Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

account-specific issue, I hope it is not an infection -


  • Please log in to reply
5 replies to this topic

#1 seraphin

seraphin

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted 17 October 2018 - 09:37 PM

First off, the key problem with my laptop is an issue that in one of the accounts (non-admin), left-clicking the MS logo fails to open the start menu but triggers the following popup message -

 

"Critical Error: your start menu isn't working. We will try to fix it the next time you sign in. Sign out now"

 

Without left-clicking MS logo, I could use programs such as WORD .However, it is noted that while I can open a WORD file and work on it, I always get a popup that says

 

"WORD could not create the word file. Check the temp environment variable".

 

For programs such as Chrome and Firefox, somehow I cannot launch either. Firefox would show up in the Task manager but won't show up on the desktop. And every time I click Firefox icon (first time), I will get the following message

 

"Firefox is already running, but is not responding. The old Firefox must be closed to open a new window"

 

Chrome does not even seem to show up in the Task manager.

 

None of these happen in other accounts - i.e I can run all programs without problems. Please note that the troubled account HAD been my main login account in the past and I have A LOT of files on the desktop under that account.

 

Google search suggests the possibility that all these account-specific issues may be related to the message of "Critical Error" and may NOT be related to infection. But either way, I have not found any working solution. I have tried everything on the folloing link but nothing works.

 

https://windowsreport.com/critical-error-start-menu-windows-10/

 

There are other more technical articles about "Critical Error" but I fail to find a "non/less-technical" solution in those articles (i.e. no step-by-step guide, sorry to say that).

 

Under the assumption that an infection is still a possible cause, below are the files of FRST and Addition. Any suggestion - regarding Critical Error, or anything in FRST & Addition files - is welcome.

 

 

 

 

FRST file content

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Brenden_admin (administrator) on DESKTOP-1JM97OQ (17-10-2018 21:07:01)
Running from C:\Users\Brenden_admin\Downloads
Loaded Profiles: Brenden_admin (Available Profiles: Brenden_admin & Brenden_general_use & Brenden_general_use2 & admin1)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [DpmLiteEvent] => C:\Program Files\Dell\DpmLite\DpmLiteEvent.exe [2537776 2014-11-19] (Wistron Corporation)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-945787170-3846151247-1844422181-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-945787170-3846151247-1844422181-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-945787170-3846151247-1844422181-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3097640 2015-11-13] ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{855c25c8-cee2-4ce2-a919-86d2e5f0d64f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{c080213d-c2c9-40f9-b0e6-52ed12c385cd}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-945787170-3846151247-1844422181-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

Edge:
======
Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2017-09-29]
Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-03-20]

