FRST Scanned

When the machine starts up now note pad is on the desk top saying access denied. I can click OK and it closed note pad but why is it doing this now? Seems like there is more work to be done. Please let me know what is next.
Thank you.

The fan or something, hard drive? is surging still which made me think there is something wrong. it’s still doing that, any ideas what it is?

Please run the ZHP diag fix, as well as the other programs.

Also, Zoek and HijackThis.

HijackThis.

1- Please Click HERE to download HijackThis. – Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (XP Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

You also skipped Zemana, and ran ZHP cleaner twice…

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 10 (Home), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
Time: 26.07.2017 - 06:55
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Steve (group: Administrator) on STEVE-PC

Chrome: 59.0.3071.115
Firefox: 54.0.1.6388
Edge: 11.0.15063.447
Internet Explorer: 11.0.15063.0

Boot mode: Normal

Running processes:
Number | Path
1 C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
1 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
1 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
1 C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
1 C:\Program Files (x86)\Dell Update\DellUpService.exe
1 C:\Program Files (x86)\Dell Update\DellUpTray.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1 C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
1 C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
1 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1 C:\Program Files (x86)\Nero\Update\NASvc.exe
2 C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
1 C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
1 C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
1 C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
1 C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalyt ics.exe
2 C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
1 C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
2 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1 C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
1 C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
1 C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
1 C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
1 C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
1 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\WinRAR\WinRAR.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\Program Files\Windows Defender\NisSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
1 C:\Users\Steve\AppData\Local\Microsoft\OneDrive\On eDrive.exe
1 C:\Users\Steve\Desktop\HiJackThis.exe
1 C:\Users\Steve\Desktop\MemCompression
1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\VSSVC.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
2 C:\Windows\System32\mfevtps.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\msdtc.exe
2 C:\Windows\System32\nvvsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo on osa Yahoo-konsernia.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Get to Know Microsoft Edge
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = .local;192.168..*
R3 - HKCU..\URLSearchHooks: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURL = http://api.bing.com/qsml.aspx?query= {searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie :rowHeight}&sectionHeight={ie:sectionHeight}&FORM= IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURLFallback = http://api.bing.com/qsml.aspx?query= {searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie :rowHeight}&sectionHeight={ie:sectionHeight}&FORM= IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0C755E98-7D34-4B11-A63A-5F01EB9ABAE7} - Bing - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes: DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} - (no name) - (no URL)
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes{903BEF58-2264-4FDD-A4A2-72024AC9D292} - Bing - Search - Microsoft Bing {searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - Search Results - (no URL)
O2 - BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll
O2-32 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O2-32 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll
O2-32 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll
O2-32 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll
O2-32 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
O2-32 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.Visua lStudio.QualityTools.RecorderBarBHO100.dll
O2-32 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll
O2-32 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll
O3-32 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll
O4 - HKCU..\RunOnce: [Uninstall 17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6390.0509\amd64”
O4 - HKCU..\RunOnce: [Uninstall 17.3.6390.0509] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6390.0509”
O4 - HKCU..\RunOnce: [Uninstall 17.3.6816.0313\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\amd64”
O4 - HKCU..\RunOnce: [Uninstall 17.3.6816.0313] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Steve\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313”
O4 - HKCU..\StartupApproved\Run: [Adobe Acrobat Synchronizer] (2017/07/24)C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
O4 - HKCU..\StartupApproved\Run: [CCleaner] (2017/07/24)C:\Program Files\CCleaner\CCleaner64.exe /AUTO
O4 - HKCU..\StartupApproved\Run: [OneDrive] (2015/10/03)C:\Users\Steve\AppData\Local\Microsoft\OneDrive \OneDrive.exe /background
O4 - HKCU..\StartupApproved\StartupFolder: OneNote 2010 Screen Clipper and Launcher.lnk → (2017/07/24)
O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized
O4 - HKLM..\StartupApproved\Run32: [Acrobat Assistant 8.0] (2015/10/03)C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe
O4 - HKLM..\StartupApproved\Run32: [Adobe Creative Cloud] (2015/10/03)C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true
O4 - HKLM..\StartupApproved\Run32: [AdobeCS6ServiceManager] (2015/10/03)C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e -launchedbylogin
O4 - HKLM..\StartupApproved\Run32: [Razer Synapse] (2015/10/03)C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
O4 - HKLM..\StartupApproved\Run32: [RoxWatchTray] (2015/10/03)C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
O4 - HKLM..\StartupApproved\Run32: [SunJavaUpdateSched] (2016/02/14)C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM..\StartupApproved\Run32: [SwitchBoard] (2015/10/03)C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM..\StartupApproved\Run32: [THX Audio Control Panel] (2015/10/03)C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe /r
O4 - HKLM..\StartupApproved\Run32: [UpdReg] (2015/11/13)C:\Windows\UpdReg.EXE
O4 - HKLM..\StartupApproved\Run: [AdobeAAMUpdater-1.0] (2015/10/03)C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe
O4 - HKLM..\StartupApproved\Run: [NvBackend] (2015/10/03)C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM..\StartupApproved\Run: [RtHDVCpl] (2017/07/24)C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM..\StartupApproved\Run: [RunDLLEntry_EptMon] (2017/07/24)C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
O4 - HKLM..\StartupApproved\Run: [RunDLLEntry_THXCfg] (2017/07/24)C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
O4 - HKLM..\StartupApproved\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKLM..\StartupApproved\StartupFolder: NETGEAR WNA3100 Genie.lnk → C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (2017/07/24)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4-32 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (HKLM)
O9 - Extra ‘Tools’ menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (HKLM)
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (HKLM)
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (HKLM)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
O9-32 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (HKLM)
O9-32 - Extra ‘Tools’ menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (HKLM)
O9-32 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9-32 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
O9-32 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (HKLM)
O9-32 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (HKLM)
O9-32 - Extra button: Messenger Companion (Ctrl+Shift+C) - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (HKLM)
O9-32 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9-32 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
O15 - Trusted Zone: *.dell.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.8.0) - http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} (Java Runtime Environment 1.8.0) - http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.8.0) - http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
O17 - DHCP DNS - 1: 209.18.47.62
O17 - DHCP DNS - 2: 209.18.47.61
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - Task (Disabled): \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Task (Disabled): \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Task (Disabled): \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - (no file)
O22 - Task (Disabled): \Microsoft\Windows\Shell\WindowsParentalControlsMi gration - {343D770D-7788-47C2-B62A-B7C4CED925CB} - (no file)
O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
O22 - Task (Disabled): \Microsoft\Windows\WindowsBackup\AutomaticBackup - C:\WINDOWS\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
O22 - Task (Disabled): \Microsoft\Windows\WindowsBackup\Windows Backup Monitor - C:\WINDOWS\system32\sdclt.exe /CHECKSKIPPED
O22 - Task (Disabled): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\WINDOWS\system32\sc.exe start osppsvc
O22 - Task (Ready): Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O22 - Task (Ready): AdobeAAMUpdater-1.0-Steve-PC-Steve - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe -mode=scheduled
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): Dell SupportAssistAgent AnonymousRegistration - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.ex e AnonymousRegistration
O22 - Task (Ready): Dell SupportAssistAgent AutoUpdate - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.ex e AutoUpdate
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse - C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50 .1291.1\mcdatrep.exe /timeout=60000 /script=mcnrdhck.lua /hcmode=postdatupdate /datver=3053.0 /datupdatestatus=0
O22 - Task (Ready): Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse - C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50 .1291.1\mcdatrep.exe /script=mcnrdhck.lua /periodicRunCount=7
O22 - Task (Ready): McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task (Ready): Opera scheduled Autoupdate 1501022171 - C:\Users\Steve\AppData\Local\Programs\Opera\launch er.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): PCDDataUploadTask - C:\Program Files\Dell\SupportAssist\uaclauncher.exe -lloc dataupload --ignoresecondarysplash --runsilently --skipidlewait
O22 - Task (Ready): PCDEventLauncherTask - C:\Program Files\Dell\SupportAssist\sessionchecker.exe
O22 - Task (Ready): SystemToolsDailyTest - C:\Program Files\Dell\SupportAssist\uaclauncher.exe -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
O22 - Task (Ready): Verizon Wireless Upgrade Assistant Update - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe -d -silent
O22 - Task (Ready): Verizon Wireless Upgrade Assistant Update Initial Update - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe -d -silent
O22 - Task (Ready): \McAfee\McAfee Auto Maintenance Task Agent - {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} - (no file)
O22 - Task (Ready): \McAfee\McAfee Idle Detection Task - {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} - (no file)
O22 - Task (Ready): \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (file missing)
O22 - Task (Ready): \Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
O22 - Task (Ready): \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
O22 - Task (Ready): \Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
O22 - Task (Ready): \Microsoft\Office\OfficeBackgroundTaskHandlerLogon - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe
O22 - Task (Ready): \Microsoft\Office\OfficeBackgroundTaskHandlerRegis tration - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe
O22 - Task (Ready): \Microsoft\Office\OfficeTelemetryAgentFallBack - C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload mininterval:2880
O22 - Task (Ready): \Microsoft\Office\OfficeTelemetryAgentLogOn - C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload
O22 - Task (Ready): \Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
O22 - Task (Ready): \Microsoft\Windows Defender\MpIdleTask - c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask
O22 - Task (Ready): \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegi strationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellula r - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Ar g4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
O22 - Task (Ready): \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -MediaCenterRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -ObjectStoreRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -PvrRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -PvrSchedule (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -SqlLiteRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\StartRecording - C:\WINDOWS\ehome\ehrec /StartRecording (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing)
O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcqui sition - C:\WINDOWS\system32\ClipRenew.exe -e
O22 - Task (Ready): \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
O22 - Task (Ready): \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
O22 - Task (Ready): \Microsoft\Windows\UNP\RunCampaignManager - C:\WINDOWS\System32\UNP\UNPCampaignManager.exe
O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
O22 - Task (Ready): {14B64D6C-EB84-4366-840B-A80E28AD259F} - C:\Windows\system32\pcalua.exe -a “C:\Users\Steve\Downloads\DVD Shrink\Any.DVD.Shrink.1.2\any-dvd-shrink.exe” -d “C:\Users\Steve\Downloads\DVD Shrink\Any.DVD.Shrink.1.2”
O22 - Task (Ready): {59944E75-8499-4A0B-B7F7-CC267C7182FC} - C:\Windows\system32\pcalua.exe -a C:\LGMobileUpgrade\LGMOBILEAX\BYRLauncher.exe -d C:\LGMobileUpgrade\LGMOBILEAX
O22 - Task (Ready): {8FEF03D2-8559-4B76-9BFD-39A076532F4C} - C:\Windows\system32\pcalua.exe -a C:\Users\Steve\Ahead.Nero.Burning.ROM.v6.6.0.16.Ul tra.Edition\Nero-6.6.0.16.exe -d C:\Users\Steve\Ahead.Nero.Burning.ROM.v6.6.0.16.Ul tra.Edition
O22 - Task (Ready): {E236F5E3-EB2E-4D84-AA3C-FE4AF73342E4} - C:\Windows\system32\pcalua.exe -a C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\BYRAppUni nstall.exe -d C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client
O22 - Task (Ready): {E7236F78-5AA9-4C51-8950-7AEA15BB8802} - C:\Windows\system32\pcalua.exe -a C:\Users\Steve\Desktop\devcpp-4.9.9.2_setup.exe -d C:\Users\Steve\Desktop
O22 - Task (Running): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Running): McAfeeLogon - C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe /platui
O23 - Service R2: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # - (Bonjour Service) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: Dell Customer Connect - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
O23 - Service R2: Dell Data Vault Collector - (DDVDataCollector) - C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
O23 - Service R2: Dell Data Vault Processor - (DDVRulesProcessor) - C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
O23 - Service R2: Dell Data Vault Service API - (DDVCollectorSvcApi) - C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
O23 - Service R2: Dell SupportAssist Agent - (SupportAssistAgent) - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
O23 - Service R2: Dell Update Service - (DellUpdate) - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service R2: Intel Security PEF Service - (PEFService) - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
O23 - Service R2: Intuit Update Service v4 - (IntuitUpdateServiceV4) - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
O23 - Service R2: McAfee Boot Delay Start Service - (McBootDelayStartSvc) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
O23 - Service R2: McAfee Home Network - (HomeNetSvc) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service R2: McAfee Module Core Service - (ModuleCoreService) - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service R2: McAfee Personal Firewall Service - (McMPFSvc) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service R2: McAfee Platform Services - (mcpltsvc) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service R2: McAfee Proxy Service - (McProxy) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service R2: McAfee SiteAdvisor Service - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service R2: Motorola Device Manager Service - (Motorola Device Manager) - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service R2: NVIDIA Display Driver Service - (nvsvc) - C:\WINDOWS\system32\nvvsvc.exe
O23 - Service R2: NVIDIA Stereoscopic 3D Driver Service - (Stereo Service) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service R2: Nero Update - (NAUpdate) - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service R2: Roxio Hard Drive Watcher 12 - (RoxWatch12) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service R2: WSWNA3100 - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
O23 - Service R2: ZAM Controller Service - (ZAMSvc) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service R3: ClientAnalyticsService - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalyt ics.exe
O23 - Service R3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\WINDOWS\system32\mfevtps.exe
O23 - Service R3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: PST Service - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service S2: Razer Game Scanner - (Razer Game Scanner Service) - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service S3: Adobe LM Service - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service S3: Adobe SwitchBoard - (SwitchBoard) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service S3: FLEXnet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: RoxMediaDB12OEM - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service S3: stllssvr - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

Debug information:

• 26.07.2017 06:55:28 - modFile.OpenW - #0 LastDllError = 5 (Access is denied.) Cannot open file: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
• 26.07.2017 06:55:28 - Parser.isFileFilledByNUL - #75 (Path/File access error) LastDllError = 0 File: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
• 26.07.2017 06:55:28 - Parser.GetTargetShellLinkW - #70 (Permission denied) (The remote server has been paused or is in the process of being started.) LastDllError = 0 File: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

–
End of file - Time spent: 23 sec. - 75966 bytes, CRC32: FFFFFFFF. Sign: ﮳ए

Zemana AntiMalware 2.74.2.76 (Installed)

---

Scan Result : Completed
Scan Date : 2017/7/26
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core™ i7 CPU 930 @ 2.80GHz
BIOS Mode : Legacy
CUID : 127EE1AEDBA187BFAEF0EE
Scan Type : Custom Scan
Duration : 139m 39s
Scanned Objects : 807195
Detected Objects : 0
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
No threats detected

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Steve on Wed 07/26/2017 at 16:29:15.00.
Microsoft Windows 10 Home 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Steve\Downloads\zoek(1).exe [Scan all users] [Quick Scan] [Auto Clean]

===== Runcheck 16:30:23.75 =====

— Create Environment Variables 16:30:26.59
— Create System Restore Point 16:30:41.07
— Checking Input 16:31:16.86
— AU AppData Check 16:31:39.51
— Remove From Windows Installer 16:31:49.29
— Empty Folders Check 16:39:21.79
— Registry HKLM Software Check 16:39:21.84
— Quick Launch Shortcut Check 16:40:34.60
— IE Startpage Check 16:41:10.12
— Program Files DB Check 16:42:56.73
— C:\Users\Default\AppData DB Check 16:44:55.81
— C:\Users\Default.migrated\AppData DB Check 16:44:55.81
— C:\Users\DefaultAppPool\AppData DB Check 16:44:55.81
— C:\Users\Steve\AppData DB Check 16:44:55.81
— C:\WINDOWS\SysNative\config\systemprofile\AppData DB Check 16:44:55.81
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData DB Check 16:44:55.81
— C:\WINDOWS\serviceprofiles\networkservice\AppData DB Check 16:44:55.81
— C:\WINDOWS\serviceprofiles\Localservice\AppData DB Check 16:44:55.81
— C:\Users\Steve DB Check 16:52:00.88
— C:\PROGRA~3 DB Check 16:52:54.09
— C:\Users\Default\AppData\Local DB Check 16:53:12.81
— C:\Users\Default User\AppData\Local DB Check 16:53:12.81
— C:\Users\Default.migrated\AppData\Local DB Check 16:53:12.81
— C:\Users\DefaultAppPool\AppData\Local DB Check 16:53:12.81
— C:\Users\Steve\AppData\Local DB Check 16:53:12.81
— C:\WINDOWS\SysNative\config\systemprofile\AppData\ Local DB Check 16:53:12.81
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData\L ocal DB Check 16:53:12.81
— C:\WINDOWS\serviceprofiles\networkservice\AppData\ Local DB Check 16:53:12.81
— C:\WINDOWS\serviceprofiles\Localservice\AppData\Lo cal DB Check 16:53:12.81
— C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 16:59:12.84
— C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs DB Check 16:59:43.85
— Tasks DB Check 17:00:03.90
— C:\Users\Steve\AppData\LocalLow DB Check 17:00:19.62
— C:\WINDOWS\SysNative\config\systemprofile\AppData\ LocalLow DB Check 17:00:19.62
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData\L ocalLow DB Check 17:00:19.62
— C:\WINDOWS\serviceprofiles\Localservice\AppData\Lo calLow DB Check 17:00:19.62
— Tasks2 DB Check 17:02:26.10
— Documents DB Check 17:04:01.28
— Documents2 DB Check 17:04:31.51
— C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default DB Check 17:04:36.20
— C:\Users\Public\Desktop DB Check 17:04:43.99
— C:\Users\Steve\Desktop DB Check 17:05:10.89
— Services DB Check 17:05:51.87
— FF prefs.js DB Check 17:10:41.26
— Emptyclsid 17:13:26.10
— Del by CLSID 17:13:49.79
— Delete Services 17:17:08.25
— Delete files\folders 17:17:17.75
— Create Backups 17:17:18.68
— Recently Created 17:18:14.67
— StartUp Information 17:25:54.28
— Firefox Extensions 17:27:43.65

[ATTACH]2624[/ATTACH]

The image above is what I get when I reboot.

Zoek was incomplete, it will need to run for at least an hour, then it will reboot your machine when complete. Run it when you are about to sleep, just make sure your computer does not go into sleep mode.

We will be able to fix the desktop.ini issue for sure, but lets handle the other items first. Please run the ZHP fix, you ran ZHP cleaner… I need you to follow the instructions below. After you have completed the instructions below, we will then move onto Hijack this then fixing the notepad issue.

ZHP Diag Fix.

ZHP Fix [MEDIA=imgur]4bd9Ugb[/MEDIA]
[ul]
[li]Disable your antivirus prior to this fix![/li]
[li]Download ZHP-Fix from here.[/li][li]UnZip it to your desktop – Tool Here if needed… 7-Zip[/li]
[li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
[li]Then click on import.[/li][li]Then click GO.[/li][li]If you see any Prompts like the one below, select Oui. = Yes in French. [/li]
[li]https://pchelpforum.net/attachments/...7-40-png.2248/ [/li]
[li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
[li]Post it here in your next reply.[/li][/ul]
Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
WebSite: www.safezone.cc
DateLog: 27.07.2017 16:35:50
Path starting: C:\Users\Steve\AppData\Local\Temp\SecurityCheck\Se curityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: Steve
VersionXML: 4.52is-26.07.2017

---

Windows 10(6.3.15063) (x64) Core Release: 1703 Lang: English(0409)
Installation date OS: 26.07.2017 10:45:16
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Subscription4 edition Timebased activation will expire :64772 minutes
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Initial grace period ends :5170 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [919.2 Gb] Used: [243.8 Gb] Free: [675.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.483.15063.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.7015.1000
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
McAfee VirusScan (enabled)
---------------------------- [ Firewall_WMI ] -----------------------------
McAfee Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
McAfee VirusScan (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
McAfee Virtual Technician v.8.1.0.135
McAfee AntiVirus Plus v.16.0.1
McAfee WebAdvisor v.4.0.140
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.1.2.1733 v.3.1.2.1733
Zemana AntiMalware v.2.74.0.76
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.40 (64-bit) v.5.40.0
Microsoft Silverlight v.5.1.50907.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.38 v.7.38.101
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 141 (64-bit) v.8.0.1410.15 Warning! Download Update
Uninstall old version and install new one (jre-8u144-windows-x64.exe).
Java 8 Update 141 v.8.0.1410.15 Warning! Download Update
Uninstall old version and install new one (jre-8u144-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - The service has stopped
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.26.0.0.127
Adobe Flash Player 26 NPAPI v.26.0.0.137
Adobe Shockwave Player 12.2 v.12.2.9.199
Adobe Acrobat DC v.17.009.20058
Adobe Acrobat Reader DC v.17.009.20044 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates…[1]
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 54.0.1 (x64 en-US) v.54.0.1
Pale Moon 27.4.0 (x64 en-US) v.27.4.0
Waterfox 54.0.1 (x64 en-US) v.54.0.1
Opera Stable 46.0.2597.57 v.46.0.2597.57
Avant Browser (remove only) v.12.5.0.0
Google Chrome v.59.0.3071.115 Warning! Download Update
Mozilla Firefox 54.0.1 (x86 en-US) v.54.0.1
Safari v.5.34.57.2 Warning! This software is no longer supported.
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.54.0.1.6388
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe v.15.6.0.2180
McAfee Validation Trust Protection Service (mfevtp) - The service is running
C:\Windows\System32\mfevtps.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe v.1.5.0.2939
McAfee Firewall Core Service (mfefire) - The service is running
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe v.15.6.0.2180
McAfee AP Service (McAPExe) - The service is running
C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe v.7.1.156.0
McAfee Personal Firewall Service (McMPFSvc) - The service is running
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe v.6.4.4016.0
C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe v.9.1.151.0
McAfee CSP Service (mccspsvc) - The service is running
C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe v.2.5.312.0
McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) - The service is running
C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe v.4.0.5.140
McAfee Service Controller (mfemms) - The service is running
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe v.15.6.0.2180
McAfee Module Core Service (ModuleCoreService) - The service is running
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe v.1.8.140.0
McAfee Home Network (HomeNetSvc) - The service is running
McAfee Platform Services (mcpltsvc) - The service is running
McAfee Proxy Service (McProxy) - The service is running
McAfee Boot Delay Start Service (McBootDelayStartSvc) - The service is running
McAfee Platform Services (mcpltsvc) - The service is running
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.74.0.76
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Steve on Thu 07/27/2017 at 22:03:29.35.
Microsoft Windows 10 Home 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Steve\Downloads\zoek(2).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-07-26-212745.log 125479 bytes

==== System Restore Info ======================

7/27/2017 10:04:53 PM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================
[HEADING=1]Copyright (c) 1993-2006 Microsoft Corp.[/HEADING]
[HEADING=1]This is a sample HOSTS file used by Microsoft TCP/IP for Windows.[/HEADING]
[HEADING=1]This file contains the mappings of IP addresses to host names. Each[/HEADING]
[HEADING=1]entry should be kept on an individual line. The IP address should[/HEADING]
[HEADING=1]be placed in the first column followed by the corresponding host name.[/HEADING]
[HEADING=1]The IP address and the host name should be separated by at least one[/HEADING]
[HEADING=1]space.[/HEADING]
[HEADING=1]Additionally, comments (such as these) may be inserted on individual[/HEADING]
[HEADING=1]lines or following the machine name denoted by a ‘#’ symbol.[/HEADING]
[HEADING=1]For example:[/HEADING]
[HEADING=1]102.54.94.97 rhino.acme.com # source server[/HEADING]
[HEADING=1]38.25.63.10 x.acme.com # x client host[/HEADING]
127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Users\Steve\AppData\Local\DBG deleted successfully
C:\Users\Steve\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Lo cal\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

“C:\Windows\Installer\366a0e7.msi” not found

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default
user_pref(“browser.startup.homepage”, " https://www.facebook.com/ ");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extens ions]
“{4ED1F68A-5463-4931-9384-8FFF5ED91D92}”=“C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi” [04/18/2017 10:20 AM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Fi refox\Extensions]
“web2pdfextension.15@web2pdf.adobedotcom”=“C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn” [04/13/2017 07:05 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default

• LavaFox V2-Blue - %ProfilePath%\extensions\djziggy@gmail.com
• HTML5 Notifications - %ProfilePath%\extensions\html5notifications@paxal.net.xpi

AppDir: C:\Program Files\Mozilla Firefox

• Undetermined - %AppDir%\browser\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

• Undetermined - %AppDir%\browser\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default
F2AE028008AD02EC3C38CA6679EE4CC6 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll - Shockwave Flash
0870350EC1775FCAEAF70069143FB067 - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensio ns
efaidnbmnnnibpcajpcglclefindmkaj - No path found
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[06/13/2016 11:18 AM]

McAfee® WebAdvisor - Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho
Chrome Media Router - Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Search Page”=" http://www.google.com "

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=" MSN "

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=" Google {searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=" Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02"
{0C755E98-7D34-4B11-A63A-5F01EB9ABAE7} Bing Url=" Search - Microsoft Bing {searchTerms}&src=IE-SearchBox"
{903BEF58-2264-4FDD-A4A2-72024AC9D292} Unknown Url=“Not_Found”

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Internet Explorer\SearchScopes{903BEF58-2264-4FDD-A4A2-72024AC9D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{903BEF58-2264-4FDD-A4A2-72024AC9D292} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\1E8B816B17BF732438163CAEE31FE57F deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Prod ucts\1E8B816B17BF732438163CAEE31FE57F deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Steve\AppData\Local\Microsoft\Windows\INe tCache\Content.IE5 emptied successfully
C:\Users\Steve\AppData\Local\Microsoft\Windows\INe tCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Steve\AppData\Local\Microsoft\Windows\INe tCache\IE emptied successfully
C:\Users\Steve\AppData\Local\Microsoft\Windows\INe tCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Steve\AppData\Local\Mozilla\Firefox\Profi les\jor6jyfq.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=49 folders=55 402353736 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Steve\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

“C:\PROGRA~2\Bonjour” not found

==== EOF on Fri 07/28/2017 at 3:35:32.48 ======================

You still have not run the ZHP fix above, do you need help with that?


Update all old software with Patch My PC

Java 8 Update 141 (64-bit) v.8.0.1410.15 Warning! Download Update
Uninstall old version and install new one (jre-8u144-windows-x64.exe).

Java 8 Update 141 v.8.0.1410.15 Warning! Download Update
Uninstall old version and install new one (jre-8u144-windows-i586.exe).

Adobe Acrobat Reader DC v.17.009.20044 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates…[1]

Google Chrome v.59.0.3071.115 Warning! Download Update

Safari v.5.34.57.2 Warning! This software is no longer supported.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked, as well as Shortcut.txt[/li][li]Press Scan button and wait.[/li][li]The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt – & Shortcut.txt[/li][/ul]
Please Copy & Paste them into your next reply. But attach Shortcut.txt

---

1. /B ↩︎

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d’export Registre :
Run by Steve at 7/29/2017 3:30:32 AM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (15063)

Recycle Bin emptied (07mn AMs)

========== Software ==========
REMOVES: Dell Customer Connect
REMOVES: Dell Getting Started Guide
REMOVES: Dell Update
REMOVES: eBay

========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{4FA72FF9-DD64-43A8-8704-6380A11F11D5}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A8B88634-7F90-402F-B66A-86429755F6A5}]
REMOVES Software Key: {4A03706F-666A-4037-7777-5F2748764D10} [Java Auto Updater]
REMOVES: [HKLM\SOFTWARE\Classes\CLSID{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}]
REMOVES: HKLM\SOFTWARE\Wow6432Node\ESET
REMOVES: HKLM\SOFTWARE\Wow6432Node\PC-Doctor
REMOVES: HKLM\SOFTWARE\Wow6432Node\Symantec
REMOVES: HKLM\SOFTWARE\Wow6432Node\Yahoo
REMOVES: HKCU\SOFTWARE\Chromium
REMOVES: HKCU\SOFTWARE\ESET
REMOVES: HKCU\SOFTWARE\MicroWorld
REMOVES: HKCU\SOFTWARE\PC-Doctor
REMOVES: HKCU\SOFTWARE\Yahoo
REMOVES: HKCU\SOFTWARE\AppDataLow\Software\Yahoo
REMOVES:* StartupReg: AdobeAAMUpdater-1.0
REMOVES: Services Svchost: dmwappushservice
REMOVES:* HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
REMOVES:* HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
REMOVES: URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
REMOVES: UDP Query User{AA04EBF0-B281-4AD3-8913-9E642623C6C9}C:\program files (x86)\cisco packet tracer 6.0.1\bin\packettracer6.exe
REMOVES: TCP Query User{8EBC0438-6146-4FEA-99C6-DB3FB52367A6}C:\program files (x86)\cisco packet tracer 6.0.1\bin\packettracer6.exe
REMOVES: {179427A9-971C-4603-80F4-8CFC13977162}
REMOVES: {8EA22D34-F4D2-4AED-A3F3-4D0367E1FBC8}
REMOVES: {2BFDAE13-C2FC-41C3-8CE0-249468793C59}
REMOVES: {7CD52165-64A6-4A55-9E47-21E0612522A2}
REMOVES: {334E5EDF-95AD-40B0-8180-6ED57456BC7E}
REMOVES: {52320C4F-6E72-4A1D-AD51-599A2180045C}
REMOVES: {8F38DF1E-1990-4AD6-8DB4-6F55D6F04E55}

========== Preferences browser ==========
NOW Chrome File: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://www.fepblue.org
NOW Chrome File: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://connect.facebook.net
REMOVES Chrome Site: http://connect.facebook.net
NOW Chrome File: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://fast.fonts.net
NOW Chrome File: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://googleads.g.doubleclick.net
NOW Chrome File: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://media.fepblue.org
NOW Chrome File: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://static.fepblue.org
NOW Chrome File: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.googleadservices.com
NOW Chrome File: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.googletagmanager.com

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\Program Files (x86)\eBay
REMOVES: C:\ProgramData\PCDr
REMOVES: C:\ProgramData\SupportAssist
REMOVES: C:\ProgramData\SupportAssistAgent
REMOVES: C:\Users\Steve\AppData\Roaming\PCDr
REMOVES: C:\Users\Steve\AppData\Roaming\tor
REMOVES: C:\Users\Steve\AppData\Roaming\Yahoo!
REMOVES: C:\Users\Steve\AppData\Local\ESET
REMOVES: C:\Users\Steve\AppData\Local\GWX
REMOVES: c:\users\steve\appdata\roaming\mozilla\extensions{ ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Deletes temporary Windows (0)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES Reboot: c:\windows\system32\tasks\dell supportassistagent autoupdate
REMOVES Reboot: c:\windows\system32\tasks\pcddatauploadtask
REMOVES Reboot: c:\windows\system32\tasks\systemtoolsdailytest
REMOVES Reboot: c:\windows\system32\drivers\7f521d09.sys
REMOVES Reboot: c:\windows\system32\drivers\trufos.sys
Deletes temporary Windows (0) (0 octets)

========== Scheduled task ==========
REMOVES: Adobe Acrobat Update Task
REMOVES: Adobe Acrobat Update Task
REMOVES: Adobe Flash Player Updater
REMOVES: AdobeAAMUpdater-1.0-Steve-PC-Steve
REMOVES: {14B64D6C-EB84-4366-840B-A80E28AD259F}
REMOVES: {8FEF03D2-8559-4B76-9BFD-39A076532F4C}
REMOVES: {E7236F78-5AA9-4C51-8950-7AEA15BB8802}

========== System restore ==========
The system successfully created restore point

========== Other ==========
NON-TREATY O40 - TASK: {DC84FF58-BB65-48FB-9D9A-CAA06F793553} - (…) – C:\WINDOWS\system32\osppc.dll (.not file.) [0] (.Orphan.)
NON-TREATY 43 - CFD: 03/10/2015 - D – C:\Program Files (x86)\Veloxum

========== Summary ==========
22 : Registry keys
16 : Registry values
12 : Folders
7 : Files
4 : Software
17 : Preferences browser
7 : Scheduled task
1 : System restore
2 : Other

End of clean in 43mn AMs

========== Path to file report ==========
C:\Users\Steve\AppData\Roaming\ZHP\ZHPFix[R1].txt - 7/29/2017 3:30:39 AM [6096]

SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
WebSite: www.safezone.cc
DateLog: 29.07.2017 04:06:41
Path starting: C:\Users\Steve\AppData\Local\Temp\SecurityCheck\Se curityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: Steve
VersionXML: 4.53is-28.07.2017

---

Windows 10(6.3.15063) (x64) Core Release: 1703 Lang: English(0409)
Installation date OS: 26.07.2017 10:45:16
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Subscription4 edition Timebased activation will expire :62641 minutes
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Initial grace period ends :3039 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [919.2 Gb] Used: [243.3 Gb] Free: [675.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.483.15063.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.7015.1000
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
McAfee VirusScan (disabled)
---------------------------- [ Firewall_WMI ] -----------------------------
McAfee Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
McAfee VirusScan (disabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
McAfee Virtual Technician v.8.1.0.135
McAfee AntiVirus Plus v.16.0.1
McAfee WebAdvisor v.4.0.149
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.1.2.1733 v.3.1.2.1733
Zemana AntiMalware v.2.74.0.76
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.40 (64-bit) v.5.40.0
Microsoft Silverlight v.5.1.50907.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.38 v.7.38.101
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 144 (64-bit) v.8.0.1440.1
--------------------------- [ AppleProduction ] ---------------------------
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - The service has stopped
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.26.0.0.127
Adobe Flash Player 26 NPAPI v.26.0.0.137
Adobe Shockwave Player 12.2 v.12.2.9.199
Adobe Acrobat DC v.17.009.20058
Adobe Acrobat Reader DC v.17.009.20044 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates…[1]
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 54.0.1 (x64 en-US) v.54.0.1
Pale Moon 27.4.0 (x64 en-US) v.27.4.0
Waterfox 54.0.1 (x64 en-US) v.54.0.1
Opera Stable 46.0.2597.57 v.46.0.2597.57
Avant Browser (remove only) v.12.5.0.0
Google Chrome v.60.0.3112.78
Mozilla Firefox 54.0.1 (x86 en-US) v.54.0.1
Safari v.5.34.57.2 Warning! This software is no longer supported.
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.54.0.1.6388
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe v.15.6.0.2180
McAfee Validation Trust Protection Service (mfevtp) - The service is running
C:\Windows\System32\mfevtps.exe
McAfee Firewall Core Service (mfefire) - The service is running
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe v.15.6.0.2180
McAfee AP Service (McAPExe) - The service is running
C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe v.7.1.156.0
McAfee Personal Firewall Service (McMPFSvc) - The service is running
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe v.6.4.4016.0
C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe v.9.1.151.0
McAfee CSP Service (mccspsvc) - The service is running
C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe v.2.5.312.0
McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) - The service is running
C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe v.4.0.6.149
McAfee Service Controller (mfemms) - The service is running
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe v.15.6.0.2180
McAfee Module Core Service (ModuleCoreService) - The service is running
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe v.1.8.140.0
McAfee Home Network (HomeNetSvc) - The service is running
McAfee Platform Services (mcpltsvc) - The service is running
McAfee Proxy Service (McProxy) - The service is running
McAfee Boot Delay Start Service (McBootDelayStartSvc) - The service is running
McAfee Platform Services (mcpltsvc) - The service is running
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.74.0.76
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