Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017 Ran by Alexis (04-03-2017 20:29:10) Running from C:\Users\Alexis\Desktop Windows 10 Home Version 1607 (X64) (2016-09-24 03:59:46) Boot Mode: Safe Mode (minimal) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2500432761-3619680374-1286479017-500 - Administrator - Disabled) Alexis (S-1-5-21-2500432761-3619680374-1286479017-1001 - Administrator - Enabled) => C:\Users\Alexis DefaultAccount (S-1-5-21-2500432761-3619680374-1286479017-503 - Limited - Disabled) Guest (S-1-5-21-2500432761-3619680374-1286479017-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2500432761-3619680374-1286479017-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated) Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_0_1) (Version: 16.0 - Adobe Systems Incorporated) Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated) Adobe Creative Suite (HKLM-x32\...\{D52ECEBC-9B20-41A5-81C4-A62DE2367419}) (Version: 2.0 - Adobe Systems,Inc.) Adobe Creative Suite 5.5 Design Standard (HKLM-x32\...\{53CF3920-648B-4F99-8D05-6A6C5298F57B}) (Version: 5.5 - Adobe Systems Incorporated) Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated) Adobe Flash CS3 Professional (HKLM-x32\...\Adobe_c3c7fe8b09d497ab2b3fd91c9353390) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.) Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin) Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC) Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell) Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.) Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation) Dell Dock (Version: 2.0 - Stardock Corporation) Hidden Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Discord (HKU\S-1-5-21-2500432761-3619680374-1286479017-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Google Chrome (HKU\S-1-5-21-2500432761-3619680374-1286479017-1001\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - ) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet 4620 series Basic Device Software (HKLM\...\{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}) (Version: 26.0.784.0 - Hewlett-Packard Co.) HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.) McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.3.0.1911 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2500432761-3619680374-1286479017-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower) Multimedia Card Reader (x32 Version: 1.6.915.87 - Fitipower) Hidden OJ4620FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.0.1.6173 - Pinnacle Systems) Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-2500432761-3619680374-1286479017-1001\...\ChromeHTML: -> C:\Users\Alexis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION CustomCLSID: HKU\S-1-5-21-2500432761-3619680374-1286479017-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9E65F1B07A6F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-2500432761-3619680374-1286479017-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Alexis\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2500432761-3619680374-1286479017-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Alexis\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2500432761-3619680374-1286479017-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alexis\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2500432761-3619680374-1286479017-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Alexis\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2500432761-3619680374-1286479017-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-2500432761-3619680374-1286479017-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alexis\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02E0BBAE-88E5-4CC4-B397-E682F5CE9005} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {02E26A75-022B-433F-9C9E-CECB40C97C04} - System32\Tasks\{C4A4321F-C7AA-4AF2-8BC8-FBF6E48B386B} => pcalua.exe -a C:\Users\Alexis\Downloads\HijackThis.exe -d C:\Users\Alexis\Downloads Task: {0FBBBE8E-9C88-4965-BFA0-CEC25A6093E6} - System32\Tasks\{D5616F94-25B0-495A-8F32-1CCE11173E4D} => C:\Program Files (x86)\Roxio\Easy Media Creator 7\Video Home Page\VideoHomePageApp.exe Task: {1BA662AC-839C-4CC0-86AC-73EBCC6BC4B7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {1CC86582-401C-4209-9BF9-BAC655356922} - System32\Tasks\{564BCD5F-6388-43AD-8CBF-35E4F65BD251} => C:\Program Files (x86)\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe Task: {1F12984C-0C7B-424F-8572-403CBC4B53A6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {26794990-1BF8-4891-B589-2AA71476209B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {28A4EE3F-A494-4094-AB95-E04A3A520843} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {29BBE5EC-66B6-4FD8-BE5C-6FD93A4F8986} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {2CEB9960-6DB5-407D-8F96-74DA255FF8A6} - System32\Tasks\{5690BA89-9448-41B1-98EF-CD6E1FD08234} => C:\Program Files (x86)\Roxio\Easy Media Creator 7\Video Home Page\VideoHomePageApp.exe Task: {2E3E50F3-C45C-46CE-BB9E-51837F39144E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {2FC51AA3-8B82-44BF-80CC-D6C0AF9DFC7D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {33CFC6F4-165E-485B-B399-35EF33A5F59F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3511A487-D20C-41C6-BD1D-1E8481B86881} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.) Task: {3EE2DA22-5211-4773-886F-346D94161881} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {4BCFE6D6-9F0B-4C8F-8468-C51909AAB9E4} - System32\Tasks\{B8F21756-0F75-4735-A858-E05440BFC7B6} => pcalua.exe -a C:\Users\Alexis\AppData\Local\Temp\{5619250E-5FF7-4888-96CD-4E34AF87F9DC}\setup.exe -d C:\Users\Alexis\AppData\Local\Google\Chrome\Application\38.0.2125.111 <==== ATTENTION Task: {4C448632-9CCA-477B-A583-E231E23CDF62} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {518BBE76-1C97-425E-B5E4-D83D8D5DE1A8} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-03-04] (McAfee, Inc.) Task: {564943E3-1B65-450A-AB64-6B2E3E6F02C8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {5E368BDC-1E5B-473D-89C1-13CA1700D9BB} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {5F704FA4-E83D-4B0C-A1FD-897FF68C75E2} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION Task: {62DEBB19-B804-4A15-B795-995359D67B4D} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-03-04] (McAfee, Inc.) Task: {642526C1-DD26-4938-8D29-70566374F8CF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.) Task: {66C30D89-708E-4A37-B8B7-75C20CF5AD00} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {6EC5679F-D08B-4C54-94B5-B10C7B8C2818} - System32\Tasks\{FB11018D-2015-4364-A44F-AA8D4E67489E} => C:\Program Files (x86)\Roxio\Easy Media Creator 7\Video Home Page\VideoHomePageApp.exe Task: {744D8F88-DCF5-4E36-95F3-471B83E243B2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {749D7313-E369-44FE-88A0-A841C08EF49D} - System32\Tasks\HP Officejet 4620 series.exe_{7E1E2D8E-1099-40C3-977D-28AF02E791F0} => C:\Program Files\HP\HP Officejet 4620 series\Bin\HP Officejet 4620 series.exe [2011-12-18] (Hewlett-Packard Co.) Task: {782CD75C-A9EF-4935-87A8-2608388CD49C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {7EC1AD01-E6A6-449F-B5D2-82DE067C2A9C} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Alexis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {8077D0C1-6D95-4B81-AE9E-31181E3084E2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {823E7F9C-F664-41C8-B940-AA6D06443104} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {84C66E8A-41FA-4A11-95DA-E36A3BAC9F4C} - System32\Tasks\{7B8D4D63-43B0-45B1-84B4-BFAAB365C5E9} => C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe [2008-06-06] (Pinnacle Systems) Task: {861C3F1A-950A-4A14-B361-3DAD1D56A0FF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {8FE9FBBB-C4E9-4898-833C-D72D0FADDEDB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2500432761-3619680374-1286479017-1001Core => C:\Users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {92D75E00-F940-44FE-B721-291E98687749} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {9547CE98-1E9B-407B-B4CD-DE966A4C639C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {955D5F44-8EC6-4DAA-B6D1-E3A82BE8733C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {984E15BC-90FB-481E-8A7D-8728A3598AC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2500432761-3619680374-1286479017-1001Core1d258c7b07dcfb4 => C:\Users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {9C48527F-B3C1-4D4A-91A6-F850FF3643FA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {9FC5BEBA-E353-4AB3-94D0-126E3979AEC4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {A321914D-22E3-411B-9819-CB6179D7102B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2500432761-3619680374-1286479017-1001UA => C:\Users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {A5343278-19C5-491E-9886-ABF9A5D5B45D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {A582C3BB-253D-41AF-9D6C-FC08DDB33BF7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {A5A37204-D047-48EF-89C7-9EDB8A3EADD0} - System32\Tasks\{07232E0C-D722-4018-A255-55359D004875} => C:\Program Files (x86)\Roxio\Easy Media Creator 7\Video Home Page\VideoHomePageApp.exe Task: {A75D0DBB-2002-4F75-A293-AD6A2A8AEDD7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {A8A56605-5058-4DEA-8B17-159F91CAF27D} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {AAF1A789-F0E7-4387-BF48-9C9ABB25839A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {B32A9293-7D2F-4A39-A482-9B4492C3AB12} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {B3EAFA83-3342-4C90-9F27-864D063F0312} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION Task: {B421A6F4-6B33-45C2-B752-D6AB9540817E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {B977FB4E-4E2B-4B39-A04A-EAAA3C05A5F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {BE905632-F5F3-4A39-8666-5432A9277D02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-31] (Adobe Systems Incorporated) Task: {C0DC0CFC-36A4-4398-8E72-10FACCE17A18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C4BF9B35-50B8-4656-955C-462E0658A1F7} - System32\Tasks\{CC0F16D1-2141-43A1-B336-BCC870ABFEDF} => pcalua.exe -a "C:\Users\Alexis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UT62FPAC\BingBarSetup.EXE" -d C:\Users\Alexis\Desktop Task: {E4F9C4D1-EC5A-4234-9F2B-CCF241F4974C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {E5C34340-5F0B-426F-85D2-F5D2E1287602} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {E6097F54-7712-4E38-8D50-1C9F3AA13CAC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {E85C31C2-B44E-4EAC-BE2F-381BAC85A336} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2500432761-3619680374-1286479017-1001UA1d258c7b08cc74f => C:\Users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {EBEE7F93-F899-4675-B69B-40BAF6063A5C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {F28F1EAC-E827-443C-A9AF-CDB4E0CC5998} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {F6F7588E-E843-4EE9-BA3B-3F35CA2E758D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {FACF857F-7342-4113-8AD3-25161EEAE6D4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {FC0401E7-9FF5-4E01-97EC-F1D8F5C1CDA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {FC357F45-4A61-4F98-866E-8115AF57E6D2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {FCA0E636-7385-407D-AC3B-9FA9C50F87A6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {FE9566DB-9068-4BB1-87C7-FF442F6B25DB} - System32\Tasks\{B33146C5-5922-49A5-A0E5-20D22888AB47} => C:\Program Files (x86)\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe Task: {FF50EE6E-FF74-449E-948A-30FA298B2A4E} - System32\Tasks\{18789FDF-7D5F-404D-948E-8188F3CDBF49} => pcalua.exe -a C:\Users\Alexis\Desktop\HijackThis.exe -d C:\Users\Alexis\Desktop (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2500432761-3619680374-1286479017-1001Core.job => C:\Users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2500432761-3619680374-1286479017-1001UA.job => C:\Users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-13 19:26 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-13 19:26 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-25 08:57 - 2016-10-25 08:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2016-09-23 20:22 - 2016-09-23 20:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-10 21:21 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-10 21:21 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-10 21:21 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-10 21:21 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-10 21:21 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-10 21:21 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-10 21:21 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" iver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2012-04-28 08:12 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2500432761-3619680374-1286479017-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexis\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: lfsvc => 2 HKLM\...\StartupApproved\Run32: => "Dell DataSafe Online" HKU\S-1-5-21-2500432761-3619680374-1286479017-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-2500432761-3619680374-1286479017-1001\...\StartupApproved\Run: => "Discord" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{D86E75EB-6C91-47E1-8F14-57DFE671BC52}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{16AA5698-5B71-4B4B-8900-FA7AC02DB1D5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{E61A3AEB-AED2-48DB-B583-B032B37F914D}] => (Allow) svchost.exe FirewallRules: [{32C148DC-6BAC-4AD5-BA74-1CEE21D0EE60}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{B9906231-D800-4A9C-96AB-31347B4AF7E7}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{6660FB1B-4282-4901-9D22-DAAC2E910C3A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{31D98019-82E2-4EE5-92AE-D7939DB8BF36}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe FirewallRules: [{2CD265F2-CBC9-498B-91EA-CE32E2C7A361}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe FirewallRules: [{FB69FB76-1C5F-4743-B995-36CC21D7C406}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe FirewallRules: [{C7EAD0DF-94DA-4AC9-8A13-4E89E1822717}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe FirewallRules: [{9ADF8BD3-BC1F-44FC-A4BB-10A67B967CC2}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe FirewallRules: [{FA2F59EB-22DD-41DD-AB0B-AD78C5805508}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe FirewallRules: [{8C9082EA-A52D-4FE1-930B-8190D879DCD3}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{750CA562-E62D-4EB4-9550-1248BB1B4A41}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{9DC93DBA-F69A-411A-8564-91AE0A0A6CC6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{B56AA262-6D9E-43AA-9864-AF2BAEE19B23}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{64E6462A-ADC2-48A6-9615-D84445E5C54E}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe FirewallRules: [{4261B3FE-7B91-436F-973B-7C97D33841C3}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe FirewallRules: [{1EF567D3-BA29-4DF4-BB07-00FF2BCF4A9D}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe FirewallRules: [{5FCEC7B2-8030-4606-8683-83ED24070F25}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe FirewallRules: [{C7A19DCD-CF17-4D64-BF64-FAF96CA2F5F4}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{EA05A5DA-EC4E-4C0B-BD34-D5702EF10D5F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F66A3094-DAB2-4955-B9E5-EE415FDF6866}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [{6E5A7E91-7B57-452C-830C-5202B327413C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [{07B97ADA-8B4C-4BB8-8DF6-C24D5DE09189}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{65818A69-0685-4EBB-9E23-FAA3508EBD7E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [TCP Query User{EFF1ECE5-BCA5-4ADE-9A0C-087114A48BDE}C:\users\alexis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexis\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{245204EB-583C-49B4-B653-E4A0F4174ACC}C:\users\alexis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexis\appdata\roaming\spotify\spotify.exe FirewallRules: [{887E058C-1001-4ADC-97EE-80A78737E93F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{EA9FE5B7-D92A-49FE-8087-CFF9C8F052BF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D0E2C2C2-08CA-4A58-BF1E-E89C83C07FE9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{C8E9C980-99B6-432B-AE46-621223786972}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{8FE409A1-DF52-452B-BC65-C1DF4EE0ACEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{9E04B774-FE9D-4F83-A85F-33890EE5B4EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{906A87C3-4D27-433A-B28B-2103FED21176}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4BE6F5BF-B34B-44C0-8FBF-F58EF5EA3002}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B3D59EA0-0180-4E97-99CB-582E1D903BBB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{2A0FFD95-52DB-4B5D-A3D8-5B8CC2356DDA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{893CC765-6306-4B48-97DE-F486A8B420D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8FE89765-896E-4F5F-BFAF-A0C5F4D7D592}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EFECE29F-5A5E-42B7-866C-69D4F2EFC10B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{29A0046A-D36C-423A-AD28-D6DA2FD89D38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B0DED932-626E-40B8-ADFB-3C326C590F00}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{8ECDE926-22BA-417F-80FA-ED74E024C6C6}C:\users\alexis\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\alexis\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{AB9CA741-AF87-4FB0-BD9C-C1674B971BA0}C:\users\alexis\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\alexis\appdata\local\google\chrome\application\chrome.exe FirewallRules: [{D3BFD6A2-E3EA-40DB-AF4E-B84CF8EA4E5F}] => (Allow) C:\Users\Alexis\Desktop\FRST64.exe FirewallRules: [{49440D45-1990-4BE0-B580-2AEFFAA088C7}] => (Allow) C:\Users\Alexis\Desktop\FRST64.exe FirewallRules: [{D21EF988-63CE-4990-96F5-496FFC40E2B2}] => (Allow) C:\Users\Alexis\Desktop\FRST64.exe FirewallRules: [{F65DEF22-B534-4A20-B225-9E1B45947D55}] => (Allow) C:\Users\Alexis\Desktop\FRST64.exe ==================== Restore Points ========================= 13-02-2017 14:25:40 Scheduled Checkpoint 20-02-2017 16:56:26 Scheduled Checkpoint 01-03-2017 13:35:42 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/04/2017 08:19:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:19:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:18:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:18:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:08:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:08:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:08:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:08:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:08:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/04/2017 08:08:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexis-PC) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (03/04/2017 08:29:11 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/04/2017 08:29:11 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/04/2017 08:29:08 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/04/2017 08:29:08 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/04/2017 08:29:08 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/04/2017 08:28:47 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/04/2017 08:28:47 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/04/2017 08:28:46 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/04/2017 08:28:46 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/04/2017 08:28:46 PM) (Source: DCOM) (EventID: 10005) (User: Alexis-PC) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} CodeIntegrity: =================================== Date: 2017-01-12 20:27:57.802 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:27:57.746 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:27:57.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:27:57.620 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:27:57.596 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:27:57.571 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:27:56.021 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:27:55.494 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:25:55.421 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2017-01-12 20:25:55.355 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz Percentage of memory in use: 16% Total physical RAM: 5943.11 MB Available physical RAM: 4979.15 MB Total Virtual: 12087.11 MB Available Virtual: 11291.06 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:688.72 GB) (Free:593.34 GB) NTFS Drive e: (IGUANA_LORD) (Removable) (Total:0.96 GB) (Free:0.84 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 86C69001) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=9.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=688.7 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 986 MB) (Disk ID: 73696420) No partition Table on disk 5. ==================== End of Addition.txt ============================