I let my grandson use my laptop and afterwards noticed lots of popups and programs that I didn't know or install. I tried to remove some -- some wouldn't be removed. and then I did a malwarebytes scan it found 153, so I thought it maybe beyond me to get everything removed like it should but I did select remove selected items...just wanted to make sure and any suggestions on how I can fix his ability to download things without my permission. Thanks.
FRS scan results follows:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by Sharon (administrator) on DESKTOP-U06IMQR (16-07-2017 15:52:40)
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available Profiles: Sharon)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(COMODO) C:\Windows\Temp\ise~cfad3112-27a2-4bd0-9b8f-4bf43f589b51
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Pluto, Inc.) C:\Users\Sharon\AppData\Roaming\Pluto TV\PlutoTV.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Pluto, Inc.) C:\Users\Sharon\AppData\Roaming\Pluto TV\PlutoTV.exe
(Pluto, Inc.) C:\Users\Sharon\AppData\Roaming\Pluto TV\PlutoTV.exe
(Pluto, Inc.) C:\Users\Sharon\AppData\Roaming\Pluto TV\PlutoTV.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-06-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485400 2017-05-24] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [1280000 2017-06-17] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-07-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7c1a8a81-af05-41c4-ac19-f45eb560a0f1}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{db0312ef-785d-440e-ab5a-1a8fb6bcd28e}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {31131775-E7CD-4C3F-ADED-D691CFF30016} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D061717-A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D061717-A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001 -> {31131775-E7CD-4C3F-ADED-D691CFF30016} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001 -> {47513084-4DE9-40B4-BD5C-5B31E5A5BFA4} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US739D20160210&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-02-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-28] (McAfee, Inc.)
FireFox:
========
FF DefaultProfile: ijsf5oci.default
FF ProfilePath: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default [2017-07-16]
FF NewTab: Mozilla\Firefox\Profiles\ijsf5oci.default -> about:home
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ijsf5oci.default -> Bing®
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ijsf5oci.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ijsf5oci.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ijsf5oci.default -> Bing®
FF Homepage: Mozilla\Firefox\Profiles\ijsf5oci.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\ijsf5oci.default -> user_pref("keyword.URL", true);
FF Extension: (ADB Helper) - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\Extensions\[email protected] [2017-05-30]
FF Extension: (Valence) - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\Extensions\[email protected] [2017-05-30]
FF Extension: (CouponXplorer) - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\Extensions\[email protected] [2017-03-16]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\searchplugins\bing-lavasoft.xml [2017-06-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-05-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1227197.dll [2017-02-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0234941496431402mcinstcleanup; C:\WINDOWS\TEMP\023494~1.EXE [1030904 2017-02-09] (McAfee, Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-06-17] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-06-15] (AVG Technologies CZ, s.r.o.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [77472 2017-05-24] (Comodo Security Solutions, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-17] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-18] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-13] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-11-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
R3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [326656 2016-10-15] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-05] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
R4 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25192 2017-06-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314128 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-06-17] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [129776 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102280 2017-06-17] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [570320 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [160008 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [340824 2017-06-17] (AVG Technologies CZ, s.r.o.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-18] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-18] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-18] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-16] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [79960 2016-10-05] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-24] (HP Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-16 15:52 - 2017-07-16 15:54 - 00024413 _____ C:\Users\Sharon\Desktop\FRST.txt
2017-07-16 15:50 - 2017-07-16 15:52 - 00000000 ____D C:\FRST
2017-07-16 15:50 - 2017-07-16 15:50 - 02435584 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64.exe
2017-07-16 15:39 - 2017-07-16 15:39 - 00034913 _____ C:\Users\Sharon\Desktop\malwarebytes 716.txt
2017-07-16 15:35 - 2017-07-16 15:35 - 00001421 _____ C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-07-16 14:45 - 2017-07-16 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-07-16 14:40 - 2017-07-16 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-07-16 14:39 - 2017-07-16 14:39 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-07-16 14:26 - 2017-07-16 14:26 - 00000046 _____ C:\WINDOWS\wininit.ini
2017-07-16 14:20 - 2017-07-16 14:20 - 00000000 ___HD C:\$SysReset
2017-06-26 16:13 - 2017-06-26 16:13 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-06-26 15:27 - 2017-06-26 15:27 - 00000000 ____D C:\WINDOWS\LastGood
2017-06-25 13:35 - 2017-06-25 13:35 - 00000000 ____D C:\Users\Sharon\AppData\Local\Systweak
2017-06-25 13:15 - 2017-06-25 13:15 - 00000000 ____D C:\ProgramData\UniqueId
2017-06-25 13:10 - 2017-06-25 13:10 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.5
2017-06-25 13:05 - 2017-07-16 14:25 - 00000000 ____D C:\Program Files (x86)\COMODO
2017-06-25 13:01 - 2017-07-16 14:26 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Pluto TV
2017-06-25 13:00 - 2017-07-16 14:31 - 00000000 ____D C:\ProgramData\WinZip
2017-06-25 13:00 - 2017-07-16 14:27 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Nico Mak Computing
2017-06-25 12:58 - 2017-06-25 13:23 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Dashlane
2017-06-25 12:56 - 2017-07-16 14:26 - 00000000 ____D C:\Program Files\COMODO
2017-06-25 12:56 - 2017-07-16 14:25 - 00000000 ____D C:\ProgramData\COMODO
2017-06-25 11:41 - 2017-07-16 15:22 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-19 17:08 - 2017-06-19 17:09 - 00000000 ____D C:\Users\Sharon\Documents\BeamNG.drive
2017-06-19 17:08 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-06-19 17:08 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-06-19 17:08 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-06-19 17:07 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-06-19 17:07 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-06-19 17:07 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-06-19 17:07 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-06-19 17:07 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-06-19 17:07 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-06-17 16:05 - 2017-06-19 14:54 - 00750632 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-06-17 16:05 - 2017-06-17 16:05 - 00000000 ____D C:\Users\Sharon\AppData\Local\UnrealEngine
2017-06-17 16:05 - 2017-06-17 16:05 - 00000000 ____D C:\Users\Sharon\AppData\Local\SummerCamp
2017-06-17 16:05 - 2017-06-17 15:42 - 00383016 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-06-17 15:42 - 2017-06-19 16:46 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-17 15:32 - 2017-06-17 15:32 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\AVG
2017-06-17 15:31 - 2017-06-17 15:31 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstm.sys
2017-06-17 15:31 - 2017-06-17 15:31 - 00004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-06-17 15:31 - 2017-06-17 15:30 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-06-17 15:30 - 2017-06-17 15:30 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-06-17 15:29 - 2017-06-17 15:29 - 00000000 ____D C:\Users\Sharon\AppData\Local\Steam
2017-06-17 15:26 - 2017-06-26 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-06-17 15:23 - 2017-06-30 20:53 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-06-17 15:23 - 2017-06-17 15:28 - 00000000 ____D C:\Program Files (x86)\AVG
2017-06-17 15:22 - 2017-07-16 14:30 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2017-06-17 15:22 - 2017-06-17 15:22 - 00000000 ____D C:\Users\Sharon\AppData\Local\WebDiscoverBrowser
2017-06-17 15:21 - 2017-07-16 14:30 - 00000000 ____D C:\Program Files\ByteFence
2017-06-17 15:21 - 2017-06-21 11:36 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-17 15:21 - 2017-06-17 22:36 - 00000000 ____D C:\ProgramData\Avg
2017-06-17 15:21 - 2017-06-17 15:26 - 00000000 ____D C:\Users\Sharon\AppData\Local\AvgSetupLog