FireFox:
========
FF DefaultProfile: dx336ydo.default
FF ProfilePath: C:\Users\Brenden_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dx336ydo.default [2018-10-17]
FF Homepage: Mozilla\Firefox\Profiles\dx336ydo.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (uBlock Origin) - C:\Users\Brenden_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dx336ydo.default\Extensions\uBlock0@raymondhill.net.xpi [2018-10-17]
FF Extension: (Screengrab!) - C:\Users\Brenden_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dx336ydo.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-02-08]
FF Extension: (Telemetry coverage) - C:\Users\Brenden_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dx336ydo.default\features\{c223c759-00f2-462c-86dc-674a5d1bb4be}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-17] [Legacy]
FF SearchPlugin: C:\Users\Brenden_admin\AppData\Roaming\Mozilla\Firefox\Profiles\dx336ydo.default\searchplugins\bing-lavasoft-ff59.xml [2018-09-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-17] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default [2018-10-17]
CHR Extension: (Slides) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-30]
CHR Extension: (Docs) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-30]
CHR Extension: (Google Drive) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-18]
CHR Extension: (YouTube) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-18]
CHR Extension: (Sheets) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-30]
CHR Extension: (Gmail) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\Brenden_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373760 2016-06-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel Corporation)
S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
S2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333296 2017-06-19] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated)
S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [73768 2017-08-17] (Symantec Corporation)
S2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-29] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-29] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [110360 2016-09-23] (DisplayLink Corp.)
S3 dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [247064 2016-09-23] (DisplayLink Corp.)
S2 DpmLiteDrv; C:\Program Files\Dell\DpmLite\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [113416 2015-06-15] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [155400 2015-06-15] (Intel Corporation)
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-17] (Malwarebytes)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3537672 2017-02-17] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66104 2017-12-19] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-02-20] ()
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-09-29] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [352424 2018-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-17 21:07 - 2018-10-17 21:08 - 000015280 _____ C:\Users\Brenden_admin\Downloads\FRST.txt
2018-10-17 21:06 - 2018-10-17 21:07 - 000000000 ____D C:\FRST
2018-10-17 21:03 - 2018-10-17 21:03 - 002414592 _____ (Farbar) C:\Users\Brenden_admin\Downloads\FRST64.exe
2018-10-17 20:57 - 2018-10-17 20:57 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-17 20:34 - 2018-10-17 20:34 - 000000000 ____D C:\Users\admin1\AppData\Roaming\Intel Corporation
2018-10-17 20:32 - 2018-10-17 20:32 - 000000000 ___HD C:\Users\admin1\MicrosoftEdgeBackups
2018-10-17 20:32 - 2018-10-17 20:32 - 000000000 ____D C:\Users\admin1\AppData\Local\MicrosoftEdge
2018-10-17 20:26 - 2018-10-17 20:26 - 000000000 ____D C:\Users\admin1\AppData\Local\Publishers
2018-10-17 20:25 - 2018-10-17 20:32 - 000000000 ____D C:\Users\admin1
2018-10-17 20:25 - 2018-10-17 20:27 - 000000000 ____D C:\Users\admin1\AppData\Local\Packages
2018-10-17 20:25 - 2018-10-17 20:25 - 000000020 ___SH C:\Users\admin1\ntuser.ini
2018-10-17 20:25 - 2018-10-17 20:25 - 000000000 __SHD C:\Users\admin1\IntelGraphicsProfiles
2018-10-17 20:25 - 2018-10-17 20:25 - 000000000 ___RD C:\Users\admin1\3D Objects
2018-10-17 20:25 - 2018-10-17 20:25 - 000000000 ____D C:\Users\admin1\AppData\Roaming\Intel
