Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer very slow; could it be a virus?


  • Please log in to reply

#1
frogg25

frogg25

    Member

  • Member
  • PipPip
  • 33 posts

Hi, 

Besides the title above, my computer doesn't connect right away to wi-fi, as it previously did. When I click on a browser, Chrome and MS Edge, I get the message that I'm not connected. I'm not sure if that has anything to do with a virus, and also, that started after my last windows update. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by msnancy (administrator) on NMS-HPLAPTOP (09-07-2017 01:30:52)
Running from C:\Users\msnancy\Desktop
Loaded Profiles: msnancy (Available Profiles: msnancy)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853760 2016-03-28] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48616 2015-07-21] (CenturyLink Inc)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FocalFilterHelper.lnk [2017-02-12]
ShortcutTarget: FocalFilterHelper.lnk -> C:\Program Files (x86)\FocalFilter\FocalFilterHelper.exe (Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-02-01]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{15c629a5-c976-4d38-9439-bbc709bfbcf4}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{b3104797-83c1-4757-b734-b2ddce4ef94e}: [DhcpNameServer] 192.168.0.1 205.171.2.226
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-05] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-05] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-11-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-11-21] (McAfee, Inc.)
 
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-10-24] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-21] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.duckduckgo.com/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxp://google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://jnnbmiailafajdkboegcjcdklooomfic/stubby.html", Not-active:"chrome-extension://aobadcdcjhddnkicijcmnpfppjdekplf/stubby.html"
CHR DefaultSearchKeyword: Default -> ls
CHR Profile: C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default [2017-07-09]
CHR Extension: (Google Slides) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-08]
CHR Extension: (Ancient History Encyclopedia) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2017-01-16]
CHR Extension: (Gojee Food) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2017-01-16]
CHR Extension: (RadioRage) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobadcdcjhddnkicijcmnpfppjdekplf [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-08]
CHR Extension: (Google Drive) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-08]
CHR Extension: (Open with Microsoft Office Online Viewer) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcknfcclbcpdeopdopomkdbjmldgdeld [2017-01-16]
CHR Extension: (TV) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-01-16]
CHR Extension: (Quizlet) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2017-01-16]
CHR Extension: (YouTube) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-10]
CHR Extension: (Honey) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-07-02]
CHR Extension: (GeoGebra Math Apps) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2017-01-16]
CHR Extension: (CoastalAir-17) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciambokcolnkdpheogpkdcelmmbinhen [2017-05-23]
CHR Extension: (Lucidchart Diagrams - Desktop) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj [2017-06-24]
CHR Extension: (Adobe Acrobat) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Harvest Time Tracker) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpiglieekigmkeebmeohkelfpjjlaia [2017-06-19]
CHR Extension: (Google Sheets) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
CHR Extension: (SearchBar) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed [2017-02-13]
CHR Extension: (Full Screen Weather) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2017-01-16]
CHR Extension: (Lazy Scholar) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpbdcofpbclblalghaepibbagkkgpkak [2017-05-18]
CHR Extension: (BriefTube - Instant video summarizer) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfckdcbnnkobldfaefmhaigdolfniill [2017-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-10]
CHR Extension: (Planetarium) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2017-01-16]
CHR Extension: (Save to Google Drive) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-09-17]
CHR Extension: (SwagButton) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2017-07-08]
CHR Extension: (SuperSorter) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2017-01-25]
CHR Extension: (Google Keep - notes and lists) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-07-07]
CHR Extension: (Kami - PDF and Document Markup) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljojpiodmlhoehoecppliohmplbgeij [2017-03-15]
CHR Extension: (WeatherBlink) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2017-05-17]
CHR Extension: (Grammarly for Chrome) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-08]
CHR Extension: (Little Alchemy) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2017-01-16]
CHR Extension: (Google Scholar Button) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2017-03-25]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2017-01-16]
CHR Extension: (Google Maps) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-01-16]
CHR Extension: (Marinara: Pomodoro Timer) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojgmehidjdhhbmpjfamhpkpodfcodef [2017-03-29]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-04-22]
CHR Extension: (Boomerang for Gmail) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-05-16]
CHR Extension: (Google Play Books) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-01-16]
CHR Extension: (Wikibuy) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-06-30]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2017-01-16]
CHR Extension: (Cite This For Me: Web Citer) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnmhgkokpalnmbeighfomegjfkklkle [2017-02-14]
CHR Extension: (Twinword Finder) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\npghlhgagddknpcccbgncondbkdpehof [2017-02-13]
CHR Extension: (Evernote Web Clipper) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-05-23]
CHR Extension: (Gmail) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-08]
CHR Extension: (Chrome Media Router) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR Profile: C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-09]
CHR HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0028841499385227mcinstcleanup; C:\WINDOWS\TEMP\002884~1.EXE [961888 2016-05-16] (McAfee, Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-20] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1392792 2016-03-01] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 HP Comm Recover; c:\Program Files\HPCommRecovery\HPCommRecovery.exe [44032 2016-03-02] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-07] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [994848 2016-11-21] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [352104 2015-09-29] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [404368 2017-06-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [473088 2016-06-27] (Livescribe) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-03-28] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-09-08] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-04-26] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2016-03-01] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2016-03-01] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2016-03-01] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [49456 2015-08-20] (Intel)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [134456 2015-08-31] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [69936 2015-08-31] (Intel)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R1 MpKsl9c0d6490; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47B8190B-C85B-4CBE-92B3-4B38234FF692}\MpKsl9c0d6490.sys [44928 2017-06-23] (Microsoft Corporation)
R1 MpKsla8db7163; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FCE57958-EBEA-44BD-8026-21C02E721BAC}\MpKsla8db7163.sys [44928 2017-07-09] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
S3 PulseUsb; C:\WINDOWS\System32\drivers\PulseUsb.sys [26112 2016-06-27] (Windows ® Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-03-01] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [758488 2016-03-01] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-04-26] (Synaptics Incorporated)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [31280 2016-01-28] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-09 01:30 - 2017-07-09 01:31 - 00034687 _____ C:\Users\msnancy\Desktop\FRST.txt
2017-07-09 01:30 - 2017-07-09 01:30 - 00000000 ____D C:\FRST
2017-07-09 01:28 - 2017-07-09 01:29 - 02437120 _____ (Farbar) C:\Users\msnancy\Desktop\FRST64.exe
2017-07-09 01:16 - 2017-07-09 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-07-09 01:13 - 2017-07-09 01:13 - 01388448 _____ C:\Users\Public\VOIP.dat
2017-07-09 01:13 - 2017-07-09 01:13 - 01388448 _____ C:\Users\Public\GROUP.dat
2017-07-09 01:13 - 2017-07-09 01:13 - 01388448 _____ C:\Users\Public\ASR.dat
2017-07-08 16:51 - 2017-07-08 16:51 - 00000000 ___HD C:\OneDriveTemp
2017-07-08 11:43 - 2017-07-08 14:16 - 00000000 ____D C:\Users\msnancy\Documents\HAIR
2017-07-01 22:09 - 2017-07-01 22:09 - 00000000 ____D C:\Users\msnancy\Desktop\NICOLE
2017-06-30 19:36 - 2017-06-30 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-06-30 19:35 - 2017-06-30 19:35 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-06-27 21:19 - 2017-06-27 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-27 21:13 - 2017-06-27 21:13 - 00000000 ____D C:\Users\msnancy\Documents\NICOLE
2017-06-26 06:27 - 2017-06-26 06:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-22 17:27 - 2017-06-22 17:27 - 00338046 _____ C:\Users\msnancy\Desktop\TODAYupload.pdf
2017-06-20 12:20 - 2017-06-20 12:22 - 00015552 _____ C:\Users\msnancy\Desktop\QCH6 online answer.xlsx
2017-06-18 14:05 - 2017-06-18 14:05 - 00000000 _____ C:\Users\msnancy\Documents\risk factors health me diabetes.txt
2017-06-15 21:57 - 2017-06-15 21:58 - 00000000 ____D C:\Users\msnancy\Documents\CPA EXAM
2017-06-15 18:29 - 2017-06-15 18:29 - 00000067 _____ C:\Users\msnancy\Documents\Emily Advice.txt
2017-06-15 08:03 - 2017-06-15 08:03 - 00000000 ____D C:\Users\msnancy\Documents\FeedbackHub
2017-06-14 19:19 - 2017-06-14 19:19 - 00000000 _____ C:\Users\msnancy\Documents\HP ePrint
2017-06-14 09:02 - 2017-06-14 09:02 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-13 18:41 - 2017-06-13 18:41 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-06-13 18:41 - 2017-06-13 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-13 18:40 - 2017-06-13 18:41 - 00000000 ____D C:\Program Files\iTunes
2017-06-13 18:40 - 2017-06-13 18:40 - 00000000 ____D C:\Program Files\iPod
2017-06-13 18:33 - 2017-06-13 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-06-13 16:37 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 16:37 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 16:37 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 16:37 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-13 16:37 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-13 16:37 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 16:37 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 16:37 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 16:37 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-13 16:37 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 16:37 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-13 16:37 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-13 16:37 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 16:37 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 16:37 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-13 16:37 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-13 16:37 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-13 16:37 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 16:37 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-13 16:37 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-13 16:37 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-13 16:37 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 16:37 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-13 16:37 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-13 16:37 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-13 16:37 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 16:37 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 16:37 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 16:37 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 16:37 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 16:37 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 16:37 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 16:37 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 16:37 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-13 16:37 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 16:37 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 16:37 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-13 16:37 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 16:37 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-13 16:37 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 16:37 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-13 16:37 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-13 16:37 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-13 16:37 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-13 16:37 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-13 16:37 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 16:37 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-13 16:37 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 16:37 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 16:37 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 16:37 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 16:37 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 16:37 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 16:37 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 16:37 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 16:37 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 16:37 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-13 16:37 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-13 16:37 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 16:37 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-13 16:37 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 16:37 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 16:37 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 16:37 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-13 16:37 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 16:37 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 16:37 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-13 16:37 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 16:37 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-13 16:37 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-13 16:37 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 16:37 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 16:37 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 16:37 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 16:37 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-13 16:37 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 16:37 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 16:37 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 16:37 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 16:37 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-13 16:37 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 16:37 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 16:37 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 16:37 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-13 16:37 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 16:37 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 16:37 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 16:37 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 16:37 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 16:37 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 16:37 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 16:37 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-13 16:37 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 16:37 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 16:37 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-13 16:37 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 16:37 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 16:37 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-13 16:37 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-13 16:37 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-13 16:37 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-13 16:37 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-13 16:37 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-13 16:36 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-13 16:36 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-13 16:36 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-13 16:36 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 16:36 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 16:36 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-13 16:36 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 16:36 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 16:36 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 16:36 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-13 16:36 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 16:36 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-13 16:36 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 16:36 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 16:36 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 16:36 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-13 16:36 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-13 16:36 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-13 16:36 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 16:36 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 16:36 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-13 16:36 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 16:36 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-13 16:36 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-13 16:36 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-13 16:36 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-13 16:36 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 16:36 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 16:36 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 16:36 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-12 13:38 - 2017-06-12 13:38 - 00000000 ____D C:\Users\msnancy\New folder
2017-06-11 12:28 - 2017-06-11 12:28 - 00000000 ____D C:\Users\msnancy\Documents\New folder
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-09 01:17 - 2016-11-05 14:32 - 00000000 ___RD C:\Users\msnancy\OneDrive - ECSU
2017-07-09 01:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-09 01:14 - 2016-06-13 00:22 - 00000000 ____D C:\ProgramData\McAfee
2017-07-09 01:13 - 2016-09-08 18:26 - 00000000 __SHD C:\Users\msnancy\IntelGraphicsProfiles
2017-07-09 01:13 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-09 01:11 - 2016-10-13 22:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-09 01:11 - 2016-10-13 22:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-09 01:11 - 2016-09-22 22:10 - 00000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormsnancy.job
2017-07-08 10:02 - 2017-05-16 15:01 - 00003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-07-08 00:22 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-08 00:20 - 2016-10-13 22:27 - 00003266 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormsnancy
2017-07-06 19:06 - 2016-05-10 12:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-05 21:37 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-30 19:36 - 2016-10-26 08:48 - 00002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-06-30 19:35 - 2016-10-26 09:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-06-29 21:16 - 2017-05-17 20:55 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-29 21:16 - 2017-05-17 20:55 - 00000000 ____D C:\Program Files\UNP
2017-06-28 19:00 - 2017-01-14 16:27 - 00000000 ____D C:\Users\msnancy\Documents\HEALTH
2017-06-28 18:29 - 2017-03-26 12:20 - 00018183 _____ C:\Users\msnancy\Desktop\MED PURCHASES.xlsx
2017-06-27 21:43 - 2016-09-08 18:26 - 00000000 ____D C:\Users\msnancy\AppData\Local\Packages
2017-06-27 21:26 - 2016-09-08 19:21 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 21:20 - 2016-05-10 11:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-25 14:34 - 2017-03-13 16:26 - 00000000 ____D C:\Users\msnancy\AppData\Roaming\Apple Computer
2017-06-22 13:00 - 2016-12-21 17:12 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 13:00 - 2016-09-08 18:29 - 00002423 _____ C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 12:57 - 2016-10-13 22:27 - 00004252 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
2017-06-19 16:33 - 2017-01-14 16:27 - 00000000 ____D C:\Users\msnancy\Documents\DIABETES
2017-06-17 19:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-17 12:03 - 2015-11-02 14:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 10:53 - 2017-04-01 16:30 - 00000000 ____D C:\Users\msnancy\Documents\ECSU SUMMER 17
2017-06-15 08:08 - 2015-11-03 02:05 - 02674816 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 08:03 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-15 08:02 - 2016-10-13 22:10 - 00000000 ____D C:\Users\msnancy
2017-06-15 08:00 - 2016-07-16 02:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-14 20:15 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-14 20:13 - 2016-10-20 07:18 - 00000000 ____D C:\Users\msnancy\AppData\Local\Dropbox
2017-06-14 18:55 - 2017-06-08 13:45 - 00000000 ____D C:\Users\msnancy\Documents\OBITS
2017-06-14 09:30 - 2017-03-13 16:26 - 00000000 ____D C:\Users\msnancy\AppData\Local\Apple Computer
2017-06-14 09:03 - 2016-10-13 22:03 - 00369880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 09:02 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 09:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 09:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-13 18:33 - 2017-03-13 16:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-06-13 17:12 - 2016-09-09 20:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 17:07 - 2016-09-09 20:35 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 17:07 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-12 14:31 - 2017-04-17 12:49 - 00000000 ____D C:\Users\msnancy\Documents\FOOD
 