2017-06-17 15:21 - 2017-06-17 15:21 - 00000000 ____D C:\Users\Sharon\AppData\Local\Avg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-16 15:44 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-16 15:38 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-16 15:38 - 2016-01-10 05:25 - 00000000 ____D C:\Users\Sharon\AppData\Local\Packages
2017-07-16 15:26 - 2016-10-11 19:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-16 15:00 - 2016-10-11 20:02 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSharon
2017-07-16 15:00 - 2016-06-24 09:58 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSharon.job
2017-07-16 14:42 - 2017-02-23 20:58 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-07-16 14:42 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-16 14:40 - 2016-08-24 00:03 - 00001976 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-07-16 14:40 - 2016-01-17 22:15 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-07-16 14:37 - 2016-11-17 21:43 - 00000000 ____D C:\Users\Sharon\AppData\LocalLow\Mozilla
2017-07-16 14:35 - 2016-06-22 21:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-16 14:33 - 2017-06-14 14:00 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Opera Software
2017-07-16 14:33 - 2017-06-14 14:00 - 00000000 ____D C:\Users\Sharon\AppData\Local\Opera Software
2017-07-16 14:32 - 2016-02-10 19:51 - 00000000 ____D C:\Users\Sharon\AppData\Local\Lavasoft
2017-07-16 14:31 - 2017-04-08 18:17 - 00000000 ____D C:\Users\Sharon\AppData\Local\Razer
2017-07-16 14:31 - 2017-04-03 18:52 - 00000000 ____D C:\ProgramData\Razer
2017-07-16 14:31 - 2017-04-03 18:52 - 00000000 ____D C:\Program Files (x86)\Razer
2017-07-16 14:26 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-16 14:12 - 2016-10-11 19:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-16 14:12 - 2016-01-10 05:25 - 00000000 __SHD C:\Users\Sharon\IntelGraphicsProfiles
2017-06-30 21:16 - 2016-03-18 21:38 - 00001441 _____ C:\Users\Sharon\Desktop\ROBLOX Player.lnk
2017-06-30 21:16 - 2016-03-18 21:38 - 00001256 _____ C:\Users\Sharon\Desktop\ROBLOX Studio.lnk
2017-06-30 21:16 - 2016-03-18 21:38 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-06-30 21:14 - 2016-11-17 20:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-30 21:05 - 2017-05-21 17:13 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-30 21:05 - 2017-05-21 17:13 - 00000000 ____D C:\Program Files\UNP
2017-06-25 15:52 - 2016-01-12 21:57 - 00000000 ____D C:\Users\Sharon\AppData\Local\Roblox
2017-06-21 07:36 - 2017-05-25 15:30 - 01536010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-21 07:29 - 2016-01-09 23:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-21 06:10 - 2016-10-11 19:43 - 00000000 ____D C:\Users\Sharon
2017-06-20 16:28 - 2016-10-11 20:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-20 16:28 - 2016-07-16 02:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-06-20 12:31 - 2016-12-13 20:35 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-20 12:30 - 2016-01-10 05:28 - 00002377 _____ C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 12:30 - 2016-01-10 05:28 - 00000000 ___RD C:\Users\Sharon\OneDrive
2017-06-19 17:03 - 2015-11-05 02:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-17 22:31 - 2016-10-11 20:02 - 00004554 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 22:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 22:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-17 15:22 - 2016-02-10 19:51 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Lavasoft
2017-06-17 15:21 - 2016-02-10 19:51 - 00000000 ____D C:\ProgramData\Lavasoft
2017-06-17 15:21 - 2016-02-10 19:51 - 00000000 ____D C:\Program Files (x86)\Lavasoft
Some files in TEMP:
====================
2017-06-25 13:03 - 2017-06-25 13:05 - 1517120 _____ (Totipe ) C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make(1).exe
2017-06-14 14:00 - 2017-06-14 14:00 - 1517120 _____ (Totipe ) C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make.exe
2017-06-30 20:54 - 2017-07-01 20:24 - 4109176 _____ (COMODO) C:\Users\Sharon\AppData\Local\Temp\ise_installer.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-21 12:59
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by Sharon (16-07-2017 15:55:14)
Running from C:\Users\Sharon\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-12 00:06:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1292175255-3574968239-1866619479-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1292175255-3574968239-1866619479-503 - Limited - Disabled)
Guest (S-1-5-21-1292175255-3574968239-1866619479-501 - Limited - Disabled)
Play ONLY ACCOUNT (S-1-5-21-1292175255-3574968239-1866619479-1002 - Limited - Enabled)
Sharon (S-1-5-21-1292175255-3574968239-1866619479-1001 - Administrator - Enabled) => C:\Users\Sharon
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-d3625e94-c720-4b94-8c74-09b057e0ed93) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.7.197 - Adobe Systems, Inc.)
AVG (HKLM\...\{49AB2080-7813-477F-835E-946DFD2CE4AA}) (Version: 1.201.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-b94a3119-19fc-459d-9f51-9d54cdbea993) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-b38096b1-7889-4e22-8df7-70c8c5608766) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coyote The Outlander (HKLM-x32\...\WTA-44630ad4-7c2a-4b81-b8c9-4111b3322137) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-66b10b72-1454-46aa-9fe9-5cc996e3783b) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-326a0526-cae4-4b57-8ee5-df69c0110f04) (Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-c2a4e491-8e75-4ab6-b6f6-78236c93f6a2) (Version: 3.0.2.59 - WildTangent) Hidden
FMW 1 (HKLM\...\{3F288BE1-12E0-44FD-A534-23EB122C988D}) (Version: 1.212.2 - AVG Technologies) Hidden
Home Makeover (HKLM-x32\...\WTA-831743fd-ebc4-4911-a8dc-10ec3374dfe2) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.7.22.13 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-738d766e-20a9-4432-b7e1-0ede1ccabfcd) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-1033349f-61e4-4240-91eb-8797adecc6dd) (Version: 3.0.2.59 - WildTangent) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.18.110.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Jewel Match Snowscapes (HKLM-x32\...\WTA-a53983e7-7909-428a-ab14-a3b34c7a0ec2) (Version: 3.0.2.118 - WildTangent) Hidden
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-d754cfd7-91c7-4587-9856-a1b44e89c7ec) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-2149e695-53e5-4e0a-9a63-e5e368bb6c81) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-6220c463-af2d-41be-8ae2-0b705bf7e79f) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-b3a60d49-0814-4488-8260-87c6ea00a558) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-ba86689f-0af7-4ff4-9ded-bc5e4a1f52ed) (Version: 3.0.2.59 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.587.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-ecd3d8d3-0c10-4b97-92bb-469bd4874da2) (Version: 3.0.2.59 - WildTangent) Hidden
Plagiarii (HKLM-x32\...\WTA-bebad216-3fc1-4f9b-902c-f7910b131bd9) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-d609b381-98a7-49d2-a1f6-27442b619bc1) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.60 - REALTEK Semiconductor Corp.)
ROBLOX Player for Sharon (HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Sharon (HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Runefall (HKLM-x32\...\WTA-afd529d1-0553-4c3c-8b5a-b37195bb5e76) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-dd6b98f4-4e4a-4d17-9957-026410db0772) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-e7401c1f-4fc0-4f43-835b-412e733ed168) (Version: 3.0.2.59 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers01: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-06-17] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-02-28] (McAfee, Inc.)
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Intel Corporation)
ContextMenuHandlers06: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-06-17] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-02-28] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03082631-06A9-4553-B0EE-EFACA4F21043} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {0DB27CBD-DD22-43D9-BD20-D147B0339CD5} - no filepath
Task: {265D0865-6D32-4188-A698-B825FBC6CB7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {34E405F6-862C-4823-8636-3F91F55FDF90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {456D50D0-EA69-4501-93C7-32682BC829E0} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-06] (McAfee, Inc.)
Task: {4FA3133B-B066-472D-965E-A95D4675430A} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {52761F2B-0C37-4DBE-9A9F-14500AC6AD8F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {59E47931-649D-44E7-999C-0C98B3B3F8FC} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-06] (McAfee, Inc.)
Task: {60C02F1B-716C-4273-80F0-32F5D9E51DE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {61A71910-7A0A-4CA8-B4D1-0639951C1A9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {70779C2E-2E37-4467-8C77-D1BEE7BB90A9} - no filepath
Task: {776A3B53-2009-46FA-B1CD-4214CE75EF61} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sharon\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {821A15F3-530B-4427-841A-21868BD0DB36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {82DF291E-8F81-468E-A4E3-CB675D7CDA2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {83F2C9AC-F73E-4D0F-99E6-089C69BD5B78} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [2015-11-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {87051A63-B490-452C-843C-C7714068BFB1} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {9FB6ABAB-803C-42E1-94A7-029B6E3D42CD} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {AEC3B097-E329-4BCA-BC41-BF8497C5473B} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-06-17] (AVG Technologies CZ, s.r.o.)
Task: {AF8608B7-4826-4BA9-9080-0F7810F3BEC7} - no filepath
Task: {AFE328F8-8BC2-430F-ACC6-8D3D93773CE3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {B04653C1-9C91-4B47-8E35-03CB13EBEC78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {B3E52CC7-42F9-4F85-B2C5-E5C66B523F4A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {BA619889-93D0-4F4E-83B5-35E66FAAFAC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {BE93C2E6-E152-4608-B51E-691324D30E99} - no filepath
Task: {C1531F54-B39B-4D2F-9524-808D5C0147D2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {CC236BC4-5026-4752-9927-5656D254698F} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [2015-11-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D96557D2-62C1-40B0-8875-2505AF4A6DC8} - no filepath
Task: {FC332964-3513-485B-9642-C1A920ABB1E3} - System32\Tasks\HPCeeScheduleForSharon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSharon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/
==================== Loaded Modules (Whitelisted) ==============
2015-11-05 03:27 - 2014-04-14 22:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-13 19:14 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-21 11:46 - 2017-06-21 11:47 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 11:46 - 2017-06-21 11:47 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 11:46 - 2017-06-21 11:47 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 11:46 - 2017-06-21 11:47 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-17 15:21 - 2017-06-17 15:21 - 00025192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-06-17 15:21 - 2017-06-17 15:21 - 00017000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-06-17 15:21 - 2017-06-17 15:21 - 00036968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-10-11 23:25 - 2016-10-11 23:25 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 15:06 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 15:07 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 15:07 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 15:07 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 19:14 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 19:14 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 19:14 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-20 12:39 - 2017-06-20 12:39 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-20 12:39 - 2017-06-20 12:39 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-15 22:10 - 2017-06-15 22:11 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-15 22:10 - 2017-06-15 22:11 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-09 13:12 - 2017-06-09 13:13 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 22:10 - 2017-06-15 22:11 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-02 20:32 - 2016-06-02 20:32 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-15 22:10 - 2017-06-15 22:11 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-04 22:04 - 2017-05-04 22:05 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-04-08 14:44 - 2016-04-08 14:45 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-23 11:34 - 2017-06-23 11:35 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-06-23 11:34 - 2017-06-23 11:36 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-17 15:23 - 2017-06-17 15:22 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-06-25 13:01 - 2017-02-15 11:37 - 01943040 _____ () C:\Users\Sharon\AppData\Roaming\Pluto TV\ffmpeg.dll
2017-06-25 13:01 - 2017-02-15 11:37 - 02263040 _____ () C:\Users\Sharon\AppData\Roaming\Pluto TV\libglesv2.dll
2017-06-25 13:01 - 2017-02-15 11:37 - 00080896 _____ () C:\Users\Sharon\AppData\Roaming\Pluto TV\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 07:04 - 2017-07-16 14:40 - 00000880 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{00E5D102-AE59-47AC-A6FF-2D162EF76ABD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CFFF24A-2D97-4625-AB38-AF70EE8183E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{55076D9E-EB6C-4AA4-B3F1-45BBAEFD09AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DE199897-58B9-4517-934E-B3F176236051}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{709F597A-5EAD-42F0-8314-18C29B731358}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{5FEBD127-D9C7-488A-92A8-E421D6EE6475}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{17603129-BE96-41BD-8BDA-F3E9454DC6F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E2F378E-B243-48D5-9E72-E29CD9A831F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B31E985A-9DC4-4E3A-9A82-D883AE2DD515}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{588E8AA2-1979-4715-81EC-EC1C8989A9CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{70246331-6E0A-4520-8748-701B2EF9C2E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{34E86837-C8A0-4CF9-B0DE-385132D9FA62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{5617B8CD-B968-4098-B178-9E564B86EE0F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{EC33BCEA-35CF-497A-A565-64A8E9A23766}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3B5B569-5402-4F1B-9741-70CD67B60423}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4C44D73-BE70-4884-A0D7-AEF0AEC0945D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CF16E193-AAC3-4DE7-85B4-629ADF8AEC35}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AA88E437-77AA-4A14-9CD1-C54714D26087}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F13Game\EAC_Launcher.exe
FirewallRules: [{E2400436-C23D-431D-9628-18C665DB67A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F13Game\EAC_Launcher.exe
FirewallRules: [{FCDFFFE4-F0D1-44C4-9F77-56B2DD3E94D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{D11C3505-C800-413A-AC58-E95BEA8E9278}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
==================== Restore Points =========================
19-06-2017 17:04:14 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
26-06-2017 15:24:42 Windows Update
30-06-2017 21:03:21 Windows Update
16-07-2017 14:27:52 Removed WinZip 21.5
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/16/2017 03:20:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/16/2017 03:20:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/16/2017 02:40:22 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
Error: (07/16/2017 02:28:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Internet Security Essentials Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (07/16/2017 02:28:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Internet Security Essentials.
System Error:
The system cannot find the file specified.
.
Error: (07/16/2017 02:28:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/16/2017 02:13:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-U06IMQR)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/01/2017 07:40:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (07/01/2017 07:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: unit.exe, version: 4.0.0.0, time stamp: 0x5925a07d
Faulting module name: export.DLL, version: 4.0.0.0, time stamp: 0x593f8afe
Exception code: 0xc0000005
Fault offset: 0x0000000000004c8c
Faulting process id: 0x11e4
Faulting application start time: 0x01d2f2c22cfc52ac
Faulting application path: C:\Program Files\COMODO\GeekBuddy\unit.exe
Faulting module path: C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\export.DLL
Report Id: badcd7b6-248d-46f3-bcf9-67e1da5a25b4
Faulting package full name:
Faulting package-relative application ID:
Error: (07/01/2017 01:09:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609
System errors:
=============
Error: (07/16/2017 03:40:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/16/2017 02:45:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-U06IMQR)
Description: The server {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2} did not register with DCOM within the required timeout.
Error: (07/16/2017 02:42:55 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (07/16/2017 02:42:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/16/2017 02:42:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (07/16/2017 02:42:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (07/16/2017 02:42:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/16/2017 02:42:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (07/16/2017 02:42:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (07/16/2017 02:42:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
==================== Memory info ===========================
Processor: Intel® Core i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 6059.39 MB
Available physical RAM: 2662.29 MB
Total Virtual: 7553.42 MB
Available Virtual: 3718.77 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:910.64 GB) (Free:838.76 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.65 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (9249) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B65C61FD)
Partition: GPT.
==================== End of Addition.txt ============================