2018-10-17 20:25 - 2018-10-17 20:25 - 000000000 ____D C:\Users\admin1\AppData\Roaming\Adobe
2018-10-17 20:25 - 2018-10-17 20:25 - 000000000 ____D C:\Users\admin1\AppData\Local\VirtualStore
2018-10-17 20:25 - 2018-10-17 20:25 - 000000000 ____D C:\Users\admin1\AppData\Local\mbamtray
2018-10-17 20:25 - 2018-10-17 20:25 - 000000000 ____D C:\Users\admin1\AppData\Local\Google
2018-10-17 20:25 - 2018-10-17 20:25 - 000000000 ____D C:\Users\admin1\AppData\Local\ConnectedDevicesPlatform
2018-10-17 20:25 - 2016-08-28 16:33 - 000000000 ____D C:\Users\admin1\AppData\Local\Microsoft Help
2018-10-17 19:18 - 2018-10-17 19:18 - 007592144 _____ (Malwarebytes) C:\Users\Brenden_general_use2\Downloads\AdwCleaner.exe
2018-10-17 19:10 - 2018-10-17 19:10 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\mbam
2018-10-17 19:02 - 2018-10-17 19:02 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\LocalLow\Mozilla
2018-10-17 19:01 - 2018-10-17 19:02 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Roaming\Mozilla
2018-10-17 19:01 - 2018-10-17 19:01 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\Mozilla
2018-10-17 18:41 - 2018-10-17 18:41 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Roaming\Intel Corporation
2018-10-17 18:41 - 2018-10-17 18:41 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\DBG
2018-10-17 18:38 - 2018-10-17 18:38 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\Publishers
2018-10-17 18:37 - 2018-10-17 18:37 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\Google
2018-10-17 18:36 - 2018-10-17 19:03 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\Packages
2018-10-17 18:36 - 2018-10-17 18:36 - 000000000 __SHD C:\Users\Brenden_general_use2\IntelGraphicsProfiles
2018-10-17 18:36 - 2018-10-17 18:36 - 000000000 ___RD C:\Users\Brenden_general_use2\3D Objects
2018-10-17 18:36 - 2018-10-17 18:36 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Roaming\Adobe
2018-10-17 18:36 - 2018-10-17 18:36 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\VirtualStore
2018-10-17 18:36 - 2018-10-17 18:36 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\mbamtray
2018-10-17 18:35 - 2018-10-17 18:36 - 000000000 ____D C:\Users\Brenden_general_use2
2018-10-17 18:35 - 2018-10-17 18:35 - 000000020 ___SH C:\Users\Brenden_general_use2\ntuser.ini
2018-10-17 18:35 - 2018-10-17 18:35 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Roaming\Intel
2018-10-17 18:35 - 2018-10-17 18:35 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\ConnectedDevicesPlatform
2018-10-17 18:35 - 2016-08-28 16:33 - 000000000 ____D C:\Users\Brenden_general_use2\AppData\Local\Microsoft Help
2018-10-17 08:11 - 2018-10-17 08:12 - 000176846 _____ C:\WINDOWS\ntbtlog.txt
2018-10-17 06:46 - 2018-10-17 06:46 - 006226432 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-10-06 11:15 - 2018-10-06 11:17 - 000000000 ___HD C:\$WINDOWS.~BT
2018-10-05 21:07 - 2018-10-06 09:59 - 000000000 ____D C:\Users\Brenden_admin\Desktop\finance
2018-10-05 20:46 - 2018-10-05 20:46 - 009244910 _____ C:\Users\Brenden_general_use\Desktop\VBA For Dummies 5th Ed.pdf
2018-10-05 20:07 - 2018-10-05 20:07 - 000000000 ____D C:\Users\Brenden_general_use\AppData\Local\mbamtray
2018-10-05 20:03 - 2018-10-06 02:13 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-10-01 10:16 - 2018-10-01 10:16 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-09-30 16:01 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-09-30 13:45 - 2018-09-30 13:47 - 000000000 ____D C:\Users\Brenden_admin\AppData\Roaming\SumatraPDF
2018-09-30 11:19 - 2018-09-30 11:19 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\mbam
2018-09-30 11:18 - 2018-09-30 11:18 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\mbamtray
2018-09-30 11:17 - 2018-09-30 11:17 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-30 11:16 - 2018-09-30 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-30 11:16 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-30 11:04 - 2018-09-30 11:04 - 002768256 _____ (Kaspersky Lab) C:\Users\Brenden_admin\Downloads\startup_14439.exe
2018-09-30 10:05 - 2018-09-30 11:06 - 080458240 _____ (Malwarebytes ) C:\Users\Brenden_admin\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7083.exe