==================== Files in the root of some directories =======
 
2017-01-14 17:29 - 2017-01-14 17:30 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Public\ASR.dat
C:\Users\Public\GROUP.dat
C:\Users\Public\VOIP.dat
 
 
Some files in TEMP:
====================
2016-10-22 18:58 - 2016-10-22 18:58 - 1730632 ____N () C:\Users\msnancy\AppData\Local\Temp\CenturyLinkDesktopApps.exe
2016-10-25 15:36 - 2015-01-19 18:48 - 1126480 ____N (CANON INC.) C:\Users\msnancy\AppData\Local\Temp\MSETUP4.EXE
2016-10-22 19:43 - 2016-10-22 19:43 - 1760760 _____ (Symantec Corporation) C:\Users\msnancy\AppData\Local\Temp\NAV2015.exe
2016-10-22 19:43 - 2016-10-22 19:43 - 0795048 _____ (Symantec Corporation) C:\Users\msnancy\AppData\Local\Temp\QwrapMar.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-08 11:17
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by msnancy (09-07-2017 01:32:29)
Running from C:\Users\msnancy\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-14 02:31:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1037992593-1840114212-2236592287-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1037992593-1840114212-2236592287-503 - Limited - Disabled)
Guest (S-1-5-21-1037992593-1840114212-2236592287-501 - Limited - Disabled)
msnancy (S-1-5-21-1037992593-1840114212-2236592287-1001 - Administrator - Enabled) => C:\Users\msnancy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-60bcb449-41aa-4f8e-b9b8-586f50a466ab) (Version: 3.0.2.118 - WildTangent) Hidden
ACL Desktop Education Edition (HKLM-x32\...\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}) (Version: 9.0.0.243 - ACL Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Amazon Redshift ODBC Driver 64-bit (HKLM\...\{788C401A-726B-4CE7-8BC2-89FD7967A6ED}) (Version: 1.2.7 - Amazon Corporate LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-819fa2cf-7699-4053-887e-1a741e82c021) (Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-e688789e-6324-42a9-a8d0-0653876e3bd0) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-f38df94d-dab3-4157-a62d-af21fa51ad18) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.01 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-180ba563-3c37-46df-883e-12570e1f2933) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Echo Desktop (HKLM-x32\...\Echo Desktop 3.0.4) (Version: 3.0.4 - Livescribe Inc)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-ac1d278d-c4f2-4b98-919f-27dcf35ed85c) (Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Excel QM v5.2 (HKLM-x32\...\{4F1155FD-9C2B-4C73-94BD-0EEDDDEDECEE}) (Version: 5.2.112 - Pearson)
FocalFilter (HKLM-x32\...\{78156F61-016D-402A-9EF9-C2AA253DB22A}) (Version: 0.9.00 - FocalFilter)
focus booster version 2.2.0 (HKLM-x32\...\{4A8CD634-78D6-4A35-9D1E-98CCBD11910B}_is1) (Version: 2.2.0 - focus booster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Green City: Go South (HKLM-x32\...\WTA-1bb75a08-91c7-4ec6-b6d3-5ad97f194f10) (Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (HKLM-x32\...\WTA-949aad13-542e-4dea-8930-5ba92a7fffad) (Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-213027ed-1993-451c-9e82-4c6ce0ed7da3) (Version: 3.0.2.59 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{6A96E483-C0BD-456F-885B-7A0BAC7430AD}) (Version: 2.21.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.4.19.3 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.22.13 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.9 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
IGT Slots Fire Rubies (HKLM-x32\...\WTA-5584ab78-1b6e-4226-894e-19be515c31f0) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-9ff89fee-abfb-4b63-a6cf-7fc85d654048) (Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{AC8973AF-7F4C-40F4-BFE1-C02FE95ED2C2}) (Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{dab50e7a-3a51-4ce0-9644-131748487cfe}) (Version: 3.0.4.1012 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{6725DB57-487E-42F9-B986-A3113872FE47}) (Version: 3.0.4.1012 - Intel Corporation) Hidden
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Jewel Match Snowscapes (HKLM-x32\...\WTA-f43843e4-c8e7-4d5a-992c-4d1e48df5634) (Version: 3.0.2.118 - WildTangent) Hidden
Little Boy: Walter's Scooter (HKLM-x32\...\WTA-2e9ddbde-af1c-4271-8749-4976d14200a0) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-c230c780-ec32-481a-9aca-668c8b8ad2c3) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-509f3083-588d-4197-b7cc-f3266fdd2c0c) (Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-e28885a9-bda0-49dc-9b46-2c2ac01cae7d) (Version: 3.0.2.59 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.190 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.584.4 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Plagiarii (HKLM-x32\...\WTA-3f72b9ed-4561-46bf-9e79-9a6a3afa20f5) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-949485e7-651f-4df0-a9c0-39bae09c7c02) (Version: 3.0.2.59 - WildTangent) Hidden
POM-QM for Windows, v5 (HKLM-x32\...\POM-QM for Windows, v5) (Version: 5 - Pearson Education Inc)
psqlODBC_x64 (HKLM\...\{E80C56AD-5F68-4A6D-8016-FF394E1954FA}) (Version: 09.05.0300 - PostgreSQL Global Development Group)
PuppetShow: Return to Joyville (HKLM-x32\...\WTA-24496c0d-a263-45b8-88fb-492cd85d4a57) (Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (HKLM-x32\...\WTA-e88c35b2-5197-4e47-9eff-2f65809f7273) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7779 - Realtek Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\WTA-8bb7e1ba-cace-4dd1-a324-81464820f000) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-b36067ef-6992-4930-b5c9-b11b3de9a831) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-9d4dd840-6880-4b69-9024-689756b15b3f) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-e19f62fa-a96b-4185-8f71-bed6e34d64a6) (Version: 3.0.2.59 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.10 - Synaptics Incorporated)
Tableau 10.2 (10200.17.0216.1925) (HKLM\...\{C7A22BE0-D202-4358-B24F-B1943CFF6F91}) (Version: 10.2.113 - Tableau Software) Hidden
Tableau 10.2 (10200.17.0216.1925) (HKLM-x32\...\{cd1d4f84-772f-48d8-ad61-de47230b71c1}) (Version: 10.2.113 - Tableau Software)
Tasty Blue (HKLM-x32\...\WTA-1d11ac47-cea1-44a0-84a6-90749c3fe756) (Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-35f0afcd-dd2b-460d-bcc3-524e3fd85c74) (Version: 1.1.2.4 - WildTangent) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.2 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WordFlood 1.2 (remove only) (HKLM-x32\...\WordFlood 1.2) (Version:  - )
XMind 7.5 Update 1 (v3.6.51) (HKLM-x32\...\XMind_is1) (Version: 3.6.51.201607142338 - XMind Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-11-21] (McAfee, Inc.)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxDTCM.dll [2017-02-22] (Intel Corporation)
ContextMenuHandlers06: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-11-21] (McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05D9692F-60D5-48F7-9468-6858F249F000} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\msnancy\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {0F66443C-F5FE-48B6-9333-62316AFC70ED} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {1321F9B7-DB69-4B68-9193-A6595CF46786} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.)
Task: {152C07FD-02F6-4F6F-B5CA-1E43D8259112} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-08] (Google Inc.)
Task: {2D1F34F3-DC5D-4EF0-A53E-3B127EDCD1C3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {34F01C63-17C8-4477-83B6-5AC592F405B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {3D2AB328-F19C-4828-81B8-47C2D2EE830A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {4126969B-991D-44EE-8350-DBC1428C586C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {450856C8-FF12-4244-9B5D-F63827151E70} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {55DEC307-CB48-4587-9554-387873E159F2} - System32\Tasks\{CA8A3673-B0AC-41D5-863C-E1C5214CF2ED} => pcalua.exe -a "C:\Users\msnancy\Documents\ECSU SP17\ACCT425-01 Financial Auditing\ACL DATA\ACL_9_Software\Install Armond Dalton Data.exe" -d "C:\Users\msnancy\Documents\ECSU SP17\ACCT425-01 Financial Auditing\ACL DATA\ACL_9_Software"
Task: {6BFBD066-881A-491A-9968-FE868EB1A9C0} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-09-08] (AVAST Software)
Task: {71FE717E-2EB4-41CD-BE26-03C2581CAC21} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-20] (Dropbox, Inc.)
Task: {7221A6C8-7FCF-495A-805A-14B51AD91A91} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {73C53121-B02C-4F7A-AE8A-E3217B8002C1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-05] (Microsoft Corporation)
Task: {7B77FF4F-0EC4-440E-8F5B-E8C4522D6C6D} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {862DB034-AEF0-476D-B81D-F0DAD95FBA9A} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {924F8EDE-10A3-4CCF-A5A2-F297571F57A3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-20] (Dropbox, Inc.)
Task: {974163B0-D224-4AB2-B642-CF03A18AA0E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {9A51B66C-6257-4FFB-8A67-D9A8DB198A20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {9CB6E2EE-06B7-4FCF-9965-4C3801FEFFA2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {9FF21122-083D-47EE-850A-467BA4522B1A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-05] ()
Task: {AA138DFA-B826-45CB-8BBC-1BF22AB60293} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-05] (Microsoft Corporation)
Task: {AAE678D0-0E67-43B9-9677-058BB69D3498} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-05] (Microsoft Corporation)
Task: {AF3CF212-E1D2-4B24-9031-40DEF9BD6D00} - System32\Tasks\HPCeeScheduleFormsnancy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B3B7D43D-2CEC-439C-A631-6B912224A168} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {BBC77D7F-073B-495F-8DF2-2592E2F1C0A1} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-09-08] (AVAST Software)
Task: {C476A89B-A8D0-4064-B9D4-910A006FF831} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CC140023-4B64-4404-B2A3-C0AE92FE8F29} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {DD7B3E57-5C49-4368-92AB-AA399D6CC9BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {E2ADD2BF-0579-4476-8DB3-EE75C4BB7FF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {E5F41968-96F1-4A7D-B1D0-5A102E03FF8B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-05] ()
Task: {E95216C9-C55A-4960-BC18-75175CF01FB4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {EF4F0473-ED28-40FA-B76F-4D23EFBC774D} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2015-10-23] (HP Development Company, L.P.)
Task: {F9FDF8B5-5377-4B60-A7E5-E87D27EF724D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {FFB39212-091C-4982-AA2A-80C388C2E16F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {FFDD1E66-45C9-481B-B1D5-87ABD1500B7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-08] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormsnancy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Lucidchart Diagrams - Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djejicklhojeokkfmdelnempiecmdomj
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.vudu.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-13 16:37 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-13 00:14 - 2014-04-14 21:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-09-08 18:23 - 2016-09-08 18:23 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-10-14 01:57 - 2016-10-14 01:57 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:35 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:36 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:36 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:36 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 16:37 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 16:37 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 16:37 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-06-27 21:26 - 2017-06-22 23:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-06-27 21:26 - 2017-06-22 23:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
2017-06-21 09:01 - 2017-06-21 09:02 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 09:01 - 2017-06-21 09:02 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 09:01 - 2017-06-21 09:02 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 09:01 - 2017-06-21 09:02 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-24 00:34 - 2016-10-25 01:31 - 00508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll
2016-06-27 17:58 - 2016-06-27 17:58 - 00275968 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-31 18:45 - 2016-10-31 18:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-09-08 18:23 - 2016-09-08 18:24 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\...\sharepoint.com -> hxxps://ecsu-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2017-06-30 19:36 - 00000871 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\msnancy\Documents\DIABETES\BLOOD SUGAR.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "CenturyLinkTouchPointAgent"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8A722782-0B67-46E7-ADFE-0C91E5DE4D14}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4C01031C-829E-4C58-B211-21704FA0C935}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B80D07A1-0423-45A6-9B09-06F106168A30}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{6233A086-7DC3-4B61-8C75-B3FD6AD73FB9}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{F91D113A-88D7-477D-A708-7FF986E5F95E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{107970F7-ED30-4CE6-A008-1B96AF78C34D}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{4788FE1D-1889-4EFD-8FBB-62DF6FE0778D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{4F1240FE-5561-4D64-8FE9-BC41A606E628}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A7EF9DFE-2EF8-4819-AC9E-99383ED0535D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{3678AEE7-7B71-41A2-A4AC-912119582D1E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{E61E97B2-1941-4304-A0C6-CB4C6EE1980A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{01373777-52E4-4A57-88F9-0BF5AF71B667}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{A7E71A89-2B9F-407B-802B-70785573F86C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6B94AB5E-DA90-46A3-AF0B-3A5A7BFE11E2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F277E66-52AC-44E9-BC3D-DAA7A21CB436}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DBAB9417-2616-4783-91F8-11BCC96B694A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B61BF0DB-46F3-4600-94AB-DC96424D2895}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5482A5CF-9D26-42A9-B07F-37353905CC55}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7A7CAF67-1047-49FA-A4FE-7FE404FC3934}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{564E720C-487A-44DD-AA67-76F7A4BF127D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{97516B03-4BEC-4AB7-9E18-4FE648FD45A0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{C7C13E58-C8BB-4842-AF37-40B2A20C41E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0E7550BE-02AA-4F3A-B8D1-DE68254995F5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{313274DC-1E42-448A-91D7-6F1C6E023973}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E18BA134-D3D4-49DD-9F79-9463BEC9FDC3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AA3CA270-32A8-4E3C-B3B0-6B7E65FBA5F0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{20587FA0-994A-4D75-92D0-21C940414879}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2FB993C0-A916-47DD-BF96-1CAA6759FD71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6E1CBB9-9D7A-49A1-A067-3ACBDC15EAD8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{805C97F8-F13D-4553-8A50-F22B4540C79B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{651CFE4D-6770-460D-A594-6B4CB5C87EB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{D0C60882-8AA6-49D8-BDF3-78451AEE6AAF}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [UDP Query User{435F00E3-2DD2-4CD7-8D61-9F53255F98AD}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [{1C12D3AF-A84C-4C1D-8FF7-8A9DA62661D1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C4D143DA-00EA-4B02-BFB6-F41418E8B665}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{6BD7A0E3-94C9-4DFB-B0C0-C70F686D65E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-06-2017 21:21:46 Scheduled Checkpoint
29-06-2017 21:16:12 Windows Update
08-07-2017 12:43:32 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/09/2017 01:18:38 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/09/2017 01:18:38 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/09/2017 01:18:38 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/09/2017 01:14:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerDVD14Agent.exe, version: 14.0.3.6129, time stamp: 0x56aad9cd
Faulting module name: BoomerangLib.dll_unloaded, version: 3.0.0.5812, time stamp: 0x561b637e
Exception code: 0xc0000005
Fault offset: 0x00001000
Faulting process id: 0x1f9c
Faulting application start time: 0x01d2f87219129873
Faulting application path: C:\Program Files (x86)\Cyberlink\PowerDVD14\PowerDVD14Agent.exe
Faulting module path: BoomerangLib.dll
Report Id: 713d921a-06ff-4204-9ff1-ba2b094af21b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/09/2017 01:11:47 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
 
