Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of unwanted programs and popups. [Solved]


  • This topic is locked This topic is locked

#1
sharon4873

sharon4873

    Member

  • Member
  • PipPip
  • 10 posts

I let my grandson use my laptop and afterwards noticed lots of popups and programs that I didn't know or install.  I tried to remove some -- some wouldn't be removed. and then I did a malwarebytes scan it found 153, so I thought it maybe beyond me to get everything removed like it should but I did select remove selected items...just wanted to make sure and any suggestions on how I can fix his ability to download things without my permission.   Thanks.

 

 

FRS scan results follows: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by Sharon (administrator) on DESKTOP-U06IMQR (16-07-2017 15:52:40)
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available Profiles: Sharon)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(COMODO) C:\Windows\Temp\ise~cfad3112-27a2-4bd0-9b8f-4bf43f589b51
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Pluto, Inc.) C:\Users\Sharon\AppData\Roaming\Pluto TV\PlutoTV.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Pluto, Inc.) C:\Users\Sharon\AppData\Roaming\Pluto TV\PlutoTV.exe
(Pluto, Inc.) C:\Users\Sharon\AppData\Roaming\Pluto TV\PlutoTV.exe
(Pluto, Inc.) C:\Users\Sharon\AppData\Roaming\Pluto TV\PlutoTV.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-15] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-06-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485400 2017-05-24] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [1280000 2017-06-17] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-07-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7c1a8a81-af05-41c4-ac19-f45eb560a0f1}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{db0312ef-785d-440e-ab5a-1a8fb6bcd28e}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {31131775-E7CD-4C3F-ADED-D691CFF30016} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D061717-A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D061717-A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001 -> {31131775-E7CD-4C3F-ADED-D691CFF30016} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001 -> {47513084-4DE9-40B4-BD5C-5B31E5A5BFA4} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US739D20160210&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-02-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-28] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: ijsf5oci.default
FF ProfilePath: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default [2017-07-16]
FF NewTab: Mozilla\Firefox\Profiles\ijsf5oci.default -> about:home
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ijsf5oci.default -> Bing®
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ijsf5oci.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ijsf5oci.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ijsf5oci.default -> Bing®
FF Homepage: Mozilla\Firefox\Profiles\ijsf5oci.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\ijsf5oci.default -> user_pref("keyword.URL", true);
FF Extension: (ADB Helper) - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\Extensions\[email protected] [2017-05-30]
FF Extension: (Valence) - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\Extensions\[email protected] [2017-05-30]
FF Extension: (CouponXplorer) - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\Extensions\[email protected] [2017-03-16]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\searchplugins\bing-lavasoft.xml [2017-06-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-05-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1227197.dll [2017-02-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0234941496431402mcinstcleanup; C:\WINDOWS\TEMP\023494~1.EXE [1030904 2017-02-09] (McAfee, Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-06-17] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-06-15] (AVG Technologies CZ, s.r.o.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [77472 2017-05-24] (Comodo Security Solutions, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-17] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-18] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-13] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-11-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
R3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [326656 2016-10-15] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-05] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
R4 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25192 2017-06-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314128 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-06-17] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [129776 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102280 2017-06-17] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [570320 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [160008 2017-06-17] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [340824 2017-06-17] (AVG Technologies CZ, s.r.o.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-18] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-18] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-18] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-16] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [79960 2016-10-05] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-24] (HP Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-16 15:52 - 2017-07-16 15:54 - 00024413 _____ C:\Users\Sharon\Desktop\FRST.txt
2017-07-16 15:50 - 2017-07-16 15:52 - 00000000 ____D C:\FRST
2017-07-16 15:50 - 2017-07-16 15:50 - 02435584 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64.exe
2017-07-16 15:39 - 2017-07-16 15:39 - 00034913 _____ C:\Users\Sharon\Desktop\malwarebytes 716.txt
2017-07-16 15:35 - 2017-07-16 15:35 - 00001421 _____ C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-07-16 14:45 - 2017-07-16 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-07-16 14:40 - 2017-07-16 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-07-16 14:39 - 2017-07-16 14:39 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-07-16 14:26 - 2017-07-16 14:26 - 00000046 _____ C:\WINDOWS\wininit.ini
2017-07-16 14:20 - 2017-07-16 14:20 - 00000000 ___HD C:\$SysReset
2017-06-26 16:13 - 2017-06-26 16:13 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-06-26 15:27 - 2017-06-26 15:27 - 00000000 ____D C:\WINDOWS\LastGood
2017-06-25 13:35 - 2017-06-25 13:35 - 00000000 ____D C:\Users\Sharon\AppData\Local\Systweak
2017-06-25 13:15 - 2017-06-25 13:15 - 00000000 ____D C:\ProgramData\UniqueId
2017-06-25 13:10 - 2017-06-25 13:10 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.5
2017-06-25 13:05 - 2017-07-16 14:25 - 00000000 ____D C:\Program Files (x86)\COMODO
