Nero AG)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.14.69 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-03] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.14 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-09-26] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.14.69 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-03] (RealPlayer Cloud)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Users\Webb\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US1134D20170817&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR Profile: C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default [2017-10-18]
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-28]
    CHR Extension: (Chrome Media Router) - C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-01]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-207249110-600702845-166796750-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()
    R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
    R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()
    R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-08-10] (McAfee, Inc.)
    R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
    S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
    U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
    S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-09-25] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [994280 2017-09-14] (McAfee, Inc.)
    R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [242640 2017-06-21] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [394704 2017-06-21] (McAfee, Inc.)
    R3 mfevtp; C:\Windows\system32\mfevtps.exe [350160 2017-06-21] (McAfee, Inc.)
    S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546904 2017-08-17] (McAfee, Inc.)
    S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (Intel Security, Inc.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-09-26] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-03] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31344 2014-09-26] ()
    S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)
    S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)
    S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [548864 2008-10-21] (Magix AG) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77800 2017-06-26] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [209608 2017-08-07] (McAfee, Inc.)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-10-18] (Malwarebytes)
    R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [88448 2017-05-26] (McAfee, Inc.)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [487408 2017-06-26] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [355312 2017-06-26] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [506352 2017-06-26] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [933360 2017-06-26] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [504792 2017-06-27] (McAfee LLC.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108504 2017-06-27] (McAfee LLC.)
    R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116208 2017-06-26] (McAfee, Inc.)
    S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [253424 2017-06-26] (McAfee, Inc.)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
    S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
    R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)
    R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)
    R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)
    R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-18 15:14 - 2017-10-18 16:06 - 000009111 _____ C:\Users\Webb\Desktop\MTB.txt
    2017-10-18 15:14 - 2017-10-18 15:14 - 000004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
    2017-10-18 15:12 - 2017-10-18 15:11 - 000892416 _____ (Farbar) C:\Users\Webb\Desktop\MiniToolBox.exe
    2017-10-18 12:23 - 2017-10-18 16:38 - 000000000 ____D C:\FRST
    2017-10-18 12:18 - 2017-10-18 12:18 - 000006524 _____ C:\Users\Webb\Desktop\JRT.txt
    2017-10-18 11:54 - 2017-10-18 12:21 - 000000000 ____D C:\AdwCleaner
    2017-10-18 11:09 - 2017-10-18 11:18 - 000000258 __RSH C:\ProgramData\ntuser.pol
    2017-10-18 10:51 - 2017-10-18 15:54 - 000003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
    2017-10-18 10:36 - 2017-10-18 16:36 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-10-18 10:36 - 2017-10-18 11:17 - 000002016 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-10-18 10:36 - 2017-10-18 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-10-18 10:36 - 2017-10-18 10:36 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-10-18 10:36 - 2017-08-21 07:20 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-10-09 16:03 - 2017-10-09 16:03 - 000000000 ____D C:\FixMeStick Quarantine
    2017-10-09 15:02 - 2017-10-12 23:07 - 000000000 ____D C:\FixMeStick
    2017-10-09 14:25 - 2017-05-26 06:05 - 000088448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
    2017-10-01 00:01 - 2017-10-01 00:01 - 000245712 _____ (Mozilla) C:\Users\Webb\Downloads\Firefox Installer (4).exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-18 16:39 - 2017-08-17 20:16 - 000000000 __RSD C:\Users\Webb\Documents\McAfee Vaults
    2017-10-18 16:39 - 2014-03-31 21:02 - 053458228 _____ C:\Windows\ntbtlog.txt
    2017-10-18 16:34 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-10-18 13:17 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-10-18 13:17 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-10-18 13:03 - 2009-07-14 00:45 - 000658640 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-10-18 12:41 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
    2017-10-18 11:09 - 2013-07-17 00:37 - 000000000 ____D C:\Users\Webb\AppData\Local\Adobe
    2017-10-18 11:08 - 2013-08-29 13:05 - 000000000 ____D C:\ProgramData\iolo
    2017-10-18 11:08 - 2013-08-29 13:05 - 000000000 ____D C:\Program Files (x86)\iolo
    2017-10-18 10:39 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-10-18 10:39 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
    2017-10-18 10:36 - 2013-08-29 14:46 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-10-12 15:35 - 2017-09-12 09:37 - 000003482 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Webb
    2017-10-12 15:34 - 2013-07-28 15:18 - 000000576 _____ C:\Users\Webb\Desktop\Wintm.lnk
    2017-10-12 12:38 - 2017-09-12 09:37 - 000003488 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Webb
    2017-10-09 20:20 - 2017-08-17 20:13 - 000000000 ____D C:\Program Files (x86)\McAfee
    2017-10-09 14:27 - 2017-05-17 21:06 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2017-10-09 14:24 - 2017-08-17 20:15 - 000003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
    2017-10-09 09:37 - 2009-07-14 01:08 - 000032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-10-05 21:24 - 2013-07-20 19:08 - 000000000 ____D C:\Users\Webb\AppData\Local\CrashDumps
    2017-10-05 21:21 - 2017-08-18 10:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-10-05 21:08 - 2015-01-24 20:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-09-29 10:01 - 2017-08-17 20:14 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
    2017-09-26 20:08 - 2017-08-16 16:27 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-09-26 20:08 - 2017-08-16 16:27 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-09-23 17:17 - 2017-06-04 15:39 - 000033280 _____ C:\Users\Webb\Desktop\jeans schedule octoberdec.xls
    2017-09-23 17:09 - 2017-06-03 23:12 - 000033280 _____ C:\Users\Webb\Desktop\field service october to decenber.xls
    2017-09-20 09:34 - 2013-07-17 00:49 - 000000000 ____D C:\ProgramData\McAfee
    2017-09-19 21:13 - 2017-05-17 21:08 - 000003308 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
    2017-09-18 23:27 - 2014-09-09 14:41 - 000000000 ____D C:\Users\Webb\AppData\Roaming\vlc

    ==================== Files in the root of some directories =======

    2014-10-07 20:18 - 2016-05-02 13:41 - 000000098 _____ () C:\Users\Webb\AppData\Roaming\WB.CFG
    2014-12-21 16:06 - 2014-12-21 16:06 - 000001456 _____ () C:\Users\Webb\AppData\Local\Adobe Save for Web 12.0 Prefs
    2013-07-26 19:36 - 2017-09-14 20:55 - 001592448 _____ () C:\Users\Webb\AppData\Local\rx_audio.Cache
    2013-07-22 20:33 - 2017-09-14 20:55 - 000054072 _____ () C:\Users\Webb\AppData\Local\rx_image32.Cache
    2013-07-16 17:13 - 2013-07-16 17:13 - 000000021 ____H () C:\ProgramData\.24554863501262644635642126105
    2014-08-20 22:25 - 2014-09-08 15:45 - 000000848 ___SH () C:\ProgramData\KGyGaAvL.sys
    2014-12-10 21:02 - 2014-12-10 21:02 - 000000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2012-07-30 20:51 - 2012-07-30 20:51 - 000002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag

    Some files in TEMP:
    ====================
    2013-01-28 18:20 - 2013-01-28 18:20 - 000248008 _____ (Ask.com) C:\Users\Webb\AppData\Local\Temp\AskSLib.dll
    2013-10-28 21:26 - 2013-03-07 10:57 - 000098304 _____ () C:\Users\Webb\AppData\Local\Temp\cabex.dll
    2016-05-02 09:40 - 2016-05-02 09:40 - 014185258 _____ (HOW Inc. ) C:\Users\Webb\AppData\Local\Temp\FYDSetup.exe
    2013-09-02 17:45 - 2015-08-20 14:16 - 000163104 _____ (RealNetworks, Inc.) C:\Users\Webb\AppData\Local\Temp\lowproc.exe
    2017-05-30 21:21 - 2017-05-30 21:21 - 000243240 _____ (McAfee, Inc.) C:\Users\Webb\AppData\Local\Temp\McCSPInstall.dll
    2017-04-02 00:11 - 2008-09-12 13:39 - 000217088 _____ (MAGIX AG) C:\Users\Webb\AppData\Local\Temp\MgxVistaTools.dll
    2014-01-25 19:31 - 2013-07-17 00:14 - 000798904 _____ (Microsoft Corporation) C:\Users\Webb\AppData\Local\Temp\OfficeSetup.exe
    2013-10-28 21:26 - 2013-03-07 10:57 - 000172720 _____ () C:\Users\Webb\AppData\Local\Temp\PVARemove.exe
    2013-09-02 17:45 - 2014-10-16 02:01 - 000090624 _____ (RealNetworks, Inc.) C:\Users\Webb\AppData\Local\Temp\stubhelper.dll
    2016-10-27 20:31 - 2017-04-01 20:40 - 000153056 _____ (MAGIX AG) C:\Users\Webb\AppData\Local\Temp\unwise.exe
    2015-05-15 09:26 - 2015-05-15 09:26 - 028849904 _____ () C:\Users\Webb\AppData\Local\Temp\vlc-2.2.1-win32.exe
    2016-07-05 16:57 - 2016-07-05 16:57 - 030533688 _____ () C:\Users\Webb\AppData\Local\Temp\vlc-2.2.4-win32.exe
    2017-10-18 16:15 - 2017-10-18 16:15 - 000123697 _____ () C:\Users\Webb\AppData\Local\Temp\{0776AC08-42A7-4437-B11F-0610BF38DA56}-62.0.3202.62_chrome_installer.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-05-20 20:45

    ==================== End of FRST.txt ============================
     
  11. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01
    Ran by Webb (18-10-2017 16:42:16)
    Running from E:\
    Windows 7 Home Premium Service Pack 1 (X64) (2013-07-16 14:41:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-207249110-600702845-166796750-500 - Administrator - Disabled)
    Guest (S-1-5-21-207249110-600702845-166796750-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-207249110-600702845-166796750-1002 - Limited - Enabled)
    Webb (S-1-5-21-207249110-600702845-166796750-1000 - Administrator - Enabled) => C:\Users\Webb

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
    Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
    Amazon Music (HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC)
    Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
    Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
    Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
    Canon MG5300 series User Registration (HKLM-x32\...\Canon MG5300 series User Registration) (Version: - )
    Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
    Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
    CLM Explorer (HKLM-x32\...\CLMExplorer) (Version: - Robert Hudson)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.8.0.201 - Corel Inc.) Hidden
    Creator NXT Content (HKLM-x32\...\{9F717571-FEE8-45CD-8B03-5B2D06AD28F7}) (Version: 14.0.024 - Roxio) Hidden
    DirectX 9 Runtime (HKLM-x32\...\{3A9527CF-4E91-4683-A03F-F1AD022126E5}) (Version: 1.00.0000 - Sonic Solutions) Hidden
    Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
    EMC 10 Content (HKLM-x32\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.035 - Roxo, Inc.) Hidden
    EMCGadgets64 (HKLM\...\{02AD9D20-03D2-4DE0-8793-E8253026AD86}) (Version: 1.0.302 - Sonic) Hidden
    Final Draft 7 (HKLM-x32\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.3.42 - Final Draft, Inc.)
    Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
    iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
    Kingdom Hall Schedules (HKLM-x32\...\KHS_is1) (Version: 11.15 - Majestic Software)
    K-Lite Codec Pack 10.7.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
    K-Lite Codec Pack Packages (HKU\S-1-5-21-207249110-600702845-166796750-1000\...\K-Lite Codec Pack Packages) (Version: - ) <==== ATTENTION
    MAGIX MP3 deluxe 19 (HKLM\...\{EA52DEA5-3A60-470C-BBDA-5B962BE45CED}) (Version: 19.0.0.30 - MAGIX Software GmbH) Hidden
    MAGIX MP3 deluxe 19 (HKLM-x32\...\MX.{EA52DEA5-3A60-470C-BBDA-5B962BE45CED}) (Version: 19.0.0.30 - MAGIX Software GmbH)
    MAGIX MP3 Maker 15 10.0.0.317 (UK) (HKLM-x32\...\MAGIX MP3 Maker 15 UK) (Version: 10.0.0.317 - MAGIX AG)
    MAGIX Screenshare 4.3.6.1987 (UK) (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
    MAGIX Speed burnR (MSI) (HKLM\...\{7EE6ACF3-FED2-4B97-96CE-846CF1B84F39}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
    MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{7EE6ACF3-FED2-4B97-96CE-846CF1B84F39}) (Version: 7.0.1.27 - MAGIX Software GmbH)
    Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
    McAfee Multi Access - Total Protection (HKLM-x32\...\MSC) (Version: 16.0.3 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.136 - McAfee, Inc.)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-207249110-600702845-166796750-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MP3 deluxe 19 Update (HKLM\...\{A50A6DA4-F139-419B-8C2B-6B81D96AEE20}) (Version: 19.0.1.48 - MAGIX Software GmbH) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    nero12kwikburnexpressess (HKLM-x32\...\{57AB77BC-E70C-454B-BD0C-E543A7961912}) (Version: 12.0.00300 - Nero AG)
    Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
    Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.0.0.6163 - Pinnacle Systems)
    Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
    PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
    Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
    PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
    RealDownloader (HKLM-x32\...\{0b2ba5b5-983a-4565-ace1-2e55014848d2}) (Version: 17.0.14.26 - RealNetworks) Hidden
    RealDownloader (HKLM-x32\...\{0F44CC14-936F-4A6D-A4B4-4953AE174A2A}) (Version: 17.0.14.8 - RealNetworks, Inc.) Hidden
    RealDownloader (HKLM-x32\...\{7D700940-82E4-4442-B8AF-EF6C9C509C06}) (Version: 17.0.14.26 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2005 Runtime (HKLM-x32\...\{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}) (Version: 8.0 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.14 - RealNetworks)
    RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Roxio Creator NXT (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)
    Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
    Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.0 - Roxio) Hidden
    Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
    Roxio Virtual Drive x64 (HKLM\...\{632DCE79-2711-4B07-BB89-DA763E96840C}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
    SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) Hidden
    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
    SONAR LE (HKLM-x32\...\SONAR85LE_is1) (Version: 18.0 - Cakewalk Music Software)
    Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Sonic Solutions) Hidden
    TMS2015 (HKLM-x32\...\{85E02722-AA60-47D6-BB40-9D9CCE181C13}) (Version: 20.15.1 - 2137378 Ontario Inc.)
    Triple Scoop Music (HKLM-x32\...\{4CD51492-D68C-49AC-9692-29FCC19FBC26}) (Version: 1.0.019 - Roxio) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
    VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Video Downloader (HKLM-x32\...\{65257823-1757-44CF-B23A-D615D7CC460D}) (Version: 1.0.0 - RealNetworks) Hidden
    Virtual DJ Broadcaster - Atomix Productions (HKLM-x32\...\Virtual DJ Broadcaster - Atomix Productions) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Watchtower Library - English (HKLM-x32\...\{1D72ED8E-EA0F-4AE3-BBC5-2EC55FA5649F}) (Version: 18.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
    Watchtower Library 2015 - English (HKLM-x32\...\{F0D4F127-987D-4345-AA96-5699CF14AF35}) (Version: 17.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
    Wondershare AllMyTube(Build 4.5.0.0) (HKLM-x32\...\Wondershare AllMyTube_is1) (Version: 4.5.0.0 - Wondershare Software)
    Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-207249110-600702845-166796750-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
    CustomCLSID: HKU\S-1-5-21-207249110-600702845-166796750-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
    CustomCLSID: HKU\S-1-5-21-207249110-600702845-166796750-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Webb\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-207249110-600702845-166796750-1000_Classes\CLSID\{A66FC8BB-7AFD-4FCF-BBA1-341AE079C7DF}\InprocServer32 -> C:\Program Files\Roxio Creator NXT\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
    CustomCLSID: HKU\S-1-5-21-207249110-600702845-166796750-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Webb\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-207249110-600702845-166796750-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Webb\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-207249110-600702845-166796750-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Webb\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-207249110-600702845-166796750-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Webb\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL -> No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL -> No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL -> No File
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-09-25] (McAfee, Inc.)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-09-09] (Apple Inc.)
    ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2012-07-05] ()
    ContextMenuHandlers1: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions)
    ContextMenuHandlers2: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2014-11-03] (RealNetworks, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-09-25] (McAfee, Inc.)
    ContextMenuHandlers6: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions)
    ContextMenuHandlers1_S-1-5-21-207249110-600702845-166796750-1000: [RXDCExtSvr] -> {A66FC8BB-7AFD-4FCF-BBA1-341AE079C7DF} => C:\Program Files\Roxio Creator NXT\Virtual Drive 10\DC_ShellExt64.dll [2012-07-18] (Corel Corporation)
    ContextMenuHandlers2_S-1-5-21-207249110-600702845-166796750-1000: [RXDCExtSvr] -> {A66FC8BB-7AFD-4FCF-BBA1-341AE079C7DF} => C:\Program Files\Roxio Creator NXT\Virtual Drive 10\DC_ShellExt64.dll [2012-07-18] (Corel Corporation)
    ContextMenuHandlers6_S-1-5-21-207249110-600702845-166796750-1000: [RXDCExtSvr] -> {A66FC8BB-7AFD-4FCF-BBA1-341AE079C7DF} => C:\Program Files\Roxio Creator NXT\Virtual Drive 10\DC_ShellExt64.dll [2012-07-18] (Corel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {274A92CB-5025-4AF7-AB36-54B404A1D764} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {274A92CB-5025-4AF7-AB36-54B404A1D764} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
    Task: {274A92CB-5025-4AF7-AB36-54B404A1D764} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
    Task: {34D56728-1E88-4CB9-9DD2-E1E6EF88E5B9} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
    Task: {4074CE58-CFF1-41E3-96D4-EB0B438C3B61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
    Task: {45555FD4-A4A1-4EB2-949A-AFBED6602A4E} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {54628E3C-C21F-418D-82D5-F0E59766123E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-16] (Google Inc.)
    Task: {5AAAB923-3E02-4118-AD39-9DD6D604F642} - System32\Tasks\ReclaimerUpdateFiles_Webb => C:\Users\Webb\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.08\agent\rnupgagent.exe [2017-09-11] (RealNetworks, Inc.)
    Task: {63F0E1D7-725E-4837-AA71-DFC527DEEC6E} - System32\Tasks\RNUpgradeHelperResumePrompt_Webb => C:\Users\Webb\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.08\agent\rnupgagent.exe [2017-09-11] (RealNetworks, Inc.)
    Task: {6675B259-962D-4653-9B41-1E6AF6094B86} - System32\Tasks\ReclaimerUpdateXML_Webb => C:\Users\Webb\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.08\agent\rnupgagent.exe [2017-09-11] (RealNetworks, Inc.)
    Task: {6948C87B-F506-427A-A8AE-C446F7B68BB7} - System32\Tasks\AdobeAAMUpdater-1.0-Webb-PC-Webb => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {7A551A97-D270-4F2B-8130-31F70788F547} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-08-24] (McAfee, Inc.)
    Task: {7BB8588F-ACBD-436B-B5E6-8827C512F577} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-09-23] ()
    Task: {81A7BFC9-4CD6-4250-BB90-49F444A8B77C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {847EE0D9-7A49-4CF0-BA6B-597C7D453ECF} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
    Task: {847EE0D9-7A49-4CF0-BA6B-597C7D453ECF} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
    Task: {8D4F47D6-E0C6-4019-9351-87BC637BA492} - System32\Tasks\{5112F452-3CA7-4C49-8748-B938086E88AC} => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe [2009-06-22] ()
    Task: {9A446A7C-EA95-44CD-BD4D-44B94A6BB67F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {A85E2D96-C599-40FC-A310-DE1D19DE5743} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {A85E2D96-C599-40FC-A310-DE1D19DE5743} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
    Task: {ABEF6771-F264-4060-A12E-F85222041AD1} - System32\Tasks\RNUpgradeHelperLogonPrompt_Webb => C:\Users\Webb\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.08\agent\rnupgagent.exe [2017-09-11] (RealNetworks, Inc.)
    Task: {AF110201-E2DA-4AC4-85C3-26D842B61080} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-16] (Google Inc.)
    Task: {B2A9E3B1-6839-477A-886D-0B9759CF622D} - System32\Tasks\{7F3A22C9-F476-4463-8930-56090A39A198} => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe [2009-06-22] ()
    Task: {CC6D1F03-AA20-4BE6-AC1F-9DE6CB0E142E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-04] ()
    Task: {D271CC90-ABFD-42D0-BE8C-78522C6AC001} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-08-24] (McAfee, Inc.)
    Task: {D2FA513E-DD71-4370-9C87-9753A8A45DAB} - System32\Tasks\{1A179B3C-3F33-4F86-BAE0-B036074283A2} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe -c /x {537BF16E-7412-448C-95D8-846E85A1D817}
    Task: {D464CFBC-565F-4B20-902B-8B6A7869BD69} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-207249110-600702845-166796750-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-09-26] (RealNetworks, Inc.)
    Task: {DFBF9BF3-A3F1-4F9C-B494-33F6CB959A20} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
    Task: {DFBF9BF3-A3F1-4F9C-B494-33F6CB959A20} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
    Task: {E391135D-D6FD-449A-A7A7-4B9FEFEDC9EF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-207249110-600702845-166796750-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-09-26] (RealNetworks, Inc.)
    Task: {FAEE40A9-19C7-43C0-9848-C457D385C9F0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-207249110-600702845-166796750-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-09-26] (RealNetworks, Inc.)
    Task: {FC03445B-EA47-4E43-A6B1-688070E4888F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-08-03] (McAfee, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\Webb\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

    ==================== Loaded Modules (Whitelisted) ==============

    2012-07-05 19:47 - 2012-07-05 19:47 - 000185488 _____ () C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
    2012-06-20 15:48 - 2012-06-20 15:48 - 000457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-09-01 18:12 - 2016-09-01 18:12 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-07-11 01:04 - 2012-07-11 01:04 - 000022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    2014-09-18 21:58 - 2016-06-16 16:05 - 005908968 _____ () C:\Users\Webb\AppData\Local\Amazon Music\Amazon Music Helper.exe
    2014-09-23 15:54 - 2014-09-23 15:54 - 000551488 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    2014-09-26 11:18 - 2014-09-26 11:18 - 000039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-09-26 16:14 - 2014-09-26 16:14 - 000031344 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2012-07-11 01:04 - 2012-07-11 01:04 - 003306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
    2012-07-11 01:04 - 2012-07-11 01:04 - 000523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
    2012-07-11 01:04 - 2012-07-11 01:04 - 000108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
    2016-09-01 18:13 - 2016-09-01 18:13 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-09-01 18:13 - 2016-09-01 18:13 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-09-01 18:12 - 2016-09-01 18:12 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2014-09-23 15:05 - 2014-09-23 15:05 - 001382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
    2016-06-24 10:35 - 2016-06-20 14:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2016-02-10 17:51 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2014-11-03 19:53 - 2014-11-03 19:53 - 000865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2014-09-26 16:13 - 2014-09-26 16:13 - 000035464 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
    2014-09-26 16:13 - 2014-09-26 16:13 - 000035976 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
    2014-09-26 16:13 - 2014-09-26 16:13 - 000033400 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
    2014-09-26 16:13 - 2014-09-26 16:13 - 000034456 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Public\Documents\20130816_140212.jpg:com.dropbox.attributes [159]
    AlternateDataStreams: C:\Users\Public\Documents\20130816_140235.jpg:com.dropbox.attributes [81]
    AlternateDataStreams: C:\Users\Public\Documents\20130816_140242.jpg:com.dropbox.attributes [326]
    AlternateDataStreams: C:\Users\Public\Documents\20130816_140311.jpg:com.dropbox.attributes [324]
    AlternateDataStreams: C:\Users\Webb\Desktop\if you dont know me.mp3:Roxio EMC Stream [38]
    AlternateDataStreams: C:\Users\Webb\Desktop\my greatest demo.mp3:Roxio EMC Stream [38]
    AlternateDataStreams: C:\Users\Webb\Desktop\my greatest inspiration.mp3:Roxio EMC Stream [38]
    AlternateDataStreams: C:\Users\Webb\Desktop\SHE.mp3:Roxio EMC Stream [38]
    AlternateDataStreams: C:\Users\Webb\Desktop\teddy pendergrass tribute.mp3:Roxio EMC Stream [38]
    AlternateDataStreams: C:\Users\Webb\Documents\a song for you.mp3:Roxio EMC Stream [38]
    AlternateDataStreams: C:\Users\Webb\Documents\if you dont know me.mp3:Roxio EMC Stream [38]
    AlternateDataStreams: C:\Users\Webb\Documents\my greatest demo.mp3:Roxio EMC Stream [38]
    AlternateDataStreams: C:\Users\Webb\Documents\my greatest inspiration.mp3:Roxio EMC Stream [38]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-05-02 14:09 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-207249110-600702845-166796750-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{6ADFDAB0-A444-46FA-B2B3-21B2A7D5B153}] => (Allow) C:\Users\Webb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{20C65842-7DAC-4206-B55D-0582BB95DBF7}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
    FirewallRules: [{54B84CF2-9221-4FCF-A483-6CD115FB8A63}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
    FirewallRules: [{5D25AC97-9A3B-43F9-B8F0-04E4A8035937}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
    FirewallRules: [{C97F8651-8B4B-4E22-9B60-8A6629567283}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
    FirewallRules: [{23A8420D-5748-474B-9C70-6155CDAF4022}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
    FirewallRules: [{FB272CE9-6AD8-4BC7-9078-C47F422799C8}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
    FirewallRules: [{3B0184D1-1662-4AAC-9D20-AA7564AD1753}] => (Allow) LPort=0
    FirewallRules: [{EB5AE450-47A4-4C36-9AEB-722516CBE492}] => (Allow) LPort=2869
    FirewallRules: [{6F49D27B-EF99-455A-A12B-021D31F3F2DD}] => (Allow) LPort=1900
    FirewallRules: [{ABF98727-69AC-4C61-B7F5-FEDFD3A58275}] => (Allow) C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
    FirewallRules: [{F630F497-A827-42CD-B425-E935924E56F4}] => (Allow) C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
    FirewallRules: [{7ADE29D4-D538-46BC-8315-63A21316333D}] => (Allow) LPort=9000
    FirewallRules: [{D08A7FCD-5BF1-4090-B2DD-4BDE1D3422D2}] => (Allow) C:\Users\Webb\AppData\Local\Temp\7zS49BC.tmp\SymNRT.exe
    FirewallRules: [{5ED4E65B-54CD-46F2-85B9-07F3569087C6}] => (Allow) C:\Users\Webb\AppData\Local\Temp\7zS49BC.tmp\SymNRT.exe
    FirewallRules: [{029705A6-237A-46E9-816C-6CAD9446256E}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
    FirewallRules: [{04F61DE6-4E0A-4B55-B70D-67FF2BFB60B5}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
    FirewallRules: [{17276718-75C8-4614-B5B4-69C12CFF2D30}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    FirewallRules: [{7B5FE7FB-EDC3-4C99-B87F-0D816237B457}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
    FirewallRules: [{93DC9F0E-CF9D-4EB3-861B-C5B529656C7B}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
    FirewallRules: [{94B5E611-A99C-4B2C-A2A6-066EC98B358D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C63465B1-7BBF-405D-BD58-E6E904040601}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{69975844-1968-4B78-A253-E2F52D353EFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C74B9F76-0BE7-4957-9621-3162E4AA67B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{9DEE37A6-0DFA-47E7-81F1-A0ABE706C59F}C:\program files (x86)\wondershare\allmytube\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\allmytube.exe
    FirewallRules: [UDP Query User{F6316BA7-B001-42BC-8CD5-65C3DF9A6C05}C:\program files (x86)\wondershare\allmytube\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\allmytube.exe
    FirewallRules: [{699E23B5-370E-46CD-B857-2D861C415A47}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{1415D485-D8DC-40FD-A462-5671560DD9E8}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{11B95249-09C2-4FFC-92D6-D048CE26BCA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    09-10-2017 11:25:16 Windows Backup
    09-10-2017 13:16:54 Windows Backup
    09-10-2017 13:31:18 Windows Backup
    18-10-2017 12:13:34 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/18/2017 01:46:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8985

    Error: (10/18/2017 01:46:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8985

    Error: (10/18/2017 01:46:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/18/2017 01:46:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7909

    Error: (10/18/2017 01:46:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7909

    Error: (10/18/2017 01:46:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/18/2017 01:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6801

    Error: (10/18/2017 01:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6801

    Error: (10/18/2017 01:46:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/18/2017 01:46:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5678


    System errors:
    =============
    Error: (10/18/2017 04:41:54 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} did not register with DCOM within the required timeout.

    Error: (10/18/2017 04:37:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error: (10/18/2017 04:37:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The McAfee Boot Delay Start Service service hung on starting.

    Error: (10/18/2017 04:35:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Roxio Hard Drive Watcher 14 service terminated with the following error:
    The class is configured to run as a security id different from the caller

    Error: (10/18/2017 04:35:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Module Core Service service failed to start due to the following error:
    The executable program that this service is configured to run in does not implement the service.

    Error: (10/18/2017 04:14:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (10/18/2017 04:00:11 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} did not register with DCOM within the required timeout.

    Error: (10/18/2017 01:07:27 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} did not register with DCOM within the required timeout.

    Error: (10/18/2017 01:04:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error: (10/18/2017 01:04:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Roxio Hard Drive Watcher 14 service terminated with the following error:
    The class is configured to run as a security id different from the caller


    CodeIntegrity:
    ===================================
    Date: 2015-08-02 08:54:49.135
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:49.129
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:49.082
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:49.064
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:48.687
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:48.598
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:48.490
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:48.483
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:48.429
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 08:54:48.423
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
    Percentage of memory in use: 27%
    Total physical RAM: 6108.99 MB
    Available physical RAM: 4444.68 MB
    Total Virtual: 12216.17 MB
    Available Virtual: 10581.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.41 GB) (Free:668.49 GB) NTFS
    Drive e: (2G-3) (Removable) (Total:1.91 GB) (Free:1.58 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 05AF9A15)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

    ==================== End of Addition.txt ============================
     
  12. starbuck United Kingdom

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR

    Joined:
    Jul 16, 2014
    Likes Received:
    258
    Trophy Points:
    83
    This is what I hate about McAfee.
    2 firewalls running won't help the system.
    To be able to disable the Windows Firewall, you'll have to disable the McAfee Firewall first..... or the Windows Firewall settings will be greyed out.

    Nothing malicious in the reports, but quite a few things we should address.
    Any idea when the loss of internet occurred?
    if we have some sort of date/time it may help.

    Copy the script within the quote box below: (make sure that you include Start:: and End:: as these are the clipboard notifiers.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    [​IMG]

    The tool will make a log in the same directory that FRST is run from (Fixlog.txt).
    Please post this in your next reply.
     
  13. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    The guy says it started 3 weeks ago. Not understanding how to copy this for us on the actual machine? Should I paste it in notepad and save on a flash drive then open the flash drive on the pc and re-run Frst64?
     
    Tony D likes this.
  14. starbuck United Kingdom

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR

    Joined:
    Jul 16, 2014
    Likes Received:
    258
    Trophy Points:
    83
    Ok, because you are running FRST from the flash drive, it does complicate things..
    But nothing we can't handle.
    I've attached a fixlist.txt save this onto the flash drive and then run FRST from the flash drive as you said.
    When you click on fix, it'll see the fixlist and run it.
    After the fix has run, the fixlog.txt will then be saved to the flash drive as well.
     

    Attached Files:

  15. starbuck United Kingdom

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR

    Joined:
    Jul 16, 2014
    Likes Received:
    258
    Trophy Points:
    83
    Hi Mike,

    Hold fire on the fixlist for a min.... I want to make some changes.
     
  16. starbuck United Kingdom

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR

    Joined:
    Jul 16, 2014
    Likes Received:
    258
    Trophy Points:
    83
    Ok, based on that 3 week time frame... I see a couple of Chrome extensions that are a bit dubious so I've now added those to the fixlist.
    The new fixlist is at the bottom of this post.

    I also noticed that there was a McAfee update about that time!!!
    If all else fails, you could try disabling McAfee. ( or removing it )
     

    Attached Files:

  17. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Same deal Pete, I am wondering if the onboard network card might be shot? I can try a usb adapter and if that works would that mean the pc is virus free?

    Fix result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01
    Ran by Webb (18-10-2017 18:59:40) Run:1
    Running from E:\
    Loaded Profiles: Webb (Available Profiles: Webb)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    CHR HKU\S-1-5-21-207249110-600702845-166796750-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-207249110-600702845-166796750-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll => No File
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL => No File
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL => No File
    BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    Toolbar: HKU\S-1-5-21-207249110-600702845-166796750-1000 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
    Handler: osf - No CLSID Value
    Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File
    2013-01-28 18:20 - 2013-01-28 18:20 - 000248008 _____ (Ask.com) C:\Users\Webb\AppData\Local\Temp\AskSLib.dll
    2013-10-28 21:26 - 2013-03-07 10:57 - 000098304 _____ () C:\Users\Webb\AppData\Local\Temp\cabex.dll
    2016-05-02 09:40 - 2016-05-02 09:40 - 014185258 _____ (HOW Inc. ) C:\Users\Webb\AppData\Local\Temp\FYDSetup.exe
    2013-09-02 17:45 - 2015-08-20 14:16 - 000163104 _____ (RealNetworks, Inc.) C:\Users\Webb\AppData\Local\Temp\lowproc.exe
    2017-05-30 21:21 - 2017-05-30 21:21 - 000243240 _____ (McAfee, Inc.) C:\Users\Webb\AppData\Local\Temp\McCSPInstall.dll
    2017-04-02 00:11 - 2008-09-12 13:39 - 000217088 _____ (MAGIX AG) C:\Users\Webb\AppData\Local\Temp\MgxVistaTools.dll
    2014-01-25 19:31 - 2013-07-17 00:14 - 000798904 _____ (Microsoft Corporation) C:\Users\Webb\AppData\Local\Temp\OfficeSetup.exe
    2013-10-28 21:26 - 2013-03-07 10:57 - 000172720 _____ () C:\Users\Webb\AppData\Local\Temp\PVARemove.exe
    2013-09-02 17:45 - 2014-10-16 02:01 - 000090624 _____ (RealNetworks, Inc.) C:\Users\Webb\AppData\Local\Temp\stubhelper.dll
    2016-10-27 20:31 - 2017-04-01 20:40 - 000153056 _____ (MAGIX AG) C:\Users\Webb\AppData\Local\Temp\unwise.exe
    2015-05-15 09:26 - 2015-05-15 09:26 - 028849904 _____ () C:\Users\Webb\AppData\Local\Temp\vlc-2.2.1-win32.exe
    2016-07-05 16:57 - 2016-07-05 16:57 - 030533688 _____ () C:\Users\Webb\AppData\Local\Temp\vlc-2.2.4-win32.exe
    2017-10-18 16:15 - 2017-10-18 16:15 - 000123697 _____ () C:\Users\Webb\AppData\Local\Temp\{0776AC08-42A7-4437-B11F-0610BF38DA56}-62.0.3202.62_chrome_installer.exe
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL -> No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL -> No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL -> No File
    FirewallRules: [{D08A7FCD-5BF1-4090-B2DD-4BDE1D3422D2}] => (Allow) C:\Users\Webb\AppData\Local\Temp\7zS49BC.tmp\SymNRT.exe
    FirewallRules: [{5ED4E65B-54CD-46F2-85B9-07F3569087C6}] => (Allow) C:\Users\Webb\AppData\Local\Temp\7zS49BC.tmp\SymNRT.exe
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    *****************

    Processes closed successfully.
    HKLM\SOFTWARE\Policies\Google => key removed successfully
    HKU\S-1-5-21-207249110-600702845-166796750-1000\SOFTWARE\Policies\Google => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKU\S-1-5-21-207249110-600702845-166796750-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key removed successfully
    HKLM\Software\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
    HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key removed successfully
    HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
    HKU\S-1-5-21-207249110-600702845-166796750-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} => value removed successfully
    HKLM\Software\Classes\CLSID\{093F479D-712E-46CD-9E06-62E734A05F68} => key not found.
    HKLM\Software\Classes\PROTOCOLS\Handler\osf => key removed successfully
    HKLM\Software\Classes\PROTOCOLS\Handler\WSAllMyTubechrome => key removed successfully
    C:\Users\Webb\AppData\Local\Temp\AskSLib.dll => moved successfully
    C:\Users\Webb\AppData\Local\Temp\cabex.dll => moved successfully
    C:\Users\Webb\AppData\Local\Temp\FYDSetup.exe => moved successfully
    C:\Users\Webb\AppData\Local\Temp\lowproc.exe => moved successfully
    C:\Users\Webb\AppData\Local\Temp\McCSPInstall.dll => moved successfully
    C:\Users\Webb\AppData\Local\Temp\MgxVistaTools.dll => moved successfully
    C:\Users\Webb\AppData\Local\Temp\OfficeSetup.exe => moved successfully
    C:\Users\Webb\AppData\Local\Temp\PVARemove.exe => moved successfully
    C:\Users\Webb\AppData\Local\Temp\stubhelper.dll => moved successfully
    C:\Users\Webb\AppData\Local\Temp\unwise.exe => moved successfully
    C:\Users\Webb\AppData\Local\Temp\vlc-2.2.1-win32.exe => moved successfully
    C:\Users\Webb\AppData\Local\Temp\vlc-2.2.4-win32.exe => moved successfully
    C:\Users\Webb\AppData\Local\Temp\{0776AC08-42A7-4437-B11F-0610BF38DA56}-62.0.3202.62_chrome_installer.exe => moved successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict) => key removed successfully
    HKLM\Software\Classes\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7} => key removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress) => key removed successfully
    HKLM\Software\Classes\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE} => key removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync) => key removed successfully
    HKLM\Software\Classes\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D08A7FCD-5BF1-4090-B2DD-4BDE1D3422D2} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5ED4E65B-54CD-46F2-85B9-07F3569087C6} => value removed successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 66840512 B
    Java, Flash, Steam htmlcache => 976 B
    Windows/system/drivers => 5583128654 B
    Edge => 0 B
    Chrome => 38937476 B
    Firefox => 51350755 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 449507 B
    systemprofile32 => 74866 B
    LocalService => 66228 B
    NetworkService => 3444561135 B
    Webb => 5997874500 B

    RecycleBin => 22312308280 B
    EmptyTemp: => 34.9 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 19:03:49 ====
     
  18. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Hmnn, I installed the usb wireless network adapter and it is showing as connected to my network but still same issue with both chrome and IE
     
  19. mikehende United States

    mikehende Active Member

    Joined:
    Apr 5, 2005
    Likes Received:
    27
    Trophy Points:
    28
    Hey Pete, the pc's net connection works fast and fine from linux and safe mode and with the onboard wired net connection. Will check back in the morning if you should have any fix for this and if not, if you can tell me what might be the issue or if t can be fixed and how, that would be great, thanks.
     
  20. starbuck United Kingdom

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR

    Joined:
    Jul 16, 2014
    Likes Received:
    258
    Trophy Points:
    83
    Temporarily disable McAfee Personal Firewall to test your Internet connection:
    1. Double-click the M shield icon in your taskbar.
    2. Click Web and Email Protection.
    3. Click the Firewall link.
    4. In the Firewall options window, click the Turn Off button. ...
    5. Select a resume time, then click Turn Off. ...
    6. Test your Internet connection.
     

Share This Page

Loading...