2018-09-30 09:27 - 2018-10-17 18:47 - 000040784 ____H C:\Users\Brenden_admin\AppData\Local\IconCache.db.backup
2018-09-30 09:06 - 2018-09-30 09:06 - 004261120 _____ (ESET) C:\Users\Brenden_admin\Downloads\eset_smart_security_premium_live_installer.exe
2018-09-30 08:50 - 2018-09-30 08:50 - 007592144 _____ (Malwarebytes) C:\Users\Brenden_admin\Downloads\adwcleaner_7.2.4.0.exe
2018-09-30 08:43 - 2018-09-30 08:43 - 007567568 _____ (Malwarebytes) C:\Users\Brenden_admin\Downloads\AdwCleaner (1).exe
2018-09-30 08:41 - 2018-09-30 08:41 - 001790024 _____ (Malwarebytes) C:\Users\Brenden_admin\Downloads\JRT.exe
2018-09-30 08:08 - 2018-09-30 08:08 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-09-30 08:07 - 2018-09-13 15:36 - 000025248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Luadgmgt.dll
2018-09-30 01:36 - 2018-09-30 01:36 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\DBG
2018-09-30 00:39 - 2018-09-30 00:40 - 004864480 _____ C:\Users\Brenden_admin\Downloads\document.pdf
2018-09-30 00:34 - 2018-09-30 00:34 - 000000000 ___HD C:\Users\Brenden_admin\MicrosoftEdgeBackups
2018-09-29 23:56 - 2018-10-05 20:12 - 000000000 ____D C:\Users\Brenden_admin\AppData\LocalLow\uTorrent
2018-09-29 23:29 - 2018-10-05 21:09 - 000000000 ____D C:\Users\Brenden_admin\AppData\Roaming\uTorrent
2018-09-29 23:29 - 2018-09-29 23:29 - 000000906 _____ C:\Users\Brenden_admin\Desktop\µTorrent.lnk
2018-09-29 23:29 - 2018-09-29 23:29 - 000000886 _____ C:\Users\Brenden_admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-09-29 23:23 - 2018-09-29 23:24 - 002993992 _____ (BitTorrent Inc.) C:\Users\Brenden_general_use\Downloads\uTorrent(1).exe
2018-09-29 22:45 - 2018-09-29 22:45 - 000224431 _____ C:\Users\Brenden_general_use\Downloads\fra-forumula-book-pdf.pdf
2018-09-29 22:44 - 2018-09-29 22:44 - 001609874 _____ C:\Users\Brenden_general_use\Downloads\ethics-mind-map-study-notes1.pdf
2018-09-29 22:44 - 2018-09-29 22:44 - 000173508 _____ C:\Users\Brenden_general_use\Downloads\Quantitative-Aptitude-Formulae-Sheet.pdf
2018-09-29 22:44 - 2018-09-29 22:44 - 000109997 _____ C:\Users\Brenden_general_use\Downloads\economics-formula-sheet.pdf
2018-09-29 22:43 - 2018-09-29 22:43 - 004928103 _____ C:\Users\Brenden_general_use\Downloads\CFA_Fundamentals_2nd_Edition.pdf
2018-09-29 22:43 - 2018-09-29 22:43 - 000199514 _____ C:\Users\Brenden_general_use\Downloads\FRA-Study-Session-Charts.pdf
2018-09-29 22:43 - 2018-09-29 22:43 - 000000000 ____D C:\Users\Brenden_general_use\Desktop\CFA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-17 20:58 - 2017-05-26 00:45 - 000000000 ____D C:\Users\Brenden_admin\AppData\LocalLow\Mozilla
2018-10-17 20:58 - 2016-11-17 21:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-17 20:58 - 2016-08-13 15:57 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-17 20:58 - 2016-08-13 15:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-17 20:57 - 2016-10-22 06:27 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-10-17 20:55 - 2017-12-21 08:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-17 20:55 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-10-17 20:54 - 2017-03-18 21:12 - 000000000 ____D C:\Users\Brenden_admin\.rainlendar2
2018-10-17 20:53 - 2016-08-24 04:53 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-10-17 20:53 - 2016-08-13 15:42 - 000000000 __SHD C:\Users\Brenden_admin\IntelGraphicsProfiles
2018-10-17 20:51 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-17 20:50 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-10-17 20:43 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-17 20:40 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-17 20:38 - 2017-12-21 07:31 - 000000000 ____D C:\Users\Brenden_general_use\AppData\Local\Packages
2018-10-17 20:30 - 2016-10-21 06:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-17 20:25 - 2016-02-23 03:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-17 20:03 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-10-17 18:55 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-10-17 18:34 - 2017-12-21 07:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-17 07:53 - 2017-08-01 21:26 - 000000000 ____D C:\Program Files\Common Files\AV
2018-10-17 07:49 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-10-17 07:43 - 2016-09-18 19:46 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-17 06:59 - 2017-12-21 08:02 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-945787170-3846151247-1844422181-1001
2018-10-17 06:59 - 2016-08-13 15:46 - 000002436 _____ C:\Users\Brenden_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-17 06:59 - 2016-08-13 15:46 - 000000000 ___RD C:\Users\Brenden_admin\OneDrive
2018-10-17 06:50 - 2018-03-13 22:59 - 000004616 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-17 06:49 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-17 06:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-06 11:19 - 2017-12-19 04:54 - 000000000 ___DC C:\WINDOWS\Panther
2018-10-06 02:25 - 2016-08-13 18:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-05 20:31 - 2016-02-23 02:50 - 000000000 ____D C:\Program Files\Dell
2018-10-05 20:31 - 2016-02-23 02:34 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-05 20:22 - 2016-11-18 22:40 - 000000000 ____D C:\Users\Brenden_general_use\AppData\LocalLow\Mozilla
2018-10-05 20:19 - 2016-08-13 18:18 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-05 20:07 - 2016-08-18 16:47 - 000000000 __SHD C:\Users\Brenden_general_use\IntelGraphicsProfiles
2018-10-05 20:04 - 2017-12-21 07:22 - 000475104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-01 17:01 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-10-01 16:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2018-10-01 16:01 - 2017-12-21 07:59 - 000013338 _____ C:\WINDOWS\diagwrn.xml
2018-10-01 16:01 - 2017-12-21 07:59 - 000013338 _____ C:\WINDOWS\diagerr.xml
2018-10-01 10:18 - 2015-10-30 02:24 - 000000167 _____ C:\WINDOWS\win.ini
2018-09-30 22:59 - 2017-12-21 08:02 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-09-30 19:07 - 2018-02-08 11:26 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\ElevatedDiagnostics
2018-09-30 16:16 - 2017-08-10 20:02 - 000000000 ____D C:\Program Files\rempl
2018-09-30 14:55 - 2016-10-22 09:34 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\CrashDumps
2018-09-30 11:18 - 2017-12-21 07:51 - 001525908 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-30 11:15 - 2016-08-28 08:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-30 10:35 - 2017-12-21 07:34 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\Packages
2018-09-30 10:14 - 2017-12-21 08:02 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-09-30 09:38 - 2017-08-02 19:54 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\ESET
2018-09-30 08:54 - 2016-09-18 20:11 - 000000000 ____D C:\AdwCleaner
2018-09-30 08:48 - 2016-10-22 06:25 - 000000557 _____ C:\Users\Brenden_admin\Desktop\JRT.txt
2018-09-30 08:42 - 2016-09-18 16:40 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\Google
2018-09-30 03:50 - 2017-12-21 08:02 - 000003404 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-945787170-3846151247-1844422181-1003
2018-09-30 03:50 - 2016-08-18 16:51 - 000002407 _____ C:\Users\Brenden_general_use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-30 03:50 - 2016-08-18 16:51 - 000000000 ___RD C:\Users\Brenden_general_use\OneDrive
2018-09-30 02:01 - 2016-08-27 06:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-30 02:01 - 2016-08-27 06:15 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-30 00:34 - 2017-12-21 07:30 - 000000000 ____D C:\Users\Brenden_admin
2018-09-29 23:49 - 2018-02-08 11:30 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\PlaceholderTileLogoFolder
2018-09-29 23:42 - 2018-02-20 20:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-09-29 23:01 - 2016-08-13 15:42 - 000000000 ____D C:\Users\Brenden_admin\AppData\Local\TileDataLayer
2018-09-29 22:58 - 2018-02-08 10:51 - 000000000 ___RD C:\Users\Brenden_admin\3D Objects
2018-09-29 22:51 - 2017-12-21 08:02 - 000003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-29 22:51 - 2017-12-21 08:02 - 000003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-29 22:46 - 2016-10-22 07:50 - 000000000 ____D C:\Users\Brenden_general_use\AppData\Local\CrashDumps
2018-09-29 22:38 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF

Some files in TEMP:
====================
2018-02-20 19:33 - 2018-02-10 01:15 - 001954048 _____ (Microsoft Corporation) C:\Users\Brenden_admin\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION

LastRegBack: 2018-09-30 19:06

==================== End of FRST.txt ============================

 

Addition file content

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Brenden_admin (17-10-2018 21:11:16)
Running from C:\Users\Brenden_admin\Downloads
Windows 10 Home Version 1709 16299.431 (X64) (2017-12-21 13:06:22)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

admin1 (S-1-5-21-945787170-3846151247-1844422181-1005 - Administrator - Enabled) => C:\Users\admin1
Administrator (S-1-5-21-945787170-3846151247-1844422181-500 - Administrator - Disabled)
Brenden_admin (S-1-5-21-945787170-3846151247-1844422181-1001 - Administrator - Enabled) => C:\Users\Brenden_admin
Brenden_general_use (S-1-5-21-945787170-3846151247-1844422181-1003 - Limited - Enabled) => C:\Users\Brenden_general_use
Brenden_general_use2 (S-1-5-21-945787170-3846151247-1844422181-1004 - Limited - Enabled) => C:\Users\Brenden_general_use2
DefaultAccount (S-1-5-21-945787170-3846151247-1844422181-503 - Limited - Disabled)
Guest (S-1-5-21-945787170-3846151247-1844422181-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-945787170-3846151247-1844422181-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-945787170-3846151247-1844422181-1001\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
cgoban (HKLM\...\{org.igoweb.cgoban}}_is1) (Version: 1.0 - Unknown)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\DpmLite_Iris_2014_is1) (Version: 1.0.4 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{88540041-fd0c-4588-9b2f-251e29f7c5a1}) (Version: 18.40.4 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{de9d82da-dc00-4586-97fe-1b0021f2246d}) (Version: 19.2.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-945787170-3846151247-1844422181-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.3.6848 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
PANDA-glGo (HKLM-x32\...\glGo) (Version: 1.4 - PANDANET Inc.)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
RogueKiller version 12.7.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.3.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{133A2E34-3E09-4A1A-A9AA-F9D8E5417199}) (Version: 2.50.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VIP Access (HKLM-x32\...\{58594A65-ACD7-41A2-B6ED-2597777F2850}) (Version: 2.2.4.44 - Symantec Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-19] (Cyberlink)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-19] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-06-07] (Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0508A0DF-8081-4F99-8ECF-8F2EEB3C570D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-08-18] (CyberLink)
Task: {0CDAA92E-7947-412E-88BA-21FF88C2D51F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {146BF914-E4CD-4399-A7E1-A79CDCE165F0} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {17ED4D5B-5461-41E2-83DA-528BDC7B2E90} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-17] (Adobe Systems Incorporated)
Task: {2780BAAA-94B3-43E5-AD29-6DF167B5DC96} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-29] (Microsoft Corporation)
Task: {3218FBC8-96B2-49BB-9E79-0A2F545D9B7B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-29] (Microsoft Corporation)
Task: {4671D812-D8DC-4647-B8CC-6AD66450649E} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {471ACB8B-0D6C-4491-BE58-D22DB1FE3FD2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {48979C26-E9BE-46C4-823C-3FF100BF239F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-17] (Adobe Systems Incorporated)
Task: {501AA623-E2E0-42AA-A57D-CD2E5F86E1F0} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {7A4802F8-3CAA-4F89-9586-043F17E32FF5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {7A62DC84-E7E4-4752-B9FF-2A8F5800526B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {8299FF2A-71AF-4B6D-A3FA-50146C43D284} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {8E0DEAFD-9AB3-4A8B-84FD-1FF5A070300F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {A753C2F4-FB68-4CFD-A1BB-674382A8C8C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-29] (Microsoft Corporation)
Task: {B45CB79F-908B-4E0E-B040-686F623D5442} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {BFF8F8CF-0FAD-4C77-815D-143BA671AEF4} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {D6A4C404-6132-4702-9EBD-CB28D4E84AD2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-12-19] (Synaptics Incorporated)
Task: {D75F9BC4-EE9A-4A60-B919-3530612AC6BF} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {DB6A3653-B9BB-437B-B5E3-BD1714D237A9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DF03C094-845F-45AB-84D3-BE2FDB7431D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {ED455913-42F3-4042-B72B-6A4CEE8F6DDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-29] (Microsoft Corporation)
Task: {EF28F9E6-4884-4BD5-B781-A1B9BAC7466C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-27] (Google Inc.)
Task: {F145FCF2-CE70-4FBC-96C3-F3EF907EE646} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-27] (Google Inc.)
Task: {F39C2649-57C0-4881-9452-B74CE4D6A40D} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {F59641C1-73F6-4CB2-A8C3-A66C5E6D33EF} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {FAE533DE-5F88-4E70-921B-ADA83D8DE712} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-06-19] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP 1JM97OQ
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Brenden_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PANDA-glGo\glGo Webpage.lnk -> hxxp://www.pandanet.co.jp/English/glgo

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-09-30 11:16 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-03-19 20:47 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-19 20:46 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-945787170-3846151247-1844422181-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2015-10-30 02:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-945787170-3846151247-1844422181-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-945787170-3846151247-1844422181-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{A74EAA95-BAA7-445E-BC20-0948D0AFC360}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5FC76D54-9BC2-4B11-946C-20AC811BEF10}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{DB11459F-75D7-41CC-8109-A167D48BED95}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{87EDA578-080A-43BC-B3CB-86B7D66E168E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2BECEE40-4646-4B05-A4A7-06950706CB47}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{E3626F16-D951-4F28-8CD0-91CFCE3E3B71}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{5FACFE20-077A-4595-82F7-1356C9DF58BF}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{989E8FDB-F135-4745-9130-07611C2A74EE}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{4D96530C-B432-4849-9351-1BA0E3010263}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{88FC0490-BE87-4798-A004-8AD3D8372DA5}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{E73C534F-C4EB-42AD-9C3E-9F04147FCDB6}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{2AE488FF-2E44-45F7-85A1-CCDB20C7C0F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03314CFF-DC31-47DA-8304-06B084D5ED3A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{30C423D7-D8EC-49A3-8C14-0FD6BE53A45B}C:\users\brenden_admin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\brenden_admin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{805AB5FB-840A-47C1-9EE7-024B55352971}C:\users\brenden_admin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\brenden_admin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{CFB152D3-D8AF-4389-90F2-5710FD5BC0DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-10-2018 20:04:03 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2018 08:52:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (10/17/2018 08:52:47 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8936,R,0) WebCacheLocal: An attempt to open the file "C:\Users\Brenden_general_use\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/17/2018 08:52:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (8936,R,0) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Brenden_general_use\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/17/2018 08:52:37 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8936,R,0) WebCacheLocal: An attempt to open the file "C:\Users\Brenden_general_use\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/17/2018 08:52:27 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8936,R,0) WebCacheLocal: An attempt to open the file "C:\Users\Brenden_general_use\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/17/2018 08:52:17 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (8936,R,0) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Brenden_general_use\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/17/2018 08:52:17 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8936,R,0) WebCacheLocal: An attempt to open the file "C:\Users\Brenden_general_use\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/17/2018 08:52:07 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8936,R,0) WebCacheLocal: An attempt to open the file "C:\Users\Brenden_general_use\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (10/17/2018 09:13:47 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/17/2018 09:13:21 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-1JM97OQ)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/17/2018 09:08:04 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-1JM97OQ)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/17/2018 09:07:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/17/2018 09:07:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/17/2018 09:07:10 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-1JM97OQ)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/17/2018 09:06:14 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-1JM97OQ)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/17/2018 09:02:13 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}


Windows Defender:
===================================
Date: 2018-08-06 10:38:54.133
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BBA512EA-12D2-4B68-A338-9579F7044BBA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-27 23:25:28.887
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F8F4236C-2260-42AE-A000-C645CA119143}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-27 23:14:00.448
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E51EDD97-8D17-4BE2-8DAD-139BFBB3BC8B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-17 20:37:50.750
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {209A0E56-30C7-4576-A375-AAB346807968}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-13 00:56:51.677
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EBE18029-60F2-4B82-BB81-A7CAEB0E0F1A}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-10-17 21:07:15.742
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.279.8.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2018-10-17 20:57:01.593
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-10-17 19:50:27.697
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.277.1243.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15300.6
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2018-10-17 19:40:16.563
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-10-17 19:19:13.975
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.277.321.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15300.6
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

CodeIntegrity:
===================================

Date: 2018-10-06 09:26:14.307
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-06 09:25:39.453
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-06 09:25:30.535
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-06 09:25:23.258
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-06 09:25:12.143
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-06 09:25:04.683
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-01 11:20:38.494
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-01 11:20:38.403
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3-5015U CPU @ 2.10GHz
Percentage of memory in use: 45%
Total physical RAM: 4005.99 MB
Available physical RAM: 2181.74 MB
Total Virtual: 5401.99 MB
Available Virtual: 3654.3 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.93 GB) (Free:262.84 GB) NTFS

\\?\Volume{edcf05a7-7734-4265-9c19-3018c7b5f17e}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
\\?\Volume{89f9ee86-7411-41ba-9735-3de44647ca0b}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{8868189e-fe98-4e6e-98b4-f7db25e19d00}\ (Image) (Fixed) (Total:12.48 GB) (Free:0.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 90A28466)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,229 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 AM

Posted 19 October 2018 - 10:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.

What I suspect is that your account/profile is damaged.

How to Create Limited-Privilege User Accounts in Windows 10
https://www.laptopmag.com/articles/limited-user-accounts-windows-10

Copying Files From one User to Another In Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-files-winpc/transferring-files-from-one-user-account-to/2e73d891-3634-4052-a1f1-a3a1d0650855
Look under this thread from Pavan_N Replied on February 26, 2016
If you can print the instructions before proceeding.

Hope it helps.

Edited by nasdaq, 19 October 2018 - 01:32 PM.


#3 seraphin

seraphin
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted Yesterday, 05:59 AM

Thanks a lot !!

Will follow the thread to fix the problem.

One quick follow-up, the FRST & Addition scans were run in safe mode. Wonder if it would mask the underlying malicious issues.

 

Thanks again.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,229 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 AM

Posted Yesterday, 07:18 AM

Hi,

Good catch.
To make sure please run Farbar in Normal mode and post fresh FRST.TXT and Addition.txt logs.
To create a fresh Addition.txt make sure that the box to create a log is checked.

#5 seraphin

seraphin
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 AM

Posted Yesterday, 04:25 PM

Given that I currently have four different accounts on this computer and from what I was able to find, it appears that admin1 may become the main admin account after I tried to create another admin per instruction in this site https://windowsreport.com/critical-error-start-menu-windows-10/,

 

which account should I log in to run Farbar ? Does it matter? The troubled account is Brenden_general_use, but I don't think I can run Farbar under that account.

 

ps. somehow I was able to move some desktop folders under the inaccessible Brenden_general_use account to Brenden_admin, which currently is the main account to access the laptop and is also the "former" admin account (if admin1 is now the real admin account).



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,229 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 AM

Posted Today, 07:26 AM


You have 2 account with Admin previledge.
Any one working will be fine.

admin1 (S-1-5-21-945787170-3846151247-1844422181-1005 - Administrator - Enabled) => C:\Users\admin1
Brenden_admin (S-1-5-21-945787170-3846151247-1844422181-1001 - Administrator - Enabled) => C:\Users\Brenden_admin




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users