2017-06-25 13:01 - 2017-07-16 14:26 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Pluto TV
2017-06-25 13:00 - 2017-07-16 14:31 - 00000000 ____D C:\ProgramData\WinZip
2017-06-25 13:00 - 2017-07-16 14:27 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Nico Mak Computing
2017-06-25 12:58 - 2017-06-25 13:23 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Dashlane
2017-06-25 12:56 - 2017-07-16 14:26 - 00000000 ____D C:\Program Files\COMODO
2017-06-25 12:56 - 2017-07-16 14:25 - 00000000 ____D C:\ProgramData\COMODO
2017-06-25 11:41 - 2017-07-16 15:22 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-19 17:08 - 2017-06-19 17:09 - 00000000 ____D C:\Users\Sharon\Documents\BeamNG.drive
2017-06-19 17:08 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-06-19 17:08 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-06-19 17:08 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-06-19 17:08 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-06-19 17:07 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-06-19 17:07 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-06-19 17:07 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-06-19 17:07 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-06-19 17:07 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-06-19 17:07 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-06-17 16:05 - 2017-06-19 14:54 - 00750632 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-06-17 16:05 - 2017-06-17 16:05 - 00000000 ____D C:\Users\Sharon\AppData\Local\UnrealEngine
2017-06-17 16:05 - 2017-06-17 16:05 - 00000000 ____D C:\Users\Sharon\AppData\Local\SummerCamp
2017-06-17 16:05 - 2017-06-17 15:42 - 00383016 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-06-17 15:42 - 2017-06-19 16:46 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-17 15:32 - 2017-06-17 15:32 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\AVG
2017-06-17 15:31 - 2017-06-17 15:31 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstm.sys
2017-06-17 15:31 - 2017-06-17 15:31 - 00004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-06-17 15:31 - 2017-06-17 15:30 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-06-17 15:31 - 2017-06-17 15:30 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-06-17 15:30 - 2017-06-17 15:30 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-06-17 15:29 - 2017-06-17 15:29 - 00000000 ____D C:\Users\Sharon\AppData\Local\Steam
2017-06-17 15:26 - 2017-06-26 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-06-17 15:23 - 2017-06-30 20:53 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-06-17 15:23 - 2017-06-17 15:28 - 00000000 ____D C:\Program Files (x86)\AVG
2017-06-17 15:22 - 2017-07-16 14:30 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2017-06-17 15:22 - 2017-06-17 15:22 - 00000000 ____D C:\Users\Sharon\AppData\Local\WebDiscoverBrowser
2017-06-17 15:21 - 2017-07-16 14:30 - 00000000 ____D C:\Program Files\ByteFence
2017-06-17 15:21 - 2017-06-21 11:36 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-17 15:21 - 2017-06-17 22:36 - 00000000 ____D C:\ProgramData\Avg
2017-06-17 15:21 - 2017-06-17 15:26 - 00000000 ____D C:\Users\Sharon\AppData\Local\AvgSetupLog
2017-06-17 15:21 - 2017-06-17 15:21 - 00000000 ____D C:\Users\Sharon\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-16 15:44 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-16 15:38 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-16 15:38 - 2016-01-10 05:25 - 00000000 ____D C:\Users\Sharon\AppData\Local\Packages
2017-07-16 15:26 - 2016-10-11 19:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-16 15:00 - 2016-10-11 20:02 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSharon
2017-07-16 15:00 - 2016-06-24 09:58 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSharon.job
2017-07-16 14:42 - 2017-02-23 20:58 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-07-16 14:42 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-16 14:40 - 2016-08-24 00:03 - 00001976 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-07-16 14:40 - 2016-01-17 22:15 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-07-16 14:37 - 2016-11-17 21:43 - 00000000 ____D C:\Users\Sharon\AppData\LocalLow\Mozilla
2017-07-16 14:35 - 2016-06-22 21:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-16 14:33 - 2017-06-14 14:00 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Opera Software
2017-07-16 14:33 - 2017-06-14 14:00 - 00000000 ____D C:\Users\Sharon\AppData\Local\Opera Software
2017-07-16 14:32 - 2016-02-10 19:51 - 00000000 ____D C:\Users\Sharon\AppData\Local\Lavasoft
2017-07-16 14:31 - 2017-04-08 18:17 - 00000000 ____D C:\Users\Sharon\AppData\Local\Razer
2017-07-16 14:31 - 2017-04-03 18:52 - 00000000 ____D C:\ProgramData\Razer
2017-07-16 14:31 - 2017-04-03 18:52 - 00000000 ____D C:\Program Files (x86)\Razer
2017-07-16 14:26 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-16 14:12 - 2016-10-11 19:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-16 14:12 - 2016-01-10 05:25 - 00000000 __SHD C:\Users\Sharon\IntelGraphicsProfiles
2017-06-30 21:16 - 2016-03-18 21:38 - 00001441 _____ C:\Users\Sharon\Desktop\ROBLOX Player.lnk
2017-06-30 21:16 - 2016-03-18 21:38 - 00001256 _____ C:\Users\Sharon\Desktop\ROBLOX Studio.lnk
2017-06-30 21:16 - 2016-03-18 21:38 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-06-30 21:14 - 2016-11-17 20:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-30 21:05 - 2017-05-21 17:13 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-30 21:05 - 2017-05-21 17:13 - 00000000 ____D C:\Program Files\UNP
2017-06-25 15:52 - 2016-01-12 21:57 - 00000000 ____D C:\Users\Sharon\AppData\Local\Roblox
2017-06-21 07:36 - 2017-05-25 15:30 - 01536010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-21 07:29 - 2016-01-09 23:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-21 06:10 - 2016-10-11 19:43 - 00000000 ____D C:\Users\Sharon
2017-06-20 16:28 - 2016-10-11 20:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-20 16:28 - 2016-07-16 02:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-06-20 12:31 - 2016-12-13 20:35 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-20 12:30 - 2016-01-10 05:28 - 00002377 _____ C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 12:30 - 2016-01-10 05:28 - 00000000 ___RD C:\Users\Sharon\OneDrive
2017-06-19 17:03 - 2015-11-05 02:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-17 22:31 - 2016-10-11 20:02 - 00004554 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 22:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 22:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-17 15:22 - 2016-02-10 19:51 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Lavasoft
2017-06-17 15:21 - 2016-02-10 19:51 - 00000000 ____D C:\ProgramData\Lavasoft
2017-06-17 15:21 - 2016-02-10 19:51 - 00000000 ____D C:\Program Files (x86)\Lavasoft

Some files in TEMP:
====================
2017-06-25 13:03 - 2017-06-25 13:05 - 1517120 _____ (Totipe                                                      ) C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make(1).exe
2017-06-14 14:00 - 2017-06-14 14:00 - 1517120 _____ (Totipe                                                      ) C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make.exe
2017-06-30 20:54 - 2017-07-01 20:24 - 4109176 _____ (COMODO) C:\Users\Sharon\AppData\Local\Temp\ise_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-21 12:59

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by Sharon (16-07-2017 15:55:14)
Running from C:\Users\Sharon\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-12 00:06:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1292175255-3574968239-1866619479-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1292175255-3574968239-1866619479-503 - Limited - Disabled)
Guest (S-1-5-21-1292175255-3574968239-1866619479-501 - Limited - Disabled)
Play ONLY ACCOUNT (S-1-5-21-1292175255-3574968239-1866619479-1002 - Limited - Enabled)
Sharon (S-1-5-21-1292175255-3574968239-1866619479-1001 - Administrator - Enabled) => C:\Users\Sharon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-d3625e94-c720-4b94-8c74-09b057e0ed93) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.7.197 - Adobe Systems, Inc.)
AVG (HKLM\...\{49AB2080-7813-477F-835E-946DFD2CE4AA}) (Version: 1.201.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-b94a3119-19fc-459d-9f51-9d54cdbea993) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-b38096b1-7889-4e22-8df7-70c8c5608766) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coyote The Outlander (HKLM-x32\...\WTA-44630ad4-7c2a-4b81-b8c9-4111b3322137) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-66b10b72-1454-46aa-9fe9-5cc996e3783b) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-326a0526-cae4-4b57-8ee5-df69c0110f04) (Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-c2a4e491-8e75-4ab6-b6f6-78236c93f6a2) (Version: 3.0.2.59 - WildTangent) Hidden
FMW 1 (HKLM\...\{3F288BE1-12E0-44FD-A534-23EB122C988D}) (Version: 1.212.2 - AVG Technologies) Hidden
Home Makeover (HKLM-x32\...\WTA-831743fd-ebc4-4911-a8dc-10ec3374dfe2) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.7.22.13 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-738d766e-20a9-4432-b7e1-0ede1ccabfcd) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-1033349f-61e4-4240-91eb-8797adecc6dd) (Version: 3.0.2.59 - WildTangent) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.18.110.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Jewel Match Snowscapes (HKLM-x32\...\WTA-a53983e7-7909-428a-ab14-a3b34c7a0ec2) (Version: 3.0.2.118 - WildTangent) Hidden
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-d754cfd7-91c7-4587-9856-a1b44e89c7ec) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-2149e695-53e5-4e0a-9a63-e5e368bb6c81) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-6220c463-af2d-41be-8ae2-0b705bf7e79f) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-b3a60d49-0814-4488-8260-87c6ea00a558) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-ba86689f-0af7-4ff4-9ded-bc5e4a1f52ed) (Version: 3.0.2.59 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.587.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-ecd3d8d3-0c10-4b97-92bb-469bd4874da2) (Version: 3.0.2.59 - WildTangent) Hidden
Plagiarii (HKLM-x32\...\WTA-bebad216-3fc1-4f9b-902c-f7910b131bd9) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-d609b381-98a7-49d2-a1f6-27442b619bc1) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.60 - REALTEK Semiconductor Corp.)
ROBLOX Player for Sharon (HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Sharon (HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Runefall (HKLM-x32\...\WTA-afd529d1-0553-4c3c-8b5a-b37195bb5e76) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-dd6b98f4-4e4a-4d17-9957-026410db0772) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-e7401c1f-4fc0-4f43-835b-412e733ed168) (Version: 3.0.2.59 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers01: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-06-17] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-02-28] (McAfee, Inc.)
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Intel Corporation)
ContextMenuHandlers06: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-06-17] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-02-28] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03082631-06A9-4553-B0EE-EFACA4F21043} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {0DB27CBD-DD22-43D9-BD20-D147B0339CD5} - no filepath
Task: {265D0865-6D32-4188-A698-B825FBC6CB7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {34E405F6-862C-4823-8636-3F91F55FDF90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {456D50D0-EA69-4501-93C7-32682BC829E0} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-06] (McAfee, Inc.)
Task: {4FA3133B-B066-472D-965E-A95D4675430A} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {52761F2B-0C37-4DBE-9A9F-14500AC6AD8F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {59E47931-649D-44E7-999C-0C98B3B3F8FC} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-06] (McAfee, Inc.)
Task: {60C02F1B-716C-4273-80F0-32F5D9E51DE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {61A71910-7A0A-4CA8-B4D1-0639951C1A9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {70779C2E-2E37-4467-8C77-D1BEE7BB90A9} - no filepath
Task: {776A3B53-2009-46FA-B1CD-4214CE75EF61} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sharon\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {821A15F3-530B-4427-841A-21868BD0DB36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {82DF291E-8F81-468E-A4E3-CB675D7CDA2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {83F2C9AC-F73E-4D0F-99E6-089C69BD5B78} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [2015-11-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {87051A63-B490-452C-843C-C7714068BFB1} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {9FB6ABAB-803C-42E1-94A7-029B6E3D42CD} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {AEC3B097-E329-4BCA-BC41-BF8497C5473B} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-06-17] (AVG Technologies CZ, s.r.o.)
Task: {AF8608B7-4826-4BA9-9080-0F7810F3BEC7} - no filepath
Task: {AFE328F8-8BC2-430F-ACC6-8D3D93773CE3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {B04653C1-9C91-4B47-8E35-03CB13EBEC78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {B3E52CC7-42F9-4F85-B2C5-E5C66B523F4A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {BA619889-93D0-4F4E-83B5-35E66FAAFAC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {BE93C2E6-E152-4608-B51E-691324D30E99} - no filepath
Task: {C1531F54-B39B-4D2F-9524-808D5C0147D2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {CC236BC4-5026-4752-9927-5656D254698F} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [2015-11-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D96557D2-62C1-40B0-8875-2505AF4A6DC8} - no filepath
Task: {FC332964-3513-485B-9642-C1A920ABB1E3} - System32\Tasks\HPCeeScheduleForSharon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSharon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/

==================== Loaded Modules (Whitelisted) ==============

2015-11-05 03:27 - 2014-04-14 22:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-13 19:14 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-21 11:46 - 2017-06-21 11:47 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 11:46 - 2017-06-21 11:47 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 11:46 - 2017-06-21 11:47 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 11:46 - 2017-06-21 11:47 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-17 15:21 - 2017-06-17 15:21 - 00025192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-06-17 15:21 - 2017-06-17 15:21 - 00017000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-06-17 15:21 - 2017-06-17 15:21 - 00036968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-10-11 23:25 - 2016-10-11 23:25 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 15:06 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 15:07 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 15:07 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 15:07 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 19:14 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 19:14 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 19:14 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-20 12:39 - 2017-06-20 12:39 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-20 12:39 - 2017-06-20 12:39 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-15 22:10 - 2017-06-15 22:11 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-15 22:10 - 2017-06-15 22:11 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-09 13:12 - 2017-06-09 13:13 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 22:10 - 2017-06-15 22:11 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-02 20:32 - 2016-06-02 20:32 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-15 22:10 - 2017-06-15 22:11 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-04 22:04 - 2017-05-04 22:05 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-04-08 14:44 - 2016-04-08 14:45 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-23 11:34 - 2017-06-23 11:35 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-06-23 11:34 - 2017-06-23 11:36 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-17 15:23 - 2017-06-17 15:22 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-06-17 15:30 - 2017-06-17 15:30 - 00685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-06-25 13:01 - 2017-02-15 11:37 - 01943040 _____ () C:\Users\Sharon\AppData\Roaming\Pluto TV\ffmpeg.dll
2017-06-25 13:01 - 2017-02-15 11:37 - 02263040 _____ () C:\Users\Sharon\AppData\Roaming\Pluto TV\libglesv2.dll
2017-06-25 13:01 - 2017-02-15 11:37 - 00080896 _____ () C:\Users\Sharon\AppData\Roaming\Pluto TV\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2017-07-16 14:40 - 00000880 _____ C:\WINDOWS\system32\Drivers\etc\hosts


0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{00E5D102-AE59-47AC-A6FF-2D162EF76ABD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CFFF24A-2D97-4625-AB38-AF70EE8183E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{55076D9E-EB6C-4AA4-B3F1-45BBAEFD09AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DE199897-58B9-4517-934E-B3F176236051}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{709F597A-5EAD-42F0-8314-18C29B731358}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{5FEBD127-D9C7-488A-92A8-E421D6EE6475}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{17603129-BE96-41BD-8BDA-F3E9454DC6F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E2F378E-B243-48D5-9E72-E29CD9A831F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B31E985A-9DC4-4E3A-9A82-D883AE2DD515}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{588E8AA2-1979-4715-81EC-EC1C8989A9CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{70246331-6E0A-4520-8748-701B2EF9C2E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{34E86837-C8A0-4CF9-B0DE-385132D9FA62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{5617B8CD-B968-4098-B178-9E564B86EE0F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{EC33BCEA-35CF-497A-A565-64A8E9A23766}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3B5B569-5402-4F1B-9741-70CD67B60423}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4C44D73-BE70-4884-A0D7-AEF0AEC0945D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CF16E193-AAC3-4DE7-85B4-629ADF8AEC35}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AA88E437-77AA-4A14-9CD1-C54714D26087}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F13Game\EAC_Launcher.exe
FirewallRules: [{E2400436-C23D-431D-9628-18C665DB67A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F13Game\EAC_Launcher.exe
FirewallRules: [{FCDFFFE4-F0D1-44C4-9F77-56B2DD3E94D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{D11C3505-C800-413A-AC58-E95BEA8E9278}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe

==================== Restore Points =========================

19-06-2017 17:04:14 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
26-06-2017 15:24:42 Windows Update
30-06-2017 21:03:21 Windows Update
16-07-2017 14:27:52 Removed WinZip 21.5

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2017 03:20:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/16/2017 03:20:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/16/2017 02:40:22 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (07/16/2017 02:28:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Internet Security Essentials Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/16/2017 02:28:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Internet Security Essentials.

System Error:
The system cannot find the file specified.
.

Error: (07/16/2017 02:28:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/16/2017 02:13:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-U06IMQR)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/01/2017 07:40:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/01/2017 07:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: unit.exe, version: 4.0.0.0, time stamp: 0x5925a07d
Faulting module name: export.DLL, version: 4.0.0.0, time stamp: 0x593f8afe
Exception code: 0xc0000005
Fault offset: 0x0000000000004c8c
Faulting process id: 0x11e4
Faulting application start time: 0x01d2f2c22cfc52ac
Faulting application path: C:\Program Files\COMODO\GeekBuddy\unit.exe
Faulting module path: C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\export.DLL
Report Id: badcd7b6-248d-46f3-bcf9-67e1da5a25b4
Faulting package full name:
Faulting package-relative application ID:

Error: (07/01/2017 01:09:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609


System errors:
=============
Error: (07/16/2017 03:40:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/16/2017 02:45:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-U06IMQR)
Description: The server {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2} did not register with DCOM within the required timeout.

Error: (07/16/2017 02:42:55 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (07/16/2017 02:42:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/16/2017 02:42:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (07/16/2017 02:42:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (07/16/2017 02:42:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/16/2017 02:42:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (07/16/2017 02:42:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (07/16/2017 02:42:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 6059.39 MB
Available physical RAM: 2662.29 MB
Total Virtual: 7553.42 MB
Available Virtual: 3718.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:910.64 GB) (Free:838.76 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.65 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (9249) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B65C61FD)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 


  • 0

Advertisements


#2
sharon4873

sharon4873

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Results of Malwarebytes scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/16/2017
Scan Time: 2:36 PM
Logfile: malwarebytes 716.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.25.02
Rootkit Database: v2017.02.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Sharon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330387
Time Elapsed: 55 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.GeekBuddy, C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe, 9192, , [1b0b248348602313c6622967db253ec2]

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\GeekBuddyRSP, , [7caae4c3981073c3f572900060a0d62a],
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, , [2204e2c5c0e89f9729a941761ee59d63],
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\7EF8027E14484DB4790656F84D8DA589, , [f333f7b03e6a70c6f1175c3837c9b848],
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\GeekBuddyRSP, , [df47188fa206df57db8c9ff1df21da26],
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, , [1313cadd109886b0349e17a053b08080],
PUP.Optional.DriverRestore, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\DriverRestore_RASAPI32, , [7caa8a1daafeef4733d74adf14ecf60a],
PUP.Optional.DriverRestore, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\DriverRestore_RASMANCS, , [80a6efb8c9df45f18981d15840c007f9],
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WinZipMalwareProtector_RASAPI32, , [f3331592446452e45e5ca814bc47af51],
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WinZipMalwareProtector_RASMANCS, , [d353099e703862d4b406e4d8dd26649c],
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\WOW6432NODE\GeekBuddyRSP, , [50d6c1e6ffa9e650c5e4f3bad22e837d],
PUP.Optional.GeekBuddy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLPSLAUNCHER, , [1b0b248348602313c6622967db253ec2],
PUP.Optional.GeekBuddy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\GeekBuddyRSP, , [ff2735726642a096ef28703fb05034cc],
PUP.Optional.WinZipMalwareProtector, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WinZip Malware Protector, , [5dc9099e0f995cda2697af0dda29827e],
PUP.Optional.GeekBuddy, HKLM\SYSTEM\SOFTWARE\COMODO\CLPS 4, , [57cffbacc2e69e9803ce4c45808018e8],
PUP.Optional.InstallCore, HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\csastats, , [be68cadd3771af87b29e715dda291ce4],
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\WebDiscoverBrowser, , [d353386ff2b60234b21cd7e030d3ff01],
PUP.Optional.Conduit, HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [d452485fb2f6ba7c2c61fc7f59aad729],
PUP.Optional.ProductSetup, HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\PRODUCTSETUP, , [091d188f990f4de9c4b14f3f37cc02fe],

Registry Values: 8
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\COMODO\GEEKBUDDYRSP.EXE, 1, , [eb3b6e39e0c8330358421f764db309f7]
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tvncontrol, "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave, , [eb3b6e39e0c8330358421f764db309f7]
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\7EF8027E14484DB4790656F84D8DA589|00000000000000000000000000000000, C:\Program Files\COMODO\GeekBuddy\, , [f333f7b03e6a70c6f1175c3837c9b848]
PUP.Optional.GeekBuddy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLPSLAUNCHER|DisplayName, COMODO LPS Launcher, , [1b0b248348602313c6622967db253ec2]
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\COMODO\LAUNCHER_SERVICE.EXE, 1, , [1b0b248348602313c6622967db253ec2]
PUP.Optional.Conduit, HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/...={searchTerms},, [d452485fb2f6ba7c2c61fc7f59aad729]
PUP.Optional.Conduit, HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURL, http://www.bing.com/...={searchTerms},, [e145bee9acfc4fe7f09d671426dde719]
PUP.Optional.ProductSetup, HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\PRODUCTSETUP|tb, 0P1S1S1F1D1B2W2O0P1S1B1F2Z, , [091d188f990f4de9c4b14f3f37cc02fe]

Registry Data: 0
(No malicious items detected)

Folders: 18
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\CouponXplorer_5z, , [41e58d1a8b1da096838873150201926e],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.SysTweak, C:\Users\Sharon\AppData\Local\Systweak, , [0c1a11965355c4727dac0c6d6e929d63],
PUP.Optional.SysTweak, C:\Users\Sharon\AppData\Local\Systweak\Advanced System Protector, , [0c1a11965355c4727dac0c6d6e929d63],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected], , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\chrome, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\META-INF, , [0224d5d233753ff72f86d35ec341c53b],

Files: 108
PUP.Optional.GeekBuddy, C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe, , [eb3b6e39e0c8330358421f764db309f7],
PUP.Optional.RegistryReviver, C:\Users\Sharon\AppData\Local\Temp\in61A5158B\09B6B476_stp\RegistryReviverSetup.exe, , [2df962454d5b59ddeaf6f29a2ed244bc],
PUP.Optional.GeekBuddy, C:\Users\Sharon\AppData\Local\Temp\in61A5158B\547E0304_stp\lps-gb-vt-x64.exe, , [41e5abfcf2b637ffbbdff4a152aec13f],
PUP.Optional.DriverRestore, C:\Users\Sharon\AppData\Local\Temp\in61A5158B\2D4CC794_stp\DriverRestore.exe, , [2ff73275c7e18bab3c9282e77b858b75],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\CouponXplorer_5z\029A8E08-DDDF-4B97-B47A-F885E8BA7B28.sqlite, , [41e58d1a8b1da096838873150201926e],
PUP.Optional.GeekBuddy, C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe, , [1b0b248348602313c6622967db253ec2],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome.dll, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_100_percent.pak, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_200_percent.pak, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_child.dll, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_elf.dll, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\icudtl.dat, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\libEGL.dll, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\libGLESv2.dll, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\resources.pak, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\en-US.pak, , [d650fea98c1c48eee3e6281b0bf57f81],
PUP.Optional.SysTweak, C:\Users\Sharon\AppData\Local\Systweak\Advanced System Protector\ScanEngineErrorLog.txt, , [0c1a11965355c4727dac0c6d6e929d63],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies-journal, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\BrowserMetrics.pma, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics.pma~RF8578bf28.TMP, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Local State, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Cookies, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Current Session, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Preferences, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\previews_opt_out.db, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\QuotaManager, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\History, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\History Provider Cache, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\History-journal, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data-journal, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Shortcuts, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Visited Links, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data-journal, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_0, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_1, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_2, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_3, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\index, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\000003.log, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOCK, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\000003.log, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\LOCK, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\LOG, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\MANIFEST-000001, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_0, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_1, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_2, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_3, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.WebDiscoverBrowser, C:\Users\Sharon\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\index, , [d94ddccbfeaaf34333a38b4aac56ad53],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\install.rdf, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\bootstrap.js, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\chrome.manifest, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\chrome.manifest.restartless, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\chrome\ffxtbr.jar, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\META-INF\manifest.mf, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\META-INF\mozilla.rsa, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\extensions\[email protected]\META-INF\mozilla.sf, , [0224d5d233753ff72f86d35ec341c53b],
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (user_pref("extensions.toolbar.mindspark._5zMembers_.BUTTON_STRUCTURE", "[{\"b\":223761339,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":223761340,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":223761345,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":223761349,\"c\":\"mindspark.image\",\"p\":\"L.0.2\"},{\"b\":223761354,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":223761358,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":223761270,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":223761273,\"c\":\"mindspark.couponxplorer\",\"p\":\"L.2\"},{\"b\":223761274,\"c\":\"mindspark.notspyware\",\"p\":\"L.2.0\"},{\"b\":223761281,\"c\":\"mindspark.help\",\"p\":\"L.2.1\"},{\"b\":223761287,\"c\":\"mindspark.version\",\"p\":\"L.2.2\"},{\"b\":230546278,\"c\":\"mindspark.latestdeals\",\"p\":\"L.3\"},{\"b\":223761298,\"c\":\"mindspark.printablecoupons\",\"p\":\"L.4\"},{\"b\":223761299,\"c\":\"mindspark.couponscom\",\"p\":\"L.4.0\"},{\"b\":223761300,\"c\":\"mindspark.couponcabin\",\"p\":\"L.4.1\"},{\"b\":223761301,\"c\":\"mindspark.couponmom\",\"p\":\"L.4.2\"},{\"b\":223761302,\"c\":\"mindspark.smartsource\",\"p\":\"L.4.3\"},{\"b\":223761303,\"c\":\"mindspark.valpak\",\"p\":\"L.4.4\"},{\"b\":229532143,\"c\":\"mindspark.restaurantcoupons\",\"p\":\"L.4.5\"},{\"b\":223761304,\"c\":\"mindspark.layawaymenu\",\"p\":\"L.5\"},{\"b\":223761305,\"c\":\"mindspark.burlington\",\"p\":\"L.5.0\"},{\"b\":223761306,\"c\":\"mindspark.cabelas\",\"p\":\"L.5.1\"},{\"b\":223761307,\"c\":\"mindspark.elayaway\",\"p\":\"L.5.2\"},{\"b\":223761308,\"c\":\"mindspark.gamestop\",\"p\":\"L.5.3\"},{\"b\":223761309,\"c\":\"mindspark.heb\",\"p\":\"L.5.4\"},{\"b\":223761310,\"c\":\"mindspark.kmart\",\"p\":\"L.5.5\"},{\"b\":223761312,\"c\":\"mindspark.sears\",\"p\":\"L.5.6\"},{\"b\":223761313,\"c\":\"mindspark.toysrus\",\"p\":\"L.5.7\"},{\"b\":223761314,\"c\":\"mindspark.walmart\",\"p\":\"L.5.8\"},{\"b\":224162183,\"c\":\"mindspark.giveaways\",\"p\":\"L.6\"},{\"b\":224162184,\"c\":\"mindspark.gofreebies\",\"p\":\"L.6.0\"},{\"b\":224162185,\"c\":\"mindspark.getitfree\",\"p\":\"L.6.1\"},{\"b\":224162186,\"c\":\"mindspark.munchkinsandwich\",\"p\":\"L.6.2\"},{\"b\":224162188,\"c\":\"mindspark.redditfreebies\",\"p\":\"L.6.3\"},{\"b\":224162189,\"c\":\"mindspark.coolfreebielinks\",\"p\":\"L.6.4\"},{\"b\":224162190,\"c\":\"mindspark.justfreestuff\",\"p\":\"L.6.5\"},{\"b\":224162191,\"c\":\"mindspark.freestufffinder\",\"p\":\"L.6.6\"},{\"b\":224162192,\"c\":\"mindspark.totallyfreestuff\",\"p\":\"L.6.7\"},{\"b\":224162193,\"c\":\"mindspark.freestufftimes\",\"p\":\"L.6.8\"},{\"b\":224162194,\"c\":\"mindspark.freesamples\",\"p\":\"L.6.9\"},{\"b\":224162195,\"c\":\"mindspark.freebieshark\",\"p\":\"L.6.10\"},{\"b\":224162196,\"c\":\"mindspark.freebieblogger\",\"p\":\"L.6.11\"},{\"b\":224162197,\"c\":\"mindspark.hunt4freebies\",\"p\":\"L.6.12\"},{\"b\":224162198,\"c\":\"mindspark.thatfreebiesite\",\"p\":\"L.6.13\"},{\"b\":224162199,\"c\":\"mindspark.freebies\",\"p\":\"L.6.14\"},{\"b\":224162200,\"c\":\"mindspark.shop4freebies\",\"p\":\"L.6.15\"},{\"b\":224162202,\"c\":\"mindspark.nikkisfreebiejeebie\",\"p\":\"L.6.16\"},{\"b\":224162203,\"c\":\"mindspark.justsomethingimade\",\"p\":\"L.6.17\"},{\"b\":224162204,\"c\":\"mindspark.freebiesninja\",\"p\":\"L.6.18\"},{\"b\":224999491,\"c\":\"mindspark.todolist\",\"v\":\"1.2.0\",\"p\":\"L.7\"},{\"b\":224484808,\"c\":\"mindspark.facebook\",\"p\":\"L.8\"},{\"b\":223761321,\"c\":\"mindspark.weather\",\"v\":\"1.1.2\",\"p\":\"L.9\"}]");), ,[ea3cffa82b7dfb3bea55e74b629e0ef2]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (ser_pref("browser.tabs.warnOnClose", false);
user_pref("browser.taskbar.lastgroupid", "E7CF176E110C211B");
user), ,[f036c2e5396f65d1013e40f25ea2817f]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: ( changes to this file while the application is running,
 * the changes will be overwritten when ), ,[0b1b0b9c7a2e3df93c0336fcaa56837d]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("accessibility.lastLoadDate", 1498955073);
user_pref("accessibility.loadedIn), ,[40e6b9ee4e5a310560df55dd3dc3aa56]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (g
 */

user_pref("accessibility.lastLoadDate", 1498955073);
user_pref("accessibility), ,[5fc7cadd753361d5a9963af816ea9d63]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (file.
 *
 * If you make changes to this file while the application is running,
), ,[b670891eeabe69cdcd72e64ce41ce719]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (t this file.
 *
 * If you make changes to this file while the application is runn), ,[6cbac3e42d7b38fe2d122909ab55dc24]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (this file.
 *
 * If you make changes to this file while the application is running,
 * the c), ,[55d1d4d3d5d30135ab94c66c8878d62a]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: ( *
 * If you make changes to this file while the application is running,
 * the changes ), ,[9f870e994662a690d46b3af8817f5fa1]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (le.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("accessibility.lastLoadDate", 1498955073);
user_pr), ,[30f6e9beb1f732047bc47bb7ff01ec14]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (the URL about:config
 */

user_pref("accessibility.lastLoadDate", 149), ,[eb3b317625836fc746f9171b738dd828]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (o not edit this file.
 *
 * If you make changes to this file while the a), ,[c660e9be4a5e0333ad92f53de11fa060]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (not edit this file.
 *
 * If you make changes to this file while the a), ,[e640bfe81a8ec6705de2e05241bffc04]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (o not edit this file.
 *
 * If you make changes to this file while the ), ,[4fd726811395191def50bf73b14f53ad]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: ( not edit this file.
 *
 * If you make changes to this file while the application is r), ,[170fedbaf4b4191d44fb91a17b857090]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (file.
 *
 * If you make changes to this file while the application is running,
 * the chan), ,[042283246a3e5bdb8eb1161c2fd1aa56]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (
 *
 * If you make changes to this file while the application is running,
 * the changes will be ov), ,[1412ffa8149468cef847ad857e8253ad]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (If you make changes to this file while the application is running,
 * the changes will be overwritte), ,[4bdb11966543d561e659052d03fd4eb2]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("accessibility.lastLoadDate", 1498955073);
user_pref("accessibility.loadedInLastSession", true);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1498957429);
user_pref("app.update.lastUpdateTime.background-update-timer", 1498926789);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1498957549);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1500230294);
user_pref("app.update.lastUpdateTime.experime), ,[939304a3941483b3cb74fc3624dcfe02]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (stUpdateTime.browser-cleanup-thumbnails", 1500230294);
user_pref("app.update.las), ,[f6305a4d62466fc7c7783101c937e917]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (t this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwri), ,[ce5886211d8b8fa7c07ffe34a15f04fc]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (es to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *), ,[969003a42682c0767bc4b67c827eeb15]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (nges to this file while the application is running,
 * the changes will be overwritte), ,[a185485f6f39ef47b48b1919d9278c74]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (s file.
 *
 * If you make changes to this file while the application is running,
 * th), ,[b4728a1dcade1521cc7353dffb050bf5]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (ile.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pre), ,[3de9f8af109841f5de61af833fc1718f]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: ( make a manual change to preferences, you can visit the URL about:config
 */

us), ,[25012285198ff6405ae5a58d50b0d12f]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (this file.
 *
 * If you make changes to this file while the application is running), ,[7fa7dec926825adc8bb438fa7d839f61]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (his file.
 *
 * If you make changes to this file while the application is running,), ,[ea3c584fa7011c1a88b7a58d7b85b749]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (his file.
 *
 * If you make changes to this file while the application is run), ,[33f36b3cd1d7d3639da26ac85ea2e61a]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (dit this file.
 *
 * If you make changes to this file while the application ), ,[59cd6740b9ef11251e21c66c718fc53b]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (edit this file.
 *
 * If you make changes to this file while the application is running,
), ,[7bab6740327624126bd469c9f60a9e62]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (e.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL a), ,[c95dc5e245630e2816296ec4d9275da3]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: ( application exits.
 *
 * To make a manual change to preferences, you can visit the URL ab), ,[1214ecbb1a8e38fe6ed1151dd828956b]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when t), ,[0422d0d7aafeeb4bb18ef2401ae640c0]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (es to this file while the application is running,
 * the changes will be overwritte), ,[eb3b0e99a008c175f44b2d05f9074ab6]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (his file.
 *
 * If you make changes to this file while the application is ru), ,[e046674024843bfbcc73f33f5da3ac54]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL abo), ,[0a1cdacd911788aec67936fc966a9c64]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (its.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("accessibility.lastLoadDate", 1498955073);
user_pref("accessibility.loadedInLastSession", true);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1498957429);
user_pref("app.update.lastUpdateTime.background-update-timer", 1498926789);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1498957549);
user_p), ,[ad79cadd9711c472b58a181ac23e33cd]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (# Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("accessibility.lastLoadDate", 1498955073);
user_pref("accessibility.loadedInLastSession", true);
user_pref("app.update.l), ,[3fe7e8bfa107142282bd54de8a76a45c]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (5073);
user_pref("accessibility.loadedInLastSession", true), ,[56d08c1be3c560d6ba855bd7dc241fe1]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
 *
 * If you make changes to this file while the app), ,[8f97495ef9af38fe69d6e9492cd4ce32]
PUP.Optional.MindSpark.Generic, C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js, Good: (), Bad: (ile.
 *
 * If you make changes to this file while the application is running,
 * the), ,[a77f6f38456358de033c1a186c94d52b]

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#3
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Sorry for the delay.

 

Welcome. :)

  • Highlight the entire content of the quote box below.

Start::  
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
(COMODO) C:\Windows\Temp\ise~cfad3112-27a2-4bd0-9b8f-4bf43f589b51
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
2017-06-25 13:03 - 2017-06-25 13:05 - 1517120 _____ (Totipe                                                      ) C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make(1).exe
2017-06-14 14:00 - 2017-06-14 14:00 - 1517120 _____ (Totipe                                                      ) C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make.exe
2017-06-30 20:54 - 2017-07-01 20:24 - 4109176 _____ (COMODO) C:\Users\Sharon\AppData\Local\Temp\ise_installer.exe
Task: {0DB27CBD-DD22-43D9-BD20-D147B0339CD5} - no filepath
Task: {70779C2E-2E37-4467-8C77-D1BEE7BB90A9} - no filepath
Task: {AF8608B7-4826-4BA9-9080-0F7810F3BEC7} - no filepath
Task: {BE93C2E6-E152-4608-B51E-691324D30E99} - no filepath
Task: {D96557D2-62C1-40B0-8875-2505AF4A6DC8} - no filepath
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


  • 0

#4
sharon4873

sharon4873

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Sharon (20-07-2017 22:42:31) Run:1
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available Profiles: Sharon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
(COMODO) C:\Windows\Temp\ise~cfad3112-27a2-4bd0-9b8f-4bf43f589b51
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
2017-06-25 13:03 - 2017-06-25 13:05 - 1517120 _____ (Totipe                                                      ) C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make(1).exe
2017-06-14 14:00 - 2017-06-14 14:00 - 1517120 _____ (Totipe                                                      ) C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make.exe
2017-06-30 20:54 - 2017-07-01 20:24 - 4109176 _____ (COMODO) C:\Users\Sharon\AppData\Local\Temp\ise_installer.exe
Task: {0DB27CBD-DD22-43D9-BD20-D147B0339CD5} - no filepath
Task: {70779C2E-2E37-4467-8C77-D1BEE7BB90A9} - no filepath
Task: {AF8608B7-4826-4BA9-9080-0F7810F3BEC7} - no filepath
Task: {BE93C2E6-E152-4608-B51E-691324D30E99} - no filepath
Task: {D96557D2-62C1-40B0-8875-2505AF4A6DC8} - no filepath
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
[11880] C:\Windows\Temp\ise~cfad3112-27a2-4bd0-9b8f-4bf43f589b51 => process closed successfully.
[15476] C:\Windows\Temp\DPTF\esif_assist_64.exe => process closed successfully.
"C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make(1).exe" => not found.
"C:\Users\Sharon\AppData\Local\Temp\ICReinstall_SketchUp-Make.exe" => not found.
"C:\Users\Sharon\AppData\Local\Temp\ise_installer.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DB27CBD-DD22-43D9-BD20-D147B0339CD5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DB27CBD-DD22-43D9-BD20-D147B0339CD5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70779C2E-2E37-4467-8C77-D1BEE7BB90A9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70779C2E-2E37-4467-8C77-D1BEE7BB90A9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF8608B7-4826-4BA9-9080-0F7810F3BEC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF8608B7-4826-4BA9-9080-0F7810F3BEC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE93C2E6-E152-4608-B51E-691324D30E99} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE93C2E6-E152-4608-B51E-691324D30E99} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D96557D2-62C1-40B0-8875-2505AF4A6DC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D96557D2-62C1-40B0-8875-2505AF4A6DC8} => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{343FE786-8340-4FA3-86FA-9748479611C6} canceled.
{4B1CB438-E412-400C-928F-7487225013A8} canceled.
{39852972-64FE-4E64-A71E-D61B1A3DC3ED} canceled.
{DA0597A7-1C5E-47C5-B4F4-CF5B2B6ECE62} canceled.
4 out of 4 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 89190323 B
Java, Flash, Steam htmlcache => 49956128 B
Windows/system/drivers => 391340479 B
Edge => 22943008 B
Chrome => 5139909 B
Firefox => 18350276 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 435937 B
systemprofile32 => 0 B
LocalService => 79628 B
NetworkService => 13268 B
Sharon => 148009603 B

RecycleBin => 0 B
EmptyTemp: => 691.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:45:24 ====


  • 0

#5
sharon4873

sharon4873

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Sharon (Administrator) on 07/20/2017 at 23:07:53.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\Sharon\AppData\Roaming\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\Sharon\AppData\Roaming\nico mak computing (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder)

Deleted the following from C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\prefs.js
user_pref(browser.search.defaultenginename.US, Secure Search);
user_pref(browser.search.order.1, Secure Search);
user_pref(extensions.toolbar.mindspark._5zMembers_.BUTTON_STRUCTURE, [{\b\:223761339,\c\:\mindspark.magnify\,\p\:\L.0\},{\b\:223761340,\c\:\mindspark.enterse
user_pref(extensions.toolbar.mindspark._5zMembers_.browser.startup.homepage.prev, hxxps://www.facebook.com/);
user_pref(extensions.toolbar.mindspark._5zMembers_.browser.startup.homepage.savedPrev, true);
user_pref(extensions.toolbar.mindspark._5zMembers_.browser.startup.homepage.tb, hxxp://hp.myway.com/couponxplorer/ttab02/index.html?coId=70f10ac9afcd4d9e8eddd1726737e4c4&su
user_pref(extensions.toolbar.mindspark._5zMembers_.browser.startup.page.savedPrev, 1);
user_pref(extensions.toolbar.mindspark._5zMembers_.browser.startup.page.tb, 1);
user_pref(extensions.toolbar.mindspark._5zMembers_.browser.version.last, 54.0);
user_pref(extensions.toolbar.mindspark._5zMembers_.coId, 70f10ac9afcd4d9e8eddd1726737e4c4);
user_pref(extensions.toolbar.mindspark._5zMembers_.firstKnownVersion, 7.700.10.55803);
user_pref(extensions.toolbar.mindspark._5zMembers_.homepage, hxxp://hp.myway.com/couponxplorer/ttab02/index.html?coId=70f10ac9afcd4d9e8eddd1726737e4c4&subId=couponpitstop-3
user_pref(extensions.toolbar.mindspark._5zMembers_.hp.enabled, false);
user_pref(extensions.toolbar.mindspark._5zMembers_.hp.guardType, HPR);
user_pref(extensions.toolbar.mindspark._5zMembers_.initialized, true);
user_pref(extensions.toolbar.mindspark._5zMembers_.installType, XPI);
user_pref(extensions.toolbar.mindspark._5zMembers_.installation.dlpCountryCode, US);
user_pref(extensions.toolbar.mindspark._5zMembers_.installation.installDate, 2017031601);
user_pref(extensions.toolbar.mindspark._5zMembers_.installation.partnerId, ^AFA^xpt947^TTAB02^us);
user_pref(extensions.toolbar.mindspark._5zMembers_.installation.partnerSubId, couponpitstop-3-s);
user_pref(extensions.toolbar.mindspark._5zMembers_.installation.pixelUrl, hxxp://www.couponxplorer.com/install_pixels.jhtml?partner=^AFA^xpt947^TTAB02^us&sub_id=couponpitst
user_pref(extensions.toolbar.mindspark._5zMembers_.installation.success, true);
user_pref(extensions.toolbar.mindspark._5zMembers_.installation.toolbarDataSource, [\COOKIE\,\LOCAL_STORAGE\]);
user_pref(extensions.toolbar.mindspark._5zMembers_.installation.toolbarId, 029A8E08-DDDF-4B97-B47A-F885E8BA7B28);
user_pref(extensions.toolbar.mindspark._5zMembers_.lastActivePing, 1500230280786);
user_pref(extensions.toolbar.mindspark._5zMembers_.lastKnownVersion, 7.700.10.55803);
user_pref(extensions.toolbar.mindspark._5zMembers_.lssState, {\previousLocales\:[\en-US\,\en\],\supportedLocales\:[\de\,\es\,\pt\,\ja\,\en\],\defaultLoca
user_pref(extensions.toolbar.mindspark._5zMembers_.options.defaultSearch, false);
user_pref(extensions.toolbar.mindspark._5zMembers_.options.homePageEnabled, true);
user_pref(extensions.toolbar.mindspark._5zMembers_.options.keywordEnabled, false);
user_pref(extensions.toolbar.mindspark._5zMembers_.options.tabEnabled, true);
user_pref(extensions.toolbar.mindspark._5zMembers_.partnerPixelFired, true);
user_pref(extensions.toolbar.mindspark._5zMembers_.productDeliveryOption.language, en);
user_pref(extensions.toolbar.mindspark._5zMembers_.productDeliveryOption.newTabURL, hxxp://hp.myway.com/couponxplorer/ttab02/index.html?p2=${partnerID}&n=${installDateHex}&
user_pref(extensions.toolbar.mindspark._5zMembers_.productDeliveryOption.type, ToolTab);
user_pref(extensions.toolbar.mindspark._5zMembers_.successUrl, hxxp://www.couponxplorer.com/installComplete.jhtml);
user_pref(extensions.toolbar.mindspark._5zMembers_.toolbar.versionChanged, false);
user_pref(extensions.toolbar.mindspark._5zMembers_.toolbarCollapsed, false);
user_pref(extensions.toolbar.mindspark._5zMembers_.uninstallSurveyUrl, hxxp://couponxplorer.dl.myway.com/uninstall.jhtml?surveyUrl=hxxp%3A%2F%2Fwww.research.net%2Fr%2FHYSCV
user_pref(extensions.toolbar.mindspark._5zMembers_.uninstallTasks, {\prefBranchesToDelete\:[\extensions.toolbar.mindspark._5zMembers_.\],\filesToDelete\:[\C:\\\\User
user_pref(extensions.toolbar.mindspark.hp.enabled, true);
user_pref(extensions.toolbar.mindspark.hp.enabled.guid, [email protected]);
user_pref(extensions.toolbar.mindspark.lastInstalled, [email protected]);



Registry: 4

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0234941496431402mcinstcleanup (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31131775-E7CD-4C3F-ADED-D691CFF30016} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{47513084-4DE9-40B4-BD5C-5B31E5A5BFA4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{31131775-E7CD-4C3F-ADED-D691CFF30016} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/20/2017 at 23:11:31.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#6
sharon4873

sharon4873

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

# AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 21 03:16:45 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files\ByteFence
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\WebDiscoverBrowser


***** [ Files ] *****

Deleted: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\ijsf5oci.default\searchplugins\bing-lavasoft.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1292175255-3574968239-1866619479-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [3064 B] - [2016/6/23 2:25:39]
C:/AdwCleaner/AdwCleaner[S1].txt - [2740 B] - [2016/6/23 2:17:18]
C:/AdwCleaner/AdwCleaner[S2].txt - [927 B] - [2016/6/24 12:57:3]
C:/AdwCleaner/AdwCleaner[S3].txt - [2191 B] - [2016/7/3 1:38:25]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########


  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

How is the computer doing?


  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Are you still with us?


  • 0

#9
sharon4873

sharon4873

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Sorry, I haven't really been online so not quiet sure but seems to be better


  • 0

#10
sharon4873

sharon4873

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

It seems to be doing better with the popups.....


  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Is that happening on all browsers?


  • 0

#12
sharon4873

sharon4873

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I ran another malware scan and it found 6 pup and I clicked to remove some of the ads stopped with the uninstall of AVG that I didn't download I had bought McAfee


  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Can I assume the issue has been resolved?


  • 0

#14
sharon4873

sharon4873

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

seems ok thanks


  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Congratulations.

 

Lets remove quarantined items:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP