Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.12.2018 Ran by 22 Cres (27-12-2018 19:40:37) Running from C:\Users\22 Cres\Downloads Windows 10 Home Version 1803 17134.472 (X64) (2018-08-05 20:54:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 22 Cres (S-1-5-21-1040932682-2897171434-3520303234-1007 - Administrator - Enabled) => C:\Users\22 Cres Administrator (S-1-5-21-1040932682-2897171434-3520303234-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1040932682-2897171434-3520303234-503 - Limited - Disabled) Guest (S-1-5-21-1040932682-2897171434-3520303234-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1040932682-2897171434-3520303234-1004 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-1040932682-2897171434-3520303234-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{12194BF9-5D21-0664-4B26-A6EFF78B0EF5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) AVS Video Editor 8.0.3 (HKLM-x32\...\AVS Video Editor_is1) (Version: 8.0.3.303 - Online Media Technologies Ltd.) Azkend 2: The World Beneath (HKLM-x32\...\WTA-664a4b5b-4302-40f2-9dac-0f15544575b3) (Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-c3866acb-b025-4ab0-89e0-2057a7e08ff2) (Version: 3.0.2.48 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Coyote The Outlander (HKLM-x32\...\WTA-8bc3b62d-5bb7-4d57-b2f8-513a6762c425) (Version: 3.0.2.59 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.) Hidden Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.) CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.) CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.) Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-0a271643-a42d-4ffd-89dd-89b16957659f) (Version: 3.0.2.59 - WildTangent) Hidden DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Entwined: The Perfect Murder (HKLM-x32\...\WTA-7a4d9b29-1567-44f9-bb71-6c4620d41b23) (Version: 3.0.2.59 - WildTangent) Hidden Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.) Foxit PhantomPDF (HKLM-x32\...\{C1B7C53E-92B4-49B8-9C72-C57D1243D35D}) (Version: 7.0.312.615 - Foxit Software Inc.) Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hidden Odyssey 2 in 1 Pack (HKLM-x32\...\WTA-02366ab1-211b-4c42-a447-e815a2e7722b) (Version: 3.0.2.59 - WildTangent) Hidden Home Makeover (HKLM-x32\...\WTA-19f5685d-a261-4302-979e-5bddaba61ddb) (Version: 3.0.2.59 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{4AD6381C-DBAC-4591-A9C2-DF1DB9F153D3}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.53 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.7.50.3 - HP) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.10.49.21 - HP) HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard) iCloud (HKLM\...\{5FEE6A85-BB93-49AB-8927-F1D780BB6727}) (Version: 7.8.0.7 - Apple Inc.) Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-2a0ca665-6607-4c4a-97b8-787aed7e2901) (Version: 3.0.2.59 - WildTangent) Hidden Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-e7347b91-8618-48fb-baee-e6df3962320d) (Version: 3.0.2.59 - WildTangent) Hidden Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.53 - Softex Inc.) Hidden Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.53 - Softex Inc.) Hidden iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.) Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-417a47a5-3540-4dc9-8883-4428987858a5) (Version: 3.0.2.59 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-a9329a5a-71ef-4f07-ba7c-471fd063eabb) (Version: 3.0.2.59 - WildTangent) Hidden McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9029 - McAfee, Inc.) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5075.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1040932682-2897171434-3520303234-1007\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.8.0.6273 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-US)) (Version: 45.8.0 - Mozilla) Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-8903eda8-7c9a-48d5-81b0-5b774e858147) (Version: 3.0.2.59 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation) osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden Plagiarii (HKLM-x32\...\WTA-a9536395-bddf-4c49-abff-90bf9d601d88) (Version: 3.0.2.59 - WildTangent) Hidden Polar Bowler 1st Frame (HKLM-x32\...\WTA-53ad4b5d-c42d-4acd-99cb-98ee4a6a3675) (Version: 3.0.2.59 - WildTangent) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.46 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30182 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.61 - REALTEK Semiconductor Corp.) Rory's Restaurant (HKLM-x32\...\WTA-24fd686f-2568-4e27-9764-3f0809606f05) (Version: 3.0.2.59 - WildTangent) Hidden Royal Envoy Double Pack (HKLM-x32\...\WTA-41d49531-b30e-4a87-8df2-6958e9d78312) (Version: 3.0.2.59 - WildTangent) Hidden Runefall (HKLM-x32\...\WTA-18f6e204-e6e6-4195-8d3e-623e2cd857c8) (Version: 3.0.2.126 - WildTangent) Hidden Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-188b5dfe-f6aa-4a26-a54e-87359625f99e) (Version: 3.0.2.51 - WildTangent) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated) TuneJack 6.8.0.0 (HKLM-x32\...\TuneJack_is1) (Version: 6.8.0.0 - Purple Ghost Software, Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.20 - NCH Software) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.40 - WildTangent) Hidden WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.47 - WildTangent) Hidden Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-02-18] (Cyberlink) ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-03-03] (Foxit Software Inc.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-04-28] (McAfee, Inc.) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-01] (Apple Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-02-18] (Cyberlink) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-04-28] (McAfee, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04C47FEB-32EF-48C9-8745-DFC332178746} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation) Task: {0E1C3F1A-FF3E-4528-9C3F-020431A97D51} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {135180F0-D2A3-4E7B-8528-E66C99582188} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-12-24] (Hewlett-Packard) Task: {15BB2D5D-B234-4B7D-AADB-CCF8114634D9} - System32\Tasks\HPCeeScheduleFor22 Cres => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {1B0E437E-9FBA-49D8-B844-D69814675B17} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.) Task: {23E3A9DD-428A-4C6D-9BA5-78A69C852660} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-10-14] (McAfee, Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {36829658-19CB-4B51-96FC-C2EA44C68D0F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {38F949F2-988C-46C1-9B15-7AC0D559BB28} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2015-01-09] () Task: {41E5B6CD-8688-429F-9D74-491D1D8411D4} - \WPD\SqmUpload_S-1-5-21-1040932682-2897171434-3520303234-1005 -> No File <==== ATTENTION Task: {44A98657-A7A0-4F1D-BB1D-3FC7B947E579} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {47CB9924-EE0E-44E3-8305-F7A24DC8918D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {494961DF-B690-400B-AF82-1B273F118189} - \WPD\SqmUpload_S-1-5-21-1040932682-2897171434-3520303234-1002 -> No File <==== ATTENTION Task: {4CDD0FD3-13FD-4E51-BCD6-CB4757486C3A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {50FDE74F-4454-427D-8AA6-ABD8213AC83F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {52BB7415-EAA2-474D-AD20-122E55DB5CE4} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION Task: {5E33FA98-FA6F-48B6-B62A-701349B55FEF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {615AFB9F-125C-46EC-94BD-E4AEC1EDBDC0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {673F2840-1F48-4F3A-8C8E-366E860E1959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {675327CB-181B-4659-BDC2-164A40F037B7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {67F2D65A-3875-405C-9387-F1AACE6934B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-12] (Microsoft Corporation) Task: {6B73B96D-60D9-410A-B2E2-0960E6AFBDFE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {7BC15A18-F080-4661-B6BA-FAB35618987B} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-12-24] (Hewlett-Packard) Task: {7D072F4A-AE8A-4265-B3E5-D576B1A8E4C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation) Task: {84F40780-E600-4F12-ACC5-D8E936122419} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {863A13B5-A52B-4828-B311-8D24FFAEECFE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {86472596-C680-4A0D-9989-5CF386669BA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-25] (Google Inc.) Task: {89C5C9C0-0F24-4646-B681-AE1AB54388A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-12] (Microsoft Corporation) Task: {9655C57C-63C1-4D67-8807-D98068546A40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.) Task: {97487626-862E-44B7-8A6E-B5DB8C597E09} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-12] (Microsoft Corporation) Task: {9A0D814B-F152-4665-B358-C762FA9D125A} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-01-16] () Task: {9D6431E5-4FEC-42F0-9DF7-ECEDDD509964} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.) Task: {9EA11DC2-FD91-46FB-BF51-059883D083A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A5842E3E-9FA8-4684-8665-E2B4608D6202} - \WPD\SqmUpload_S-1-5-21-1040932682-2897171434-3520303234-1007 -> No File <==== ATTENTION Task: {AF41A365-48CD-4A2C-A3F6-9266B9C9D989} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {B6DC8A3D-E15F-4FD3-8512-71E1FE38E684} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4a4c0e38-d1ad-4a11-b926-7a543b0b1dd7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com) Task: {B8D17737-3354-4DE8-A7EE-96BD632C65F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {BEC0F0DA-FEEF-472E-B8E9-B0BD4AF83035} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe [2015-02-12] (CyberLink Corp.) Task: {BFB6C1A1-9083-4C61-8A89-329006FDD1A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-07] (Piriform Ltd) Task: {CFF72447-DE42-47E6-AE4B-A357F7BA0CA6} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-12-24] (Hewlett-Packard) Task: {D3CE86D9-3FF3-4818-960D-75990B9A01A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.) Task: {D488A6B4-AD97-4B3D-B8EA-37523AE0AD0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation) Task: {D8A56DAC-6D68-4933-8BF9-738C6184EFF8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation) Task: {DA5EC152-2F31-4C07-8E18-6B121B1E7B63} - System32\Tasks\SUPERAntiSpyware Scheduled Task 6dbcbfeb-5786-47ce-8a0a-357dc3e4fcd5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com) Task: {DD335090-4CED-4171-AC74-6ED9D18B3FC4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.) Task: {E323A8CA-C217-4E3E-B7AA-4348C9B33590} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-25] (Google Inc.) Task: {E54297F6-8CB8-406F-99BD-F18C6027FBC0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {F4860E6E-7449-4743-BD2F-3E0ACDA2AA1F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {FAEC9C28-DA59-4E06-9CD8-428AFA0D8F64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-12] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleFor22 Cres.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 4a4c0e38-d1ad-4a11-b926-7a543b0b1dd7.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 6dbcbfeb-5786-47ce-8a0a-357dc3e4fcd5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\22 Cres\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm ==================== Loaded Modules (Whitelisted) ============== 2018-04-12 12:34 - 2018-04-12 12:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2016-02-18 17:12 - 2014-04-14 18:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-04-20 21:23 - 2015-04-20 21:23 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2016-05-09 13:07 - 2017-01-17 05:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-07-12 15:00 - 2015-02-06 08:27 - 000108248 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2017-03-22 13:39 - 2017-02-01 01:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2018-04-12 12:34 - 2018-04-12 12:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-12 12:49 - 2018-11-09 15:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-08-05 18:57 - 2018-08-05 18:57 - 001308672 _____ () c:\windows\system32\FaceProcessor.dll 2018-08-05 18:57 - 2018-08-05 18:57 - 000542888 _____ () c:\windows\system32\FaceProcessorCore.dll 2018-04-12 12:34 - 2018-04-12 12:34 - 001348664 _____ () c:\windows\system32\FaceTrackerInternal.dll 2018-12-24 10:13 - 2018-12-14 19:50 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-07-11 18:06 - 2018-07-11 18:07 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll 2018-10-16 20:59 - 2018-10-16 21:00 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2018-12-17 07:48 - 2018-12-17 07:48 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll 2018-12-17 07:48 - 2018-12-17 07:48 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 2015-04-20 21:23 - 2015-04-20 21:23 - 000138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2018-10-22 13:59 - 2018-10-22 13:59 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-10-22 13:59 - 2018-10-22 13:59 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2017-11-04 11:48 - 2017-10-31 13:08 - 000099872 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2018-11-06 22:05 - 2018-11-06 22:06 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll 2018-11-06 22:05 - 2018-11-06 22:06 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-11-06 22:05 - 2018-11-06 22:06 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll 2018-12-02 17:05 - 2018-12-02 17:05 - 032247296 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18102.10531.0_x64__8wekyb3d8bbwe\Music.UI.exe 2018-12-02 17:05 - 2018-12-02 17:05 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18102.10531.0_x64__8wekyb3d8bbwe\SharedUI.dll 2018-01-27 15:07 - 2018-01-27 15:07 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18102.10531.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-12-02 17:05 - 2018-12-02 17:05 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18102.10531.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-12-02 17:05 - 2018-12-02 17:05 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18102.10531.0_x64__8wekyb3d8bbwe\EntCommon.dll 2018-12-10 12:54 - 2018-12-10 12:55 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe 2018-12-10 12:54 - 2018-12-10 12:55 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll 2018-01-27 15:07 - 2018-01-27 15:07 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-12-02 17:05 - 2018-12-02 17:05 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-12-10 12:54 - 2018-12-10 12:54 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll 2018-12-10 12:56 - 2018-12-10 12:57 - 004220928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe 2018-12-10 12:52 - 2018-12-10 12:52 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-12-17 07:44 - 2018-12-12 18:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-17 07:44 - 2018-12-12 18:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll 2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-10-21 02:17 - 2018-10-21 02:17 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2018-10-21 02:17 - 2018-10-21 02:17 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-23 02:25 - 2013-08-23 02:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1040932682-2897171434-3520303234-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\22 Cres\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\21248044_10154826423523062_676226967_o.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{587A22CA-F0E6-46DD-9131-2742A1FF3452}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp.) FirewallRules: [{5A275D84-4278-4E03-88EB-9C247B5275A6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp.) FirewallRules: [{ADEB86F1-7D0C-46A9-BD03-D358FECD0E01}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) FirewallRules: [{F2C47EA4-A8D2-4DF2-9E63-D001EF40E79D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp.) FirewallRules: [{B645A483-E16E-46D5-9B66-A59F170F1225}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) FirewallRules: [{995C4195-E7DC-4385-9EE0-0E251AFB5117}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation) FirewallRules: [{DCF86060-65B1-443E-96BC-5CCC6E28DB5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation) FirewallRules: [{2BECB340-5F62-42C0-A040-36066B2D7329}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation) FirewallRules: [{3332950B-6A7F-4DB9-86F6-947CFFE6AD79}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation) FirewallRules: [{F6E4D7BE-327C-4AFC-8748-9A72886328EF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation) FirewallRules: [{3844DD19-595E-48D5-AF91-ED2109002C21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{20F8C49F-C1F4-45FE-83A6-0935300F103B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{D8F08DC9-1621-4F9B-B12E-33C0E922540E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{A7796D4A-4F34-47A0-870F-54D4BB5AC0A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{BF2D8718-E892-4921-9805-5AB4FF9FF9ED}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) FirewallRules: [{32EE39EE-ADCD-4CB9-9358-F1FF91DCBBD7}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) FirewallRules: [{1264A75A-57A6-42C0-9A0B-70924DE4CE7E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ==================== Restore Points ========================= 10-12-2018 12:45:22 Windows Modules Installer 24-12-2018 10:11:19 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2018 06:35:27 PM) (Source: ESENT) (EventID: 455) (User: ) Description: taskhostw (6244,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\22 Cres\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (12/27/2018 06:35:27 PM) (Source: ESENT) (EventID: 490) (User: ) Description: taskhostw (6244,R,98) WebCacheLocal: An attempt to open the file "C:\Users\22 Cres\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (12/19/2018 10:22:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x5535a686 Faulting module name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x5535a686 Exception code: 0xc0000005 Fault offset: 0x000000000000b9d4 Faulting process id: 0x1ec8 Faulting application start time: 0x01d495a8583a3589 Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe Report Id: d94507cc-222b-4fbb-a7ca-14eb8932812e Faulting package full name: Faulting package-relative application ID: Error: (12/17/2018 08:08:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x5535a686 Faulting module name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x5535a686 Exception code: 0xc0000005 Fault offset: 0x000000000000b9d4 Faulting process id: 0x1ec8 Faulting application start time: 0x01d491d618d46a4f Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe Report Id: 00addcfc-65eb-4ae0-a120-aff3aa77eee3 Faulting package full name: Faulting package-relative application ID: Error: (12/12/2018 12:55:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x5535a686 Faulting module name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x5535a686 Exception code: 0xc0000005 Fault offset: 0x000000000000b9d4 Faulting process id: 0x1d38 Faulting application start time: 0x01d49042b830159a Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe Report Id: 34afa30d-102f-4c47-8f83-e92415b5711a Faulting package full name: Faulting package-relative application ID: Error: (12/10/2018 01:10:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x5535a686 Faulting module name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x5535a686 Exception code: 0xc0000005 Fault offset: 0x000000000000b9d4 Faulting process id: 0x1d9c Faulting application start time: 0x01d48e004f7d7f0f Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe Report Id: 0c1ded3f-9901-4629-95fb-4fce856b7b4d Faulting package full name: Faulting package-relative application ID: Error: (12/10/2018 12:52:59 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/07/2018 08:43:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchUI.exe version 10.0.17134.407 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2254 Start Time: 01d48e007328e331 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Report Id: 6f1271c0-fc8b-4b64-942b-c1d623f9540e Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI System errors: ============= Error: (12/27/2018 07:22:53 PM) (Source: DCOM) (EventID: 10016) (User: LWRAKL) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user LWRAKL\22 Cres SID (S-1-5-21-1040932682-2897171434-3520303234-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/27/2018 07:02:13 PM) (Source: DCOM) (EventID: 10016) (User: LWRAKL) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user LWRAKL\22 Cres SID (S-1-5-21-1040932682-2897171434-3520303234-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/27/2018 06:37:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/27/2018 06:36:23 PM) (Source: DCOM) (EventID: 10016) (User: LWRAKL) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user LWRAKL\22 Cres SID (S-1-5-21-1040932682-2897171434-3520303234-1007) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (12/27/2018 06:35:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Home Network service hung on starting. Error: (12/27/2018 06:34:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/27/2018 06:33:48 PM) (Source: DCOM) (EventID: 10016) (User: LWRAKL) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user LWRAKL\22 Cres SID (S-1-5-21-1040932682-2897171434-3520303234-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/27/2018 06:33:46 PM) (Source: DCOM) (EventID: 10016) (User: LWRAKL) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user LWRAKL\22 Cres SID (S-1-5-21-1040932682-2897171434-3520303234-1007) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-12-24 11:38:06.107 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {7A1D8348-88FB-4F35-8728-58E8968D6AE7} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-12-24 11:17:31.016 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {039F53E3-04AF-44E6-B42B-9B571E94AC14} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-12-24 10:51:57.551 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {6DB8FF5D-E36E-47B7-A509-679A3FC39327} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-12-17 09:17:39.518 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F7119A6B-D98D-4DF8-9C71-15ADB20A569B} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-12-10 15:53:15.028 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {07E031DC-A032-4C31-8CFC-E89795A2F13A} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-12-10 13:00:09.255 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Signature Type: Update Type: Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-12-10 12:58:56.718 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.1215.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15500.2 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-12-07 20:50:14.540 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.1215.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15400.5 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-12-07 20:50:14.538 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.1215.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15400.5 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-12-07 20:50:14.537 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.1215.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15400.5 Error code: 0x80072ee7 Error description: The server name or address could not be resolved ==================== Memory info =========================== Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics Percentage of memory in use: 53% Total physical RAM: 7113.01 MB Available physical RAM: 3304.03 MB Total Virtual: 8265.01 MB Available Virtual: 4969.7 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:901.87 GB) (Free:737.97 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:27.68 GB) (Free:3.05 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{e933d156-882c-4d30-a184-9ed71f352569}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.36 GB) NTFS \\?\Volume{3b4caf3e-fbf0-4003-856e-4604ac522fea}\ () (Fixed) (Total:0.94 GB) (Free:0.37 GB) NTFS \\?\Volume{733583bc-acd4-4d05-a592-42cca65f9735}\ () (Fixed) (Total:0.25 GB) (Free:0.13 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: EC0A3AC4) Partition: GPT. ==================== End of Addition.txt ============================