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
Executing Function:  WIDomainPowerControlCapabilityChanged::execute
Message:  Unhandled exception caught during execution of work item
Framework Event:  DomainPowerControlCapabilityChanged [19]
Participant:  TCPU [1]
Policy:  Passive Policy 2 [2]
Exception Function:  Policy::executeDomainPowerControlCapabilityChanged
Exception Text:  
Could not find client in directory.
 
Error: (07/09/2017 01:11:47 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
 
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
Executing Function:  WIDomainPerformanceControlCapabilityChanged::execute
Message:  Unhandled exception caught during execution of work item
Framework Event:  DomainPerformanceControlCapabilityChanged [17]
Participant:  TCPU [1]
Policy:  Passive Policy 2 [2]
Exception Function:  Policy::executeDomainPerformanceControlCapabilityChanged
Exception Text:  
Could not find client in directory.
 
Error: (07/09/2017 01:11:47 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
 
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
Executing Function:  WIDomainPerformanceControlCapabilityChanged::execute
Message:  Unhandled exception caught during execution of work item
Framework Event:  DomainPerformanceControlCapabilityChanged [17]
Participant:  TCPU [1]
Policy:  Passive Policy 2 [2]
Exception Function:  Policy::executeDomainPerformanceControlCapabilityChanged
Exception Text:  
Could not find client in directory.
 
Error: (07/09/2017 01:11:46 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
 
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [2]
 
Error: (07/09/2017 01:11:46 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
 
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Critical Policy [1]
 
Error: (07/09/2017 12:18:58 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
 
DPTF Build Version:  8.1.10605.221
DPTF Build Date:  Oct 23 2015 12:24:15
Source File:  ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
Executing Function:  WIDomainPowerControlCapabilityChanged::execute
Message:  Unhandled exception caught during execution of work item
Framework Event:  DomainPowerControlCapabilityChanged [19]
Participant:  TCPU [1]
Policy:  Passive Policy 2 [2]
Exception Function:  Policy::executeDomainPowerControlCapabilityChanged
Exception Text:  
Could not find client in directory.
 
 
System errors:
=============
Error: (07/09/2017 01:15:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (07/09/2017 01:14:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (07/09/2017 01:14:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 2 0xdeaddeed 0xeeec
 
Error: (07/09/2017 01:14:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 
Error: (07/09/2017 01:12:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2017 01:12:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfemms service.
 
Error: (07/09/2017 01:12:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfemms service.
 
Error: (07/09/2017 01:12:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 0028841499385227mcinstcleanup service to connect.
 
Error: (07/09/2017 01:11:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/09/2017 01:11:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:15:42 AM on ‎7/‎9/‎2017 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-09 01:28:48.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-09 01:28:48.908
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 20:04:06.459
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 20:04:06.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 18:30:00.071
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 18:30:00.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-28 16:52:33.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-28 16:52:33.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 8046.91 MB
Available physical RAM: 4350.68 MB
Total Virtual: 9326.91 MB
Available Virtual: 5350.65 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:914.6 GB) (Free:835.82 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.68 GB) (Free:1.86 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (CAM2014-17) (Removable) (Total:14.83 GB) (Free:1.48 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by frogg25, 08 July 2017 - 11:50 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,748 posts
  • MVP

Uninstall

 

Bonjour

 

It appears that McAfee may be the cause of your problem.

I assume you have a license for McAfee.  Make sure you save it first then download a new copy of McAfee Anti-Virus and Anti-Spyware.  Also download  McAfee Consumer Product Removal tool.

 

Follow the steps in: https://service.mcaf...31400385075713#!

 

Another possibility is the Intel® Dynamic Platform and Thermal Framework software which was probably updated by Windows recently.  The last version appears to have major problems so go to your PC maker's support website and get the one they have for your PC.  Uninstall the one you have, reboot and reinstall.

 

I would also uninstall FocalFilter

 

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  

     

    Then rerun FRST and check Addition.txt then SCAN.  Post both logs.  


    • 0

    #3
    frogg25

    frogg25

      Member

    • Topic Starter
    • Member
    • PipPip
    • 33 posts
    Hi,
    So, I downloaded Adware and it looks a lot different than the image you have. Plus, it's dfferent info. Is this correct? 
      I can't figure out how to even attach a screen shot. I'm pretty clueless here. Also I couldn't figure out any of the suggestions above the Adware instructions. 
    Is there a simpler way?
    
     Thanks again

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,748 posts
    • MVP

    Sorry it looks like this now:

     

    adwc.JPG

     

    MBAM bought them out and changed the start of it.  Just click on the SCAN button.

     

    Once it finishes, click on the Clean button. Once that finishes, click on the Logfile buton.  then double click on the last log in the list.  That should open the log in notepad.  Ctrl + a to select all of the text.  Ctrl + c to copy the selected text.  Move to a Reply.  Ctrl + v to paste it into a reply.

     

    If you need to make a screen shot, search for

     

    snipping tool

     

    and hit Enter.  Then draw a box around what you want to save and then Save As to someplace you can find it like your desktop, give it a name and save it as type jpg.  Then

     First click on More Reply Options

    Then scroll down to where you see
    Choose File and click on it.  Point it at the file and hit Open.
    Now click on Attach this file.

    • 0

    #5
    frogg25

    frogg25

      Member

    • Topic Starter
    • Member
    • PipPip
    • 33 posts

    Want to see if I understand this right: For Adware, it says to use the button that says "Download Now @BleepingComputer". But for Junkware-Removal-Tool, it says to use the button that says, "Download Now @Author's site". Is this correct? Sorry; I'm paranoid. Here is the AdWare file :

     

    # AdwCleaner v6.047 - Logfile created 15/07/2017 at 12:47:49

    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-07-13.1 [Server]
    # Operating System : Windows 10 Home  (X64)
    # Username : msnancy - NMS-HPLAPTOP
    # Running from : C:\Users\msnancy\Desktop\AdwCleaner.exe
    # Mode: Scan
     
     
     
    ***** [ Services ] *****
     
    No malicious services found.
     
     
    ***** [ Folders ] *****
     
    Folder Found:  C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
    Folder Found:  C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic
    Folder Found:  C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnbmiailafajdkboegcjcdklooomfic
     
     
    ***** [ Files ] *****
     
    File Found:  C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
    File Found:  C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
    File Found:  C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jnnbmiailafajdkboegcjcdklooomfic_0.localstorage
    File Found:  C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jnnbmiailafajdkboegcjcdklooomfic_0.localstorage-journal
     
     
    ***** [ DLL ] *****
     
    No malicious DLLs found.
     
     
    ***** [ WMI ] *****
     
    No malicious keys found.
     
     
    ***** [ Shortcuts ] *****
     
    No infected shortcut found.
     
     
    ***** [ Scheduled Tasks ] *****
     
    No malicious task found.
     
     
    ***** [ Registry ] *****
     
    No malicious registry entries found.
     
     
    ***** [ Web browsers ] *****
     
    No malicious Firefox based browser items found.
    Chrome pref Found:  [C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
    Chrome pref Found:  [C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
    Chrome pref Found:  [C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.yahoo.com
    Chrome pref Found:  [C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com_
    Chrome pref Found:  [C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - gngocbkfmikdgphklgmmehbjjlfgdemm
    Chrome pref Found:  [C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jnnbmiailafajdkboegcjcdklooomfic
     
    [!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.goog...r/3097271?hl=en[!]
     
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[S0].txt - [2852 Bytes] - [15/07/2017 12:47:49]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2925 Bytes] ##########

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,748 posts
    • MVP

    Either button will work.  I did not write the canned speeches.  Expect they were written by different people.


    • 0

    #7
    frogg25

    frogg25

      Member

    • Topic Starter
    • Member
    • PipPip
    • 33 posts

    Can I resurrect this, or should I repost? I got myself messed up trying to delete Bonjour, then something else I missed earlier in the instructions, and basically got lost. 


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,748 posts
    • MVP

    Make a new FRST scan with Addition.txt checked and post both logs.


    • 0

    #9
    frogg25

    frogg25

      Member

    • Topic Starter
    • Member
    • PipPip
    • 33 posts

    Thanks

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
    Ran by msnancy (administrator) on NMS-HPLAPTOP (13-08-2017 19:36:45)
    Running from C:\Users\msnancy\Desktop
    Loaded Profiles: msnancy (Available Profiles: msnancy)
    Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123219.inf_amd64_f9a6dca370cdef98\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    () C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123219.inf_amd64_f9a6dca370cdef98\igfxEM.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    (HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.40795.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.40795.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McAMTaskAgent.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853760 2016-03-28] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
    HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
    HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-10] (Dropbox, Inc.)
    HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48616 2015-07-21] (CenturyLink Inc)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
    HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FocalFilterHelper.lnk [2017-02-12]
    ShortcutTarget: FocalFilterHelper.lnk -> C:\Program Files (x86)\FocalFilter\FocalFilterHelper.exe (Microsoft)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-07-14]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-02-01]
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-08-07]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
    Tcpip\..\Interfaces\{15c629a5-c976-4d38-9439-bbc709bfbcf4}: [DhcpNameServer] 192.168.0.1 205.171.2.226
    Tcpip\..\Interfaces\{b3104797-83c1-4757-b734-b2ddce4ef94e}: [DhcpNameServer] 192.168.0.1 205.171.2.226
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-05] (Microsoft Corporation)
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-15] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-15] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-05] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-05] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-05] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-05] (Microsoft Corporation)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-11-21] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-11-21] (McAfee, Inc.)
     
    FireFox:
    ========
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-10-24] [not signed]
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-21] ()
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-25] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://www.duckduckgo.com/
    CHR StartupUrls: Default -> "hxxp://google.com/","hxxps://forecast.weather.gov/MapClick.php?textField1=36.24&textField2=-75.87#.WYr3jFGGPIU"
    CHR NewTab: Default ->  Not-active:"chrome-extension://aobadcdcjhddnkicijcmnpfppjdekplf/stubby.html"
    CHR DefaultSearchKeyword: Default -> ls
    CHR Profile: C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
    CHR Extension: (Google Slides) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-08]
    CHR Extension: (Ancient History Encyclopedia) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2017-01-16]
    CHR Extension: (Gojee Food) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2017-01-16]
    CHR Extension: (RadioRage) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobadcdcjhddnkicijcmnpfppjdekplf [2017-05-23]
    CHR Extension: (Google Docs) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-08]
    CHR Extension: (Google Drive) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-08]
    CHR Extension: (Open with Microsoft Office Online Viewer) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcknfcclbcpdeopdopomkdbjmldgdeld [2017-01-16]
    CHR Extension: (TV) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-01-16]
    CHR Extension: (Quizlet) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2017-01-16]
    CHR Extension: (YouTube) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-10]
    CHR Extension: (Honey) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-11]
    CHR Extension: (GeoGebra Math Apps) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2017-01-16]
    CHR Extension: (CoastalAir-17) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciambokcolnkdpheogpkdcelmmbinhen [2017-05-23]
    CHR Extension: (Lucidchart Diagrams - Desktop) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj [2017-07-22]
    CHR Extension: (Adobe Acrobat) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
    CHR Extension: (Harvest Time Tracker) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpiglieekigmkeebmeohkelfpjjlaia [2017-07-12]
    CHR Extension: (Google Sheets) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
    CHR Extension: (SearchBar) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed [2017-02-13]
    CHR Extension: (Full Screen Weather) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2017-01-16]
    CHR Extension: (Lazy Scholar) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpbdcofpbclblalghaepibbagkkgpkak [2017-05-18]
    CHR Extension: (BriefTube - Instant video summarizer) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfckdcbnnkobldfaefmhaigdolfniill [2017-07-31]
    CHR Extension: (Google Docs Offline) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-10]
    CHR Extension: (Planetarium) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2017-01-16]
    CHR Extension: (Save to Google Drive) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-09-17]
    CHR Extension: (SwagButton) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2017-07-15]
    CHR Extension: (SuperSorter) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2017-01-25]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-08-08]
    CHR Extension: (Kami - PDF and Document Markup) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljojpiodmlhoehoecppliohmplbgeij [2017-03-15]
    CHR Extension: (WeatherBlink) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2017-07-15]
    CHR Extension: (Grammarly for Chrome) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-28]
    CHR Extension: (Little Alchemy) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2017-01-16]
    CHR Extension: (Google Scholar Button) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2017-03-25]
    CHR Extension: (Numerics Calculator & Converter) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2017-01-16]
    CHR Extension: (Google Maps) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-01-16]
    CHR Extension: (Marinara: Pomodoro Timer) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojgmehidjdhhbmpjfamhpkpodfcodef [2017-08-07]
    CHR Extension: (Google Keep Chrome Extension) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-04-22]
    CHR Extension: (Boomerang for Gmail) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-05-16]
    CHR Extension: (Google Play Books) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-01-16]
    CHR Extension: (Wikibuy) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-08-10]
    CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-08-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
    CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2017-01-16]
    CHR Extension: (Cite This For Me: Web Citer) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnmhgkokpalnmbeighfomegjfkklkle [2017-02-14]
    CHR Extension: (Twinword Finder) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\npghlhgagddknpcccbgncondbkdpehof [2017-02-13]
    CHR Extension: (Evernote Web Clipper) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-05-23]
    CHR Extension: (Gmail) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-08]
    CHR Extension: (Chrome Media Router) - C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
    CHR Profile: C:\Users\msnancy\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-09]
    CHR HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S2 0240801502592679mcinstcleanup; C:\WINDOWS\TEMP\024080~1.EXE [961888 2016-05-16] (McAfee, Inc.)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
    S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\ki123219.inf_amd64_f9a6dca370cdef98\IntelCpHeciSvc.exe [303080 2017-07-07] (Intel Corporation)
    S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\ki123219.inf_amd64_f9a6dca370cdef98\IntelCpHDCPSvc.exe [480744 2017-07-07] (Intel Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-20] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-20] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
    R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2016-03-01] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S2 HP Comm Recover; c:\Program Files\HPCommRecovery\HPCommRecovery.exe [44032 2016-03-02] (HP Inc.) [File not signed]
    S2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\ki123219.inf_amd64_f9a6dca370cdef98\igfxCUIService.exe [341480 2017-07-07] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
    S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-07] (Intel Corporation)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [994848 2016-11-21] (McAfee, Inc.)
    S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [352104 2015-09-29] (McAfee, Inc.)
    R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
    S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
    R3 mfevtp; C:\windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.)
    S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
    R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
    R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [473088 2016-06-27] (Livescribe) [File not signed]
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-03-28] (Realtek Semiconductor)
    R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-09-08] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-04-26] (Synaptics Incorporated)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2016-03-01] (Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2016-03-01] (Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2016-03-01] (Intel Corporation)
    R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [49456 2015-08-20] (Intel)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
    S0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
    R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\ki123219.inf_amd64_f9a6dca370cdef98\igdkmd64.sys [11070440 2017-07-07] (Intel Corporation)
    R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [134456 2015-08-31] (Intel)
    R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [69936 2015-08-31] (Intel)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
    R1 MpKsl9707a1bf; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66B2585F-6249-4D07-B82C-39EFF1A3E38B}\MpKsl9707a1bf.sys [44928 2017-08-12] (Microsoft Corporation)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7218176 2017-03-18] (Intel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-03-01] (Realtek )
    R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [758488 2016-03-01] (Realsil Semiconductor Corporation)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-04-26] (Synaptics Incorporated)
    R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [31280 2016-01-28] (Intel Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-08-13 19:23 - 2017-08-13 19:23 - 000058069 _____ C:\Users\msnancy\Desktop\Addition.txt
    2017-08-13 19:22 - 2017-08-13 19:36 - 000034536 _____ C:\Users\msnancy\Desktop\FRST.txt
    2017-08-13 19:17 - 2017-08-13 19:36 - 000000000 ____D C:\FRST
    2017-08-13 18:48 - 2017-08-13 18:48 - 001388448 _____ C:\Users\Public\ASR.dat
    2017-08-13 11:39 - 2017-08-13 11:39 - 000000000 ___HD C:\OneDriveTemp
    2017-08-13 11:39 - 2017-08-13 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2017-08-12 20:01 - 2017-08-12 22:00 - 000000000 ____D C:\Users\msnancy\Documents\mom
    2017-08-11 09:52 - 2017-08-11 09:52 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2017-08-11 09:48 - 2017-08-11 09:48 - 000000020 ___SH C:\Users\msnancy\ntuser.ini
    2017-08-11 09:42 - 2017-07-12 00:39 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2017-08-11 09:35 - 2017-08-11 09:38 - 000007623 _____ C:\WINDOWS\diagwrn.xml
    2017-08-11 09:35 - 2017-08-11 09:38 - 000007623 _____ C:\WINDOWS\diagerr.xml
    2017-08-11 08:29 - 2017-08-11 04:46 - 000000000 ____D C:\Windows.old
    2017-08-11 08:28 - 2017-08-11 08:28 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2017-08-11 08:28 - 2017-08-11 04:38 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2017-08-11 08:25 - 2017-08-11 08:25 - 000000000 ____D C:\Program Files\Reference Assemblies
    2017-08-11 08:25 - 2017-08-11 08:25 - 000000000 ____D C:\Program Files\MSBuild
    2017-08-11 08:25 - 2017-08-11 08:25 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2017-08-11 08:25 - 2017-08-11 08:25 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2017-08-11 08:24 - 2017-02-10 15:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2017-08-11 08:24 - 2017-02-10 15:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2017-08-11 08:24 - 2017-02-10 15:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2017-08-11 08:24 - 2017-02-10 15:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2017-08-11 08:24 - 2017-02-10 15:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2017-08-11 08:24 - 2017-02-10 15:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2017-08-11 05:01 - 2017-08-13 18:46 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{246F7333-F635-4AEC-8B75-00BC04B7434B}
    2017-08-11 05:01 - 2017-08-12 23:51 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
    2017-08-11 05:01 - 2017-08-11 09:57 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1037992593-1840114212-2236592287-1001
    2017-08-11 05:01 - 2017-08-11 09:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-08-11 05:01 - 2017-08-11 05:02 - 000003462 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2017-08-11 05:01 - 2017-08-11 05:02 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-08-11 05:01 - 2017-08-11 05:02 - 000003238 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2017-08-11 05:01 - 2017-08-11 05:02 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
    2017-08-11 05:01 - 2017-08-11 05:02 - 000003040 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
    2017-08-11 05:01 - 2017-08-11 05:02 - 000002808 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormsnancy
    2017-08-11 05:01 - 2017-08-11 05:02 - 000002654 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine
    2017-08-11 05:01 - 2017-08-11 05:02 - 000002582 _____ C:\WINDOWS\System32\Tasks\{CA8A3673-B0AC-41D5-863C-E1C5214CF2ED}
    2017-08-11 05:01 - 2017-08-11 05:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2017-08-11 05:01 - 2017-08-11 05:01 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-08-11 05:01 - 2017-08-11 05:01 - 000003132 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
    2017-08-11 05:01 - 2017-08-11 05:01 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-08-11 05:01 - 2017-08-11 05:01 - 000002674 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
    2017-08-11 05:01 - 2017-08-11 05:01 - 000002542 _____ C:\WINDOWS\System32\Tasks\HPDAS
    2017-08-11 05:01 - 2017-08-11 05:01 - 000002470 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
    2017-08-11 05:01 - 2017-08-11 05:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
    2017-08-11 05:01 - 2017-08-11 05:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\HP
    2017-08-11 05:01 - 2017-08-11 05:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
    2017-08-11 05:01 - 2017-08-11 05:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2017-08-11 04:59 - 2017-08-11 09:51 - 000980074 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-08-11 04:52 - 2017-08-11 04:52 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-08-11 04:49 - 2017-08-11 04:49 - 000000000 ____D C:\ProgramData\USOShared
    2017-08-11 04:45 - 2017-08-11 04:53 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2017-08-11 04:43 - 2017-08-11 09:51 - 000000000 ____D C:\Users\msnancy
    2017-08-11 04:41 - 2017-08-11 04:41 - 000017564 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2017-08-11 04:41 - 2017-08-11 04:41 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
    2017-08-11 04:41 - 2017-08-11 04:41 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
    2017-08-11 04:41 - 2017-08-11 04:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
    2017-08-11 04:41 - 2017-08-11 04:41 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-08-11 04:41 - 2017-08-11 04:41 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
    2017-08-11 04:41 - 2017-08-11 04:41 - 000000000 ____D C:\Program Files\Synaptics
    2017-08-11 04:41 - 2017-08-11 04:41 - 000000000 ____D C:\Program Files\Realtek
    2017-08-11 04:41 - 2017-08-11 04:41 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2017-08-11 04:41 - 2017-07-07 01:04 - 000113664 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2017-08-11 04:41 - 2017-07-07 01:04 - 000104448 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
    2017-08-11 04:41 - 2017-03-18 16:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2017-08-11 04:41 - 2016-11-22 20:23 - 000271648 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2017-08-11 04:41 - 2016-11-22 20:23 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2017-08-11 04:41 - 2016-11-22 20:22 - 000265504 _____ C:\WINDOWS\system32\vulkan-1.dll
    2017-08-11 04:41 - 2016-11-22 20:22 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2017-08-11 04:40 - 2017-08-11 04:53 - 000000000 ____D C:\Program Files\Intel
    2017-08-11 04:40 - 2017-08-11 04:46 - 000000000 ____D C:\Program Files (x86)\Intel
    2017-08-11 04:40 - 2017-08-11 04:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
    2017-08-11 04:40 - 2017-08-11 04:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    2017-08-11 04:40 - 2017-08-11 04:40 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
    2017-08-11 04:38 - 2017-08-13 15:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-08-11 04:38 - 2017-08-11 09:43 - 000417696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-08-10 23:28 - 2017-08-11 04:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-08-10 13:03 - 2017-08-10 13:03 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2017-08-10 13:03 - 2017-08-10 13:03 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2017-08-10 13:03 - 2017-08-10 13:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2017-08-10 13:03 - 2017-08-10 13:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2017-08-10 11:36 - 2017-08-11 09:42 - 000000000 ___DC C:\WINDOWS\Panther
    2017-08-08 16:48 - 2017-08-08 16:48 - 000887210 _____ C:\Users\msnancy\Documents\2B_Master Hours TL_20170808_0001.pdf
    2017-08-08 16:45 - 2017-08-08 16:45 - 000000000 ____D C:\Users\msnancy\RECEIVED CHKS
    2017-08-07 21:25 - 2017-08-07 21:25 - 000000000 ____D C:\Users\msnancy\Documents\OneNote Notebooks
    2017-08-07 09:00 - 2017-08-07 09:00 - 000000954 _____ C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Program Files (x86).lnk
    2017-08-07 08:58 - 2017-08-07 08:58 - 000000924 _____ C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Program Files.lnk
    2017-07-28 16:05 - 2017-07-28 16:05 - 000000046 _____ C:\Users\msnancy\Documents\stocks chad talk.txt
    2017-07-27 11:07 - 2017-07-27 11:12 - 000000000 ____D C:\Users\msnancy\Documents\WHERE I KEEP THINGS
    2017-07-26 13:12 - 2017-07-26 13:12 - 000000000 ____D C:\Users\msnancy\AppData\Local\UNP
    2017-07-26 10:14 - 2017-08-11 04:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-07-26 10:12 - 2017-08-11 04:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-07-26 10:12 - 2017-07-26 10:12 - 000001829 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-07-26 10:11 - 2017-07-26 10:12 - 000000000 ____D C:\Program Files\iTunes
    2017-07-26 10:11 - 2017-07-26 10:11 - 000000000 ____D C:\Program Files\iPod
    2017-07-24 23:43 - 2017-07-24 23:43 - 000000296 _____ C:\Users\msnancy\Documents\Bell_chord.mid
    2017-07-18 23:38 - 2017-07-18 23:38 - 000014604 _____ C:\Users\msnancy\Documents\Book1.xlsx
    2017-07-15 16:40 - 2017-07-15 16:40 - 000003004 _____ C:\Users\msnancy\Desktop\AdwCleaner[S0].txt
    2017-07-15 16:40 - 2017-07-15 16:40 - 000002823 _____ C:\Users\msnancy\Desktop\AdwCleaner[C0].txt
    2017-07-14 21:25 - 2017-07-15 15:28 - 000000000 ____D C:\AdwCleaner
    2017-07-14 21:05 - 2017-07-14 21:19 - 004110280 _____ C:\Users\msnancy\Desktop\AdwCleaner.exe
    2017-07-14 19:08 - 2017-08-11 04:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2017-07-14 19:08 - 2017-07-14 19:08 - 000000000 ____D C:\ProgramData\McAfee Security Scan
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-08-13 13:41 - 2017-07-09 01:28 - 002395648 _____ (Farbar) C:\Users\msnancy\Desktop\FRST64.exe
    2017-08-13 11:39 - 2016-11-05 14:32 - 000000000 ___RD C:\Users\msnancy\OneDrive - ECSU
    2017-08-13 11:36 - 2016-09-08 18:26 - 000000000 __SHD C:\Users\msnancy\IntelGraphicsProfiles
    2017-08-12 23:51 - 2016-06-13 00:22 - 000000000 ____D C:\ProgramData\McAfee
    2017-08-12 22:57 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
    2017-08-12 20:26 - 2016-10-26 08:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-08-12 20:15 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-08-12 19:46 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-08-12 19:46 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-08-11 18:53 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-08-11 12:27 - 2016-10-20 22:00 - 000000000 ____D C:\Users\msnancy\Documents\HOMESTEAD
    2017-08-11 10:26 - 2016-09-08 18:26 - 000000000 ____D C:\Users\msnancy\AppData\Local\Packages
    2017-08-11 09:59 - 2016-10-14 16:28 - 000000000 ____D C:\Users\msnancy\AppData\Local\ConnectedDevicesPlatform
    2017-08-11 09:57 - 2016-09-08 18:29 - 000002423 _____ C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-08-11 09:53 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2017-08-11 09:49 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-08-11 09:49 - 2015-11-02 14:02 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-08-11 09:43 - 2017-03-18 07:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2017-08-11 09:41 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
    2017-08-11 09:39 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\Registration
    2017-08-11 09:39 - 2017-03-18 07:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2017-08-11 09:35 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2017-08-11 08:37 - 2017-03-18 17:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2017-08-11 08:29 - 2017-03-18 17:06 - 000000000 ____D C:\WINDOWS\Setup
    2017-08-11 05:02 - 2017-03-18 22:31 - 000000000 ____D C:\WINDOWS\HoloShell
    2017-08-11 05:02 - 2016-10-13 22:22 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
    2017-08-11 05:01 - 2017-03-18 17:03 - 000000000 __RSD C:\WINDOWS\Media
    2017-08-11 05:01 - 2017-03-18 17:03 - 000000000 __RHD C:\Users\Public\Libraries
    2017-08-11 04:57 - 2016-09-08 19:21 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-11 04:57 - 2015-11-03 02:05 - 000889694 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2017-08-11 04:53 - 2017-06-04 20:06 - 000000000 ____D C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POM-QM for Windows 5
    2017-08-11 04:53 - 2017-05-17 20:55 - 000000000 ____D C:\WINDOWS\system32\UNP
    2017-08-11 04:53 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-08-11 04:53 - 2017-03-12 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
    2017-08-11 04:53 - 2017-03-12 16:45 - 000000000 ____D C:\WINDOWS\system32\1033
    2017-08-11 04:53 - 2017-03-12 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Redshift ODBC Driver (64-bit)
    2017-08-11 04:53 - 2017-02-26 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livescribe
    2017-08-11 04:53 - 2017-02-12 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FocalFilter
    2017-08-11 04:53 - 2017-02-02 01:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-08-11 04:53 - 2017-01-21 17:33 - 000000000 ____D C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACL Desktop Education Edition
    2017-08-11 04:53 - 2017-01-16 14:35 - 000000000 ____D C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    2017-08-11 04:53 - 2017-01-14 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
    2017-08-11 04:53 - 2016-10-25 16:16 - 000000000 ____D C:\WINDOWS\system32\STRING
    2017-08-11 04:53 - 2016-10-25 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series User Registration
    2017-08-11 04:53 - 2016-10-25 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series Manual
    2017-08-11 04:53 - 2016-10-22 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink
    2017-08-11 04:53 - 2016-10-16 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
    2017-08-11 04:53 - 2016-09-11 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\focus booster
    2017-08-11 04:53 - 2016-09-09 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2017-08-11 04:53 - 2016-06-13 00:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2017-08-11 04:53 - 2016-06-13 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2017-08-11 04:53 - 2016-06-13 00:03 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2017-08-11 04:53 - 2016-05-10 11:57 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2017-08-11 04:49 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\USOPrivate
    2017-08-11 04:47 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\spool
    2017-08-11 04:47 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-08-11 04:47 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-08-11 04:47 - 2016-06-13 00:02 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
    2017-08-11 04:47 - 2016-05-10 11:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
    2017-08-11 04:46 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-08-11 04:46 - 2017-01-21 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    2017-08-11 04:46 - 2016-10-25 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    2017-08-11 04:46 - 2016-06-12 23:56 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2017-08-11 04:42 - 2017-03-18 07:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2017-08-11 04:08 - 2017-07-11 02:54 - 000000000 ___HD C:\$WINDOWS.~BT
    2017-08-10 23:29 - 2016-05-10 11:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2017-08-10 12:58 - 2017-04-26 11:52 - 000000000 ____D C:\Users\msnancy\Documents\ECSU
    2017-08-10 11:08 - 2016-09-22 22:10 - 000000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormsnancy.job
    2017-08-10 04:31 - 2017-01-14 16:27 - 000000000 ____D C:\Users\msnancy\Documents\HEALTH
    2017-08-10 04:30 - 2017-01-14 16:27 - 000000000 ____D C:\Users\msnancy\Documents\DIABETES
    2017-08-09 08:19 - 2016-09-09 20:35 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-08-09 08:15 - 2016-09-09 20:35 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-08-09 07:38 - 2017-05-06 19:17 - 000000000 ____D C:\Users\msnancy\Documents\COMPUTER
    2017-07-31 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-07-31 11:15 - 2017-03-18 17:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-07-29 21:16 - 2017-07-08 11:43 - 000000000 ____D C:\Users\msnancy\Documents\HAIR
    2017-07-28 20:39 - 2016-05-10 09:49 - 000000000 ____D C:\SWSetup
    2017-07-27 10:00 - 2016-05-10 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-07-15 20:28 - 2016-10-20 07:18 - 000000000 ____D C:\Users\msnancy\AppData\Local\Dropbox
    2017-07-15 17:43 - 2017-03-13 16:22 - 000000000 ____D C:\Program Files\Bonjour
    2017-07-15 11:14 - 2017-06-02 18:47 - 000000100 _____ C:\Users\msnancy\Documents\mom Twiford.txt
    2017-07-14 19:08 - 2016-10-26 09:18 - 000000000 ____D C:\Program Files\McAfee Security Scan
    2017-07-14 19:08 - 2016-10-26 08:48 - 000002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
     
    ==================== Files in the root of some directories =======
     
    2017-01-14 17:29 - 2017-01-14 17:30 - 000000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
     
    Files to move or delete:
    ====================
    C:\Users\Public\ASR.dat
     
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-08-11 04:38
     
    ==================== End of FRST.txt ============================
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
    Ran by msnancy (13-08-2017 19:37:19)
    Running from C:\Users\msnancy\Desktop
    Windows 10 Home Version 1703 (X64) (2017-08-11 13:44:41)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1037992593-1840114212-2236592287-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1037992593-1840114212-2236592287-503 - Limited - Disabled)
    Guest (S-1-5-21-1037992593-1840114212-2236592287-501 - Limited - Disabled)
    msnancy (S-1-5-21-1037992593-1840114212-2236592287-1001 - Administrator - Enabled) => C:\Users\msnancy
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-60bcb449-41aa-4f8e-b9b8-586f50a466ab) (Version: 3.0.2.118 - WildTangent) Hidden
    ACL Desktop Education Edition (HKLM-x32\...\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}) (Version: 9.0.0.243 - ACL Software)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
    Amazon Redshift ODBC Driver 64-bit (HKLM\...\{788C401A-726B-4CE7-8BC2-89FD7967A6ED}) (Version: 1.2.7 - Amazon Corporate LLC)
    Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
    Awakening: The Dreamless Castle (HKLM-x32\...\WTA-819fa2cf-7699-4053-887e-1a741e82c021) (Version: 3.0.2.51 - WildTangent) Hidden
    Azkend 2: The World Beneath (HKLM-x32\...\WTA-e688789e-6324-42a9-a8d0-0653876e3bd0) (Version: 2.2.0.98 - WildTangent) Hidden
    Barn Yarn Collector's Edition (HKLM-x32\...\WTA-f38df94d-dab3-4157-a62d-af21fa51ad18) (Version: 3.0.2.48 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
    Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.01 - Canon Inc.)
    Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
    Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
    CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
    CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
    Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-180ba563-3c37-46df-883e-12570e1f2933) (Version: 3.0.2.59 - WildTangent) Hidden
    DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Echo Desktop (HKLM-x32\...\Echo Desktop 3.0.4) (Version: 3.0.4 - Livescribe Inc)
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    Entwined: The Perfect Murder (HKLM-x32\...\WTA-ac1d278d-c4f2-4b98-919f-27dcf35ed85c) (Version: 3.0.2.59 - WildTangent) Hidden
    Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
    Excel QM v5.2 (HKLM-x32\...\{4F1155FD-9C2B-4C73-94BD-0EEDDDEDECEE}) (Version: 5.2.112 - Pearson)
    FocalFilter (HKLM-x32\...\{78156F61-016D-402A-9EF9-C2AA253DB22A}) (Version: 0.9.00 - FocalFilter)
    focus booster version 2.2.0 (HKLM-x32\...\{4A8CD634-78D6-4A35-9D1E-98CCBD11910B}_is1) (Version: 2.2.0 - focus booster)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Green City: Go South (HKLM-x32\...\WTA-1bb75a08-91c7-4ec6-b6d3-5ad97f194f10) (Version: 3.0.2.59 - WildTangent) Hidden
    Home Makeover (HKLM-x32\...\WTA-949aad13-542e-4dea-8930-5ba92a7fffad) (Version: 3.0.2.59 - WildTangent) Hidden
    Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-213027ed-1993-451c-9e82-4c6ce0ed7da3) (Version: 3.0.2.59 - WildTangent) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{6A96E483-C0BD-456F-885B-7A0BAC7430AD}) (Version: 2.21.1 - HP Inc.)
    HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.4.19.3 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
    HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.9 - HP Inc.)
    HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
    HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
    iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
    IGT Slots Fire Rubies (HKLM-x32\...\WTA-5584ab78-1b6e-4226-894e-19be515c31f0) (Version: 3.0.2.59 - WildTangent) Hidden
    Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-9ff89fee-abfb-4b63-a6cf-7fc85d654048) (Version: 3.0.2.59 - WildTangent) Hidden
    Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
    Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
    Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
    Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
    Intel® WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
    Intel® WiDi Software Asset Manager (HKLM-x32\...\{AC8973AF-7F4C-40F4-BFE1-C02FE95ED2C2}) (Version: 3.2.1184 - Intel Corporation) Hidden
    Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
    Intel® Integrated Sensor Solution (HKLM-x32\...\{dab50e7a-3a51-4ce0-9644-131748487cfe}) (Version: 3.0.4.1012 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
    ISS_Drivers_x64 (HKLM\...\{6725DB57-487E-42F9-B986-A3113872FE47}) (Version: 3.0.4.1012 - Intel Corporation) Hidden
    iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
    Jewel Match Snowscapes (HKLM-x32\...\WTA-f43843e4-c8e7-4d5a-992c-4d1e48df5634) (Version: 3.0.2.118 - WildTangent) Hidden
    Little Boy: Walter's Scooter (HKLM-x32\...\WTA-2e9ddbde-af1c-4271-8749-4976d14200a0) (Version: 3.0.2.59 - WildTangent) Hidden
    Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-c230c780-ec32-481a-9aca-668c8b8ad2c3) (Version: 3.0.2.59 - WildTangent) Hidden
    Magic Heroes: Save Our Park (HKLM-x32\...\WTA-509f3083-588d-4197-b7cc-f3266fdd2c0c) (Version: 3.0.2.59 - WildTangent) Hidden
    Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-e28885a9-bda0-49dc-9b46-2c2ac01cae7d) (Version: 3.0.2.59 - WildTangent) Hidden
    McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.190 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.587.1 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
    Plagiarii (HKLM-x32\...\WTA-3f72b9ed-4561-46bf-9e79-9a6a3afa20f5) (Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler 1st Frame (HKLM-x32\...\WTA-949485e7-651f-4df0-a9c0-39bae09c7c02) (Version: 3.0.2.59 - WildTangent) Hidden
    POM-QM for Windows, v5 (HKLM-x32\...\POM-QM for Windows, v5) (Version: 5 - Pearson Education Inc)
    psqlODBC_x64 (HKLM\...\{E80C56AD-5F68-4A6D-8016-FF394E1954FA}) (Version: 09.05.0300 - PostgreSQL Global Development Group)
    PuppetShow: Return to Joyville (HKLM-x32\...\WTA-24496c0d-a263-45b8-88fb-492cd85d4a57) (Version: 3.0.2.126 - WildTangent) Hidden
    Pyro Jump (HKLM-x32\...\WTA-e88c35b2-5197-4e47-9eff-2f65809f7273) (Version: 3.0.2.59 - WildTangent) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7779 - Realtek Semiconductor Corp.)
    Regency Solitaire (HKLM-x32\...\WTA-8bb7e1ba-cace-4dd1-a324-81464820f000) (Version: 3.0.2.126 - WildTangent) Hidden
    Runefall (HKLM-x32\...\WTA-b36067ef-6992-4930-b5c9-b11b3de9a831) (Version: 3.0.2.126 - WildTangent) Hidden
    Rush Hour! Gas Station (HKLM-x32\...\WTA-9d4dd840-6880-4b69-9024-689756b15b3f) (Version: 3.0.2.59 - WildTangent) Hidden
    Sky High Farm (HKLM-x32\...\WTA-e19f62fa-a96b-4185-8f71-bed6e34d64a6) (Version: 3.0.2.59 - WildTangent) Hidden
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.10 - Synaptics Incorporated)
    Tableau 10.2 (10200.17.0216.1925) (HKLM\...\{C7A22BE0-D202-4358-B24F-B1943CFF6F91}) (Version: 10.2.113 - Tableau Software) Hidden
    Tableau 10.2 (10200.17.0216.1925) (HKLM-x32\...\{cd1d4f84-772f-48d8-ad61-de47230b71c1}) (Version: 10.2.113 - Tableau Software)
    Tasty Blue (HKLM-x32\...\WTA-1d11ac47-cea1-44a0-84a6-90749c3fe756) (Version: 3.0.2.59 - WildTangent) Hidden
    The Far Kingdoms (HKLM-x32\...\WTA-35f0afcd-dd2b-460d-bcc3-524e3fd85c74) (Version: 1.1.2.4 - WildTangent) Hidden
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.2 - WildTangent) Hidden
    Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
    WordFlood 1.2 (remove only) (HKLM-x32\...\WordFlood 1.2) (Version:  - )
    XMind 7.5 Update 1 (v3.6.51) (HKLM-x32\...\XMind_is1) (Version: 3.6.51.201607142338 - XMind Ltd.)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-11-21] (McAfee, Inc.)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki123219.inf_amd64_f9a6dca370cdef98\igfxDTCM.dll [2017-07-07] (Intel Corporation)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-11-21] (McAfee, Inc.)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {0F66443C-F5FE-48B6-9333-62316AFC70ED} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
    Task: {1321F9B7-DB69-4B68-9193-A6595CF46786} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.)
    Task: {152C07FD-02F6-4F6F-B5CA-1E43D8259112} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-08] (Google Inc.)
    Task: {2A42076F-519E-4467-BFEC-90784124F570} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {2CB8A607-15E0-495A-940D-13FC050DCDA7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-26] (Microsoft Corporation)
    Task: {2D1AA0F3-F427-43CF-AF85-7F2EED305042} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {2D1F34F3-DC5D-4EF0-A53E-3B127EDCD1C3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
    Task: {34F01C63-17C8-4477-83B6-5AC592F405B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
    Task: {3EC4DC09-1938-4C53-8153-B1A3AF6BB149} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
    Task: {450856C8-FF12-4244-9B5D-F63827151E70} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
    Task: {55DEC307-CB48-4587-9554-387873E159F2} - System32\Tasks\{CA8A3673-B0AC-41D5-863C-E1C5214CF2ED} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\msnancy\Documents\ECSU SP17\ACCT425-01 Financial Auditing\ACL DATA\ACL_9_Software\Install Armond Dalton Data.exe" -d "C:\Users\msnancy\Documents\ECSU SP17\ACCT425-01 Financial Auditing\ACL DATA\ACL_9_Software"
    Task: {697F3DD9-4A25-4BDB-8802-A1C989D41AB9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {6BFBD066-881A-491A-9968-FE868EB1A9C0} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-09-08] (AVAST Software)
    Task: {71FE717E-2EB4-41CD-BE26-03C2581CAC21} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-20] (Dropbox, Inc.)
    Task: {7221A6C8-7FCF-495A-805A-14B51AD91A91} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
    Task: {74304799-DC60-4770-A3E2-D2615A5B7FEA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-26] (Microsoft Corporation)
    Task: {7B77FF4F-0EC4-440E-8F5B-E8C4522D6C6D} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
    Task: {862DB034-AEF0-476D-B81D-F0DAD95FBA9A} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
    Task: {8D3CBF16-187E-46ED-99AC-1DFB19A12453} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-05] ()
    Task: {924F8EDE-10A3-4CCF-A5A2-F297571F57A3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-20] (Dropbox, Inc.)
    Task: {974163B0-D224-4AB2-B642-CF03A18AA0E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
    Task: {979915E7-360D-4A8C-A165-5D55090A9D44} - System32\Tasks\HPCeeScheduleFormsnancy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {9A51B66C-6257-4FFB-8A67-D9A8DB198A20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
    Task: {9CB6E2EE-06B7-4FCF-9965-4C3801FEFFA2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {AADC93A2-685E-4345-9171-36FB89745093} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
    Task: {B8D992A5-FF39-4A78-ADBA-3107D2EF92D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-26] (Microsoft Corporation)
    Task: {BBC77D7F-073B-495F-8DF2-2592E2F1C0A1} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-09-08] (AVAST Software)
    Task: {C476A89B-A8D0-4064-B9D4-910A006FF831} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {CC140023-4B64-4404-B2A3-C0AE92FE8F29} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {CC89A2BC-761C-4A1F-B1F5-9D74046D8966} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-05] ()
    Task: {DD7B3E57-5C49-4368-92AB-AA399D6CC9BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
    Task: {E2ADD2BF-0579-4476-8DB3-EE75C4BB7FF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
    Task: {E95216C9-C55A-4960-BC18-75175CF01FB4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
    Task: {EF4F0473-ED28-40FA-B76F-4D23EFBC774D} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2015-10-23] (HP Development Company, L.P.)
    Task: {EF81E8A6-BA1F-49DB-A918-7644E3C8AD7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\sp80871.exe <==== ATTENTION
    Task: {FFB39212-091C-4982-AA2A-80C388C2E16F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
    Task: {FFDD1E66-45C9-481B-B1D5-87ABD1500B7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-08] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleFormsnancy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
     
    ==================== Shortcuts & WMI ========================
     
    (The entries could be listed to be restored or removed.)
     
     
    ShortcutWithArgument: C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\msnancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Lucidchart Diagrams - Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djejicklhojeokkfmdelnempiecmdomj
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.vudu.com/
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-06-13 00:14 - 2014-04-14 21:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2016-09-08 18:23 - 2016-09-08 18:23 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
    2016-12-24 00:34 - 2016-10-25 01:31 - 000508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll
    2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
    2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
    2017-08-08 08:03 - 2017-08-02 03:39 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\swiftshader\libglesv2.dll
    2017-08-08 08:03 - 2017-08-02 03:39 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\swiftshader\libegl.dll
    2017-06-08 09:59 - 2017-06-08 09:59 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-07-26 15:42 - 2017-07-26 15:43 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
    2017-07-26 15:42 - 2017-07-26 15:43 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
    2017-07-26 15:42 - 2017-07-26 15:43 - 000760832 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
    2017-08-11 10:25 - 2017-08-11 10:26 - 001199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.40795.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
    2017-08-11 10:25 - 2017-08-11 10:26 - 013259464 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.40795.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
    2017-07-16 12:41 - 2017-07-16 12:41 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-07-16 12:41 - 2017-07-16 12:41 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-07-16 12:41 - 2017-07-16 12:41 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-07-16 12:41 - 2017-07-16 12:41 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
    2016-06-27 17:58 - 2016-06-27 17:58 - 000275968 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
    2017-01-13 13:56 - 2017-01-13 13:56 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-07-13 20:50 - 2017-07-13 20:50 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2016-10-31 18:45 - 2016-10-31 18:45 - 000321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
    IE trusted site: HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\...\sharepoint.com -> hxxps://ecsu-files.sharepoint.com
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2015-10-30 03:24 - 2017-07-14 19:08 - 000000873 _____ C:\WINDOWS\system32\Drivers\etc\hosts
     
    0.0.0.1 mssplus.mcafee.com
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1037992593-1840114212-2236592287-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\msnancy\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.0.1 - 205.171.2.226
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    HKLM\...\StartupApproved\Run32: => "CenturyLinkTouchPointAgent"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [{41E74A05-5C07-45F1-8B27-050ECBA7EF34}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{CA0F9AFE-2A89-4A1A-8C9C-924F1C7E1F6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{092A0F02-DF1B-437B-9608-B7DEF8C545FF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [UDP Query User{435F00E3-2DD2-4CD7-8D61-9F53255F98AD}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe
    FirewallRules: [TCP Query User{D0C60882-8AA6-49D8-BDF3-78451AEE6AAF}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe
    FirewallRules: [{651CFE4D-6770-460D-A594-6B4CB5C87EB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{805C97F8-F13D-4553-8A50-F22B4540C79B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C6E1CBB9-9D7A-49A1-A067-3ACBDC15EAD8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{2FB993C0-A916-47DD-BF96-1CAA6759FD71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{20587FA0-994A-4D75-92D0-21C940414879}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AA3CA270-32A8-4E3C-B3B0-6B7E65FBA5F0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{E18BA134-D3D4-49DD-9F79-9463BEC9FDC3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{313274DC-1E42-448A-91D7-6F1C6E023973}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{0E7550BE-02AA-4F3A-B8D1-DE68254995F5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{C7C13E58-C8BB-4842-AF37-40B2A20C41E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{97516B03-4BEC-4AB7-9E18-4FE648FD45A0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{564E720C-487A-44DD-AA67-76F7A4BF127D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{7A7CAF67-1047-49FA-A4FE-7FE404FC3934}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{5482A5CF-9D26-42A9-B07F-37353905CC55}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{B61BF0DB-46F3-4600-94AB-DC96424D2895}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{DBAB9417-2616-4783-91F8-11BCC96B694A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6F277E66-52AC-44E9-BC3D-DAA7A21CB436}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6B94AB5E-DA90-46A3-AF0B-3A5A7BFE11E2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A7E71A89-2B9F-407B-802B-70785573F86C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{01373777-52E4-4A57-88F9-0BF5AF71B667}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
    FirewallRules: [{E61E97B2-1941-4304-A0C6-CB4C6EE1980A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{3678AEE7-7B71-41A2-A4AC-912119582D1E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{A7EF9DFE-2EF8-4819-AC9E-99383ED0535D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{4F1240FE-5561-4D64-8FE9-BC41A606E628}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{4788FE1D-1889-4EFD-8FBB-62DF6FE0778D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{107970F7-ED30-4CE6-A008-1B96AF78C34D}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{F91D113A-88D7-477D-A708-7FF986E5F95E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
    FirewallRules: [{6233A086-7DC3-4B61-8C75-B3FD6AD73FB9}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
    FirewallRules: [{B80D07A1-0423-45A6-9B09-06F106168A30}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
    FirewallRules: [{4C01031C-829E-4C58-B211-21704FA0C935}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{8A722782-0B67-46E7-ADFE-0C91E5DE4D14}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
     
    ==================== Restore Points =========================
     
    11-08-2017 09:42:13 Windows Modules Installer
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (08/13/2017 06:42:17 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPowerControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPowerControlCapabilityChanged [19]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPowerControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 06:42:17 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPerformanceControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPerformanceControlCapabilityChanged [17]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPerformanceControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 06:42:17 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPerformanceControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPerformanceControlCapabilityChanged [17]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPerformanceControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 02:57:05 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPowerControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPowerControlCapabilityChanged [19]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPowerControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 02:57:05 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPerformanceControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPerformanceControlCapabilityChanged [17]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPerformanceControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 02:57:05 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPerformanceControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPerformanceControlCapabilityChanged [17]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPerformanceControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 12:50:37 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPowerControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPowerControlCapabilityChanged [19]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPowerControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 12:50:37 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPerformanceControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPerformanceControlCapabilityChanged [17]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPerformanceControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 12:50:37 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPerformanceControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPerformanceControlCapabilityChanged [17]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPerformanceControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
    Error: (08/13/2017 12:27:22 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
     
    DPTF Build Version:  8.1.10605.221
    DPTF Build Date:  Oct 23 2015 12:24:15
    Source File:  ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
    Executing Function:  WIDomainPowerControlCapabilityChanged::execute
    Message:  Unhandled exception caught during execution of work item
    Framework Event:  DomainPowerControlCapabilityChanged [19]
    Participant:  TCPU [1]
    Policy:  Passive Policy 2 [2]
    Exception Function:  Policy::executeDomainPowerControlCapabilityChanged
    Exception Text:  
    Could not find client in directory.
     
     
    System errors:
    =============
    Error: (08/13/2017 06:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (08/13/2017 03:03:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (08/13/2017 12:50:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (08/13/2017 12:27:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (08/13/2017 12:25:09 AM) (Source: DCOM) (EventID: 10010) (User: NMS-HPLAPTOP)
    Description: The server Windows.Media.Capture.Internal.AppCaptureShell did not register with DCOM within the required timeout.
     
    Error: (08/12/2017 11:09:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (08/12/2017 07:44:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (08/11/2017 11:27:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (08/11/2017 07:54:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (08/11/2017 01:02:39 PM) (Source: DCOM) (EventID: 10010) (User: NMS-HPLAPTOP)
    Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
     
     
    CodeIntegrity:
    ===================================
      Date: 2017-08-13 18:50:07.114
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-13 18:50:07.112
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-13 13:40:40.808
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-13 13:40:40.805
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-13 11:50:04.260
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-13 11:50:04.253
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-12 22:46:20.560
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-12 22:46:20.554
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-12 22:45:24.976
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-08-12 22:45:24.973
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
    Percentage of memory in use: 50%
    Total physical RAM: 8046.91 MB
    Available physical RAM: 3993.46 MB
    Total Virtual: 9326.91 MB
    Available Virtual: 4066.98 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows) (Fixed) (Total:913.8 GB) (Free:827.31 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:15.68 GB) (Free:1.86 GB) NTFS ==>[system with boot components (obtained from drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================

    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,748 posts
    • MVP

    To uninstall Bonjour,

     

    search for:

     

    appwiz.cpl

     

    and hit Enter.  Then find Bonjour, select it and click on Uninstall.

     

    You need to find a newer version of Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation) as the version you have is not happy and is causing a lot of errors.  There is a newer one available you might try:  http://pcsupport.len...nloads/ds118913

     

     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
     
    First click on More Reply Options
    Then scroll down to where you see
    Choose File and click on it.  Point it at the file and hit Open.
    Now click on Attach this file.

    • 0

    Advertisements


    #11
    frogg25

    frogg25

      Member

    • Topic Starter
    • Member
    • PipPip
    • 33 posts
    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 81.78 52 K 8 K 0
    svchost.exe 9.84 83,924 K 78,724 K 3388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    audiodg.exe 2.20 24,620 K 23,784 K 13096
    Interrupts 1.53 0 K 0 K n/a Hardware Interrupts and DPCs
    procexp64.exe 1.35 30,888 K 64,820 K 9964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    SynTPEnh.exe 0.95 7,148 K 22,012 K 4420 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
    SpeechRuntime.exe 0.47 18,044 K 22,648 K 7480 Speech Runtime Executable Microsoft Corporation (Verified) Microsoft Windows
    WWAHost.exe 0.41 63,284 K 58,456 K 15788 Microsoft WWA Host Microsoft Corporation (Verified) Microsoft Windows
    System 0.34 148 K 3,164 K 4
    chrome.exe 0.24 189,356 K 230,708 K 10764 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 0.20 226,784 K 256,276 K 11084 Google Chrome Google Inc. (Verified) Google Inc
    dwm.exe 0.12 40,460 K 46,564 K 4996
    csrss.exe 0.11 2,292 K 5,196 K 1796
    svchost.exe 0.10 21,064 K 36,980 K 3480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    MsMpEng.exe 0.07 200,788 K 154,376 K 3748 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
    chrome.exe 0.05 93,596 K 79,956 K 14616 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 0.02 469,540 K 434,244 K 1312 Google Chrome Google Inc. (Verified) Google Inc
    McSvHost.exe 0.02 33,072 K 34,504 K 5200 McAfee Service Host McAfee, Inc. (Verified) McAfee
    PenCommService.exe 0.02 2,584 K 6,664 K 3824 Livescribe Smartpen Communication Service Livescribe (No signature was present in the subject) Livescribe
    CNMNSST.exe 0.02 1,444 K 7,264 K 10048 Canon IJ Network Scanner Selector EX CANON INC. (Verified) Canon Inc.
    chrome.exe 0.02 71,564 K 75,180 K 4548 Google Chrome Google Inc. (Verified) Google Inc
    McAPExe.exe 0.01 3,016 K 8,644 K 1284 McAfee Access Protection McAfee, Inc. (Verified) McAfee
    explorer.exe 0.01 102,220 K 122,448 K 11040 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    AGSService.exe 0.01 3,704 K 12,332 K 3912 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Systems Incorporated
    services.exe 0.01 12,688 K 12,132 K 952
    svchost.exe 0.01 2,344 K 7,188 K 1832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 0.01 7,764 K 16,316 K 3488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    mfefire.exe 0.01 2,592 K 7,252 K 4660
    AppleMobileDeviceService.exe 0.01 3,636 K 10,488 K 3520 MobileDeviceService Apple Inc. (Verified) Apple Inc.
    iPodService.exe 0.01 2,476 K 7,520 K 7780 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
    svchost.exe 0.01 3,092 K 7,656 K 2524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    WUDFHost.exe < 0.01 7,284 K 6,504 K 1760
    svchost.exe < 0.01 2,296 K 9,792 K 2664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    EvernoteClipper.exe < 0.01 2,732 K 11,624 K 6780 Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
    WUDFHost.exe < 0.01 25,820 K 13,684 K 2728
    vpnsvc.exe < 0.01 3,412 K 11,052 K 3552 (Verified) AVAST Software a.s.
    esif_assist_64.exe < 0.01 1,392 K 4,488 K 15336
    csrss.exe < 0.01 2,176 K 5,336 K 688
    iCloudServices.exe < 0.01 44,188 K 39,628 K 2324 iCloud Services Apple Inc. (Verified) Apple Inc.
    OneDrive.exe < 0.01 33,532 K 39,664 K 8472 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
    spoolsv.exe < 0.01 9,812 K 18,668 K 2244 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    dasHost.exe < 0.01 12,924 K 18,556 K 5896
    iTunesHelper.exe < 0.01 4,084 K 12,892 K 10592 iTunesHelper Apple Inc. (Verified) Apple Inc.
    bcastdvr.exe < 0.01 3,532 K 18,692 K 10348 Broadcast DVR server Microsoft Corporation (Verified) Microsoft Windows
    ZeroConfigService.exe 5,404 K 15,288 K 3560 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
    WmiPrvSE.exe 8,464 K 19,660 K 3104
    wlanext.exe 5,464 K 14,492 K 4552
    WinStore.App.exe Suspended 41,060 K 68,740 K 240 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
    winlogon.exe 2,336 K 7,420 K 2392
    wininit.exe 1,476 K 5,720 K 824
    unsecapp.exe 1,796 K 6,396 K 8156
    taskhostw.exe 8,880 K 20,656 K 7156 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
    TabTip32.exe 1,292 K 4,132 K 14284
    TabTip.exe 4,280 K 13,804 K 2792
    SystemSettingsBroker.exe 6,740 K 22,740 K 9348 System Settings Broker Microsoft Corporation (Verified) Microsoft Windows
    SynTPHelper.exe 1,060 K 4,688 K 9904
    SynTPEnhService.exe 1,240 K 4,024 K 3760 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
    svchost.exe 3,676 K 8,848 K 5944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,216 K 13,908 K 14744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,544 K 10,576 K 3472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,376 K 13,828 K 9024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,260 K 9,564 K 5812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,340 K 15,052 K 15932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,604 K 11,984 K 3016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,800 K 11,600 K 1904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 6,364 K 16,332 K 2940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,540 K 8,660 K 4452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,116 K 12,648 K 2532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,412 K 8,964 K 1676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 13,396 K 26,556 K 500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,028 K 7,980 K 5832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,476 K 18,888 K 3396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 7,496 K 12,500 K 948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,432 K 14,176 K 4408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 6,820 K 8,552 K 3268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 26,028 K 30,956 K 3456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,388 K 6,172 K 676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,948 K 15,728 K 12020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,228 K 9,088 K 9064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 18,552 K 7,348 K 3380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,956 K 6,732 K 3412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,880 K 8,560 K 1808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,696 K 6,596 K 7888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,628 K 5,860 K 2544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 13,288 K 12,704 K 1488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 13,312 K 19,408 K 1204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,900 K 11,100 K 1320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,048 K 7,440 K 3148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,376 K 11,044 K 9180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,692 K 6,852 K 5220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,224 K 11,556 K 2380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,516 K 16,956 K 3404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,060 K 7,268 K 1956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,324 K 4,884 K 3176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,724 K 7,220 K 3420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,292 K 5,056 K 3372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,124 K 12,812 K 3464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,292 K 9,236 K 2712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 6,956 K 14,836 K 2236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,568 K 8,056 K 2440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,800 K 7,284 K 2208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,848 K 6,968 K 2200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,252 K 8,856 K 1484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,312 K 5,320 K 1948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,528 K 9,688 K 1932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,572 K 18,980 K 9556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,360 K 8,284 K 1388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,644 K 5,268 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,404 K 5,096 K 1448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,732 K 6,772 K 1564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,076 K 10,440 K 1428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,192 K 19,004 K 10460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,752 K 18,616 K 13488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,844 K 9,456 K 9520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,064 K 4,004 K 1132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 932 K 3,412 K 412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 7,308 K 26,020 K 7836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,248 K 18,228 K 12684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,780 K 12,840 K 1120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,216 K 8,108 K 9032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,496 K 16,856 K 5908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,348 K 5,396 K 4168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,092 K 6,208 K 10780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,552 K 5,760 K 15320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,312 K 10,044 K 15288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,680 K 5,776 K 2552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,020 K 9,092 K 15200
    svchost.exe 1,904 K 7,252 K 2916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,480 K 6,724 K 4916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,512 K 6,700 K 7272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    SSScheduler.exe 1,360 K 5,212 K 9960 McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee
    smss.exe 460 K 1,028 K 440
    smartscreen.exe 12,516 K 29,340 K 8660 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
    SkypeHost.exe Suspended 4,836 K 232 K 14660 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
    sihost.exe 6,308 K 23,096 K 7900 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
    ShellExperienceHost.exe Suspended 33,832 K 50,592 K 11876 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
    SettingSyncHost.exe 2,312 K 3,536 K 7408 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
    SecurityHealthService.exe 6,520 K 14,904 K 3768 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
    SearchUI.exe Suspended 44,948 K 61,500 K 10252 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
    SearchIndexer.exe 47,240 K 55,092 K 11064 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    RuntimeBroker.exe 23,600 K 44,920 K 5600 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
    RtkNGUI64.exe 8,080 K 12,152 K 6056 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RtkAudioService64.exe 2,112 K 7,468 K 2464 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RichVideo64.exe 1,464 K 5,796 K 3544 RichVideo Module (Verified) CyberLink Corp.
    RegSrvc.exe 1,948 K 7,832 K 3332 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
    RAVBg64.exe 6,120 K 10,184 K 13720
    procexp.exe 3,000 K 10,032 K 14872 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    PresentationFontCache.exe 24,376 K 18,168 K 9308 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
    PEFService.exe 1,620 K 6,828 K 3924 Intel Security PEF Service Intel Security, Inc. (Verified) McAfee
    ONENOTEM.EXE 2,408 K 2,004 K 12072 Send to OneNote Tool Microsoft Corporation (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider) Microsoft Corporation
    OfficeClickToRun.exe 43,020 K 43,964 K 3784 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
    notepad.exe 3,396 K 17,036 K 6072
    notepad.exe 3,348 K 17,096 K 2192
    NisSrv.exe 16,096 K 10,236 K 8640 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
    MSASCuiL.exe 1,892 K 8,752 K 11948 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
    ModuleCoreService.exe 4,936 K 12,872 K 9244 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
    mfevtps.exe 1,932 K 5,088 K 3528 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
    mfevtps.exe 3,520 K 8,764 K 4512
    mfemms.exe 2,240 K 6,432 K 3572 McAfee Management Service McAfee, Inc. (Verified) McAfee
    mfefire.exe 1,880 K 5,124 K 7476 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
    Memory Compression 896 K 292,976 K 1860
    McUICnt.exe 10,344 K 27,752 K 12780 McAfee McAfee, Inc. (Verified) McAfee
    mcshield.exe 141,176 K 20,500 K 1984
    McCSPServiceHost.exe 7,156 K 18,712 K 12584 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
    lsass.exe 8,824 K 16,476 K 972 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
    jhi_service.exe 1,264 K 5,340 K 8628 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
    IntuitUpdateService.exe 12,748 K 2,964 K 8684 Intuit Update Service Intuit Inc. (Verified) Intuit
    igfxEM.exe 3,608 K 11,196 K 7100 igfxEM Module Intel Corporation (Verified) Intel® pGFX
    igfxCUIService.exe 1,672 K 6,620 K 2144 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
    ibtsiva.exe 1,148 K 3,848 K 3792 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel® Wireless Connectivity Solutions
    IAStorDataMgrSvc.exe 23,544 K 35,852 K 4656 IAStorDataSvc Intel Corporation (Verified) Intel® Rapid Storage Technology
    HxTsr.exe Suspended 7,924 K 27,224 K 10916 Microsoft Outlook Communications Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
    HxOutlook.exe Suspended 26,376 K 52,896 K 6640 Microsoft Outlook Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
    HPWMISVC.exe 1,288 K 5,652 K 14388 HP WMI Service HP Inc. (Verified) Hewlett-Packard Company
    HPSupportSolutionsFrameworkService.exe 31,196 K 33,740 K 4696 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
    HPRadioMgr64.exe 1,912 K 8,064 K 12496 HP Radio Manager HP (Verified) Hewlett-Packard
    hpqwmiex.exe 1,984 K 8,712 K 12968 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
    HPMSGSVC.exe 1,520 K 7,512 K 5304 HP Message Service HP Inc. (Verified) Hewlett-Packard Company
    GoogleCrashHandler64.exe 1,588 K 4 K 4572
    GoogleCrashHandler.exe 1,728 K 104 K 7844
    GamesAppIntegrationService.exe 1,480 K 6,536 K 4632 WildTangent Games App Integration Service WildTangent (Verified) WildTangent Inc
    fontdrvhost.exe 3,868 K 6,316 K 13496
    fontdrvhost.exe 4,916 K 2,872 K 604
    FNPLicensingService64.exe 1,900 K 7,236 K 3536 Activation Licensing Service Flexera Software LLC (Verified) Flexera Software LLC
    EvtEng.exe 5,080 K 12,124 K 3348 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
    esif_uf.exe 2,124 K 6,272 K 3360 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
    dllhost.exe 1,772 K 9,056 K 10208 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
    DbxSvc.exe 2,512 K 4,864 K 3740 Dropbox Service Dropbox, Inc. (Verified) Dropbox
    conhost.exe 1,252 K 4,936 K 4644
    chrome.exe 80,884 K 64,352 K 14948 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 46,264 K 50,280 K 8260 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 56,684 K 21,012 K 5716 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 26,384 K 27,252 K 13016 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 26,636 K 25,608 K 9776 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 34,948 K 34,776 K 13292 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 68,984 K 64,888 K 11460 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 35,992 K 32,644 K 14372 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 90,064 K 87,696 K 3260 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 39,592 K 44,824 K 12536 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 60,848 K 43,088 K 3076 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 2,176 K 8,528 K 14800 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 3,568 K 8,744 K 15184 Google Chrome Google Inc. (Verified) Google Inc
    armsvc.exe 2,996 K 12,772 K 3776 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
    APSDaemon.exe 5,828 K 15,180 K 12424 Apple Push Apple Inc. (Verified) Apple Inc.
    ApplicationFrameHost.exe 13,192 K 26,968 K 11096 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
    ApplePhotoStreams.exe 4,756 K 15,432 K 13860 iCloud Photo Stream Apple Inc. (Verified) Apple Inc.

    • 0

    #12
    frogg25

    frogg25

      Member

    • Topic Starter
    • Member
    • PipPip
    • 33 posts

    Completed all the steps, except the file for Bonjuor doesn't show up. I guess I managed to get rid of that. 


    • 0

    #13
    frogg25

    frogg25

      Member

    • Topic Starter
    • Member
    • PipPip
    • 33 posts

    Completed all the steps, except the file for Bonjuor doesn't show up. I guess I managed to get rid of that. 

    Attached Files


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,748 posts
    • MVP

    Let's see what the svchost.exe 9.84  is.

     

     
    Copy the next 2 lines:
     
    TASKLIST /SVC  > \junk.txt
    notepad \junk.txt
     
    Open an Elevated Command Prompt:
    Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
     
    Right click and Paste (or Edit then Paste) and the copied lines should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

    • 0

    #15
    frogg25

    frogg25

      Member

    • Topic Starter
    • Member
    • PipPip
    • 33 posts

    Got an "access is denied" and then "could not find the C:/ junk.txt file. Do you want to create a new one?" 


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP