I think I have a virus on my computer. I have not been able to update windows 10 for a few weeks. Just recently, I can't get on the internet or open my antivirus. I've run malwarebytes and it quarantined a few things.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Holder (administrator) on HOME (21-12-2017 15:49:56)
Running from C:\Users\Holder\Desktop
Loaded Profiles: Holder (Available Profiles: Holder)
Platform: Windows 10 Home Version 1607 14393.1480 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\CE\authServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [13680024 2017-11-09] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [7214800 2017-12-20] (McAfee, Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-12-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{890536e6-8284-4159-a1f0-d33cf52f2873}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a39c8f15-2db8-410b-9822-af170b002b68}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\IEExtension.dll [2017-11-09] (Covenant Eyes)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x86\IEExtension.dll [2017-11-09] (Covenant Eyes)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18] [Legacy]
FF Extension: (Covenant Eyes for Mozilla Firefox™) - C:\Program Files\CE\extensions\firefox\
[email protected] [2017-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-07-12] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2145206162-2560255737-4192909596-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Holder\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.southsidechristian.org/
CHR StartupUrls: Default -> "hxxp://www.southsidechristian.org/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151223&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default [2017-12-21]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (ParentsWeb ~ Login) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicpkmdmdfhpcmpmaobelkpebppfpoib [2015-12-23]
CHR Extension: (Reminders From God) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgmamgjgimmdcfmgegpeejbjhbegfjh [2015-12-23]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-04]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-22]
CHR Extension: (Polar Theme) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjfjidphipkgeggbbjlpcopinfofnnb [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Safe Browsing) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoabicoimpcomnmnjpahiadjpinkklh [2017-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-12]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-12]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (University of South Carolina New Tab) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijigldjdonmjahjiflbnknidcpfgejij [2016-04-23]
CHR Extension: (Baseball) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\njneehkdlobpllhkldmhhephffnniaec [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-18]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Teoma) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ckadhkfhcieallpikidnjojofenjpfni [2016-12-13]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Puppy Theme) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icaafalololmfkeakfpnihbhlglclllk [2015-12-28]
CHR Extension: (Tabby Cat) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mefhakmgclhhfbdadeojlkbllmecialg [2017-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\System Profile [2016-03-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Auth Service; C:\Program Files\CE\authServer.exe [4353944 2017-11-09] ()
S4 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S4 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7503768 2017-11-09] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5254040 2017-10-10] (CovenantEyes)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S2 LanmanServer; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 LanmanServer; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc.)
S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (Intel Security, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [118048 2017-06-22] (Wondershare)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208176 2015-10-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7551240 2015-09-22] (Broadcom Corporation)
R1 cewd64f; C:\WINDOWS\system32\Drivers\cewd64f.sys [44584 2017-10-10] () [File not signed]
R1 cewd64r; C:\WINDOWS\system32\Drivers\cewd64r.sys [55336 2017-10-10] () [File not signed]
R2 cewfp; C:\WINDOWS\system32\Drivers\cewfp64.sys [56360 2017-10-10] (CovenantEyes)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_b4551921048bc87c\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-09-25] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 MFE_RR; \??\C:\Users\Holder\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-21 15:49 - 2017-12-21 15:51 - 000026379 _____ C:\Users\Holder\Desktop\FRST.txt
2017-12-21 15:49 - 2017-12-21 15:49 - 000000000 ____D C:\FRST
2017-12-21 15:49 - 2017-12-21 15:46 - 002392064 _____ (Farbar) C:\Users\Holder\Desktop\FRST64.exe
2017-12-21 08:54 - 2017-12-21 13:59 - 000000802 _____ C:\Users\Holder\Desktop\Windows 10 Update Assistant.lnk
2017-12-20 23:22 - 2017-12-20 23:22 - 000000000 ____D C:\Users\Holder\AppData\Roaming\TotalAV
2017-12-20 23:10 - 2017-12-20 23:10 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-20 23:07 - 2017-12-20 23:07 - 000001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-12-20 23:07 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-20 23:07 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-20 23:07 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-20 22:56 - 2017-12-20 22:56 - 000000000 ____D C:\Quarantine
2017-12-20 22:56 - 2017-12-20 22:56 - 000000000 ____D C:\Program Files (x86)\stinger
2017-12-20 21:24 - 2017-12-20 22:50 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-16 14:11 - 2017-12-16 14:11 - 000000000 ____D C:\Users\Holder\AppData\Local\NetworkTiles
2017-12-15 16:45 - 2017-12-15 16:45 - 001101796 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-15_164532.mbf
2017-12-15 16:44 - 2017-12-15 16:44 - 000010798 _____ C:\Users\Holder\Documents\12-15-17.xlsx
2017-12-15 12:05 - 2017-12-15 12:05 - 001099930 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-15_120527.mbf
2017-12-14 09:34 - 2017-12-14 09:34 - 001121182 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-14_093448.mbf
2017-12-14 08:57 - 2017-12-14 09:22 - 000000000 ____D C:\ESD
2017-12-14 08:55 - 2017-12-14 08:55 - 018617536 _____ (Microsoft Corporation) C:\Users\Holder\Downloads\MediaCreationTool.exe
2017-12-14 08:55 - 2017-12-14 08:55 - 000000000 ___HD C:\$Windows.~WS
2017-12-12 09:03 - 2017-12-15 16:41 - 000010798 _____ C:\Users\Holder\Documents\December Reimbursement.xlsx
2017-12-08 07:11 - 2017-12-15 11:50 - 000000036 _____ C:\WINDOWS\progress.ini
2017-12-08 06:41 - 2017-12-21 14:00 - 000000000 ____D C:\Windows10Upgrade
2017-12-08 06:41 - 2017-12-21 13:59 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-12-08 06:41 - 2017-12-15 12:40 - 000000000 ___HD C:\$GetCurrent
2017-12-08 06:12 - 2017-12-08 06:12 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-12-04 19:16 - 2017-10-10 10:15 - 000055336 _____ C:\WINDOWS\system32\Drivers\cewd64r.sys
2017-12-04 19:16 - 2017-10-10 10:15 - 000044584 _____ C:\WINDOWS\system32\Drivers\cewd64f.sys
2017-12-04 19:09 - 2017-12-15 11:48 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-12-04 19:08 - 2017-12-21 12:31 - 000020656 _____ C:\WINDOWS\SysWOW64\CovenantEyesProxyOff.ini
2017-12-04 19:08 - 2017-12-21 12:31 - 000020656 _____ C:\WINDOWS\system32\CovenantEyesProxyOff.ini
2017-12-04 19:08 - 2017-12-04 19:15 - 000000000 ____D C:\ProgramData\CovenantEyes
2017-12-04 19:08 - 2017-12-04 19:09 - 000000000 ____D C:\Program Files\CE
2017-12-04 19:08 - 2017-12-04 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
2017-12-04 19:08 - 2017-10-10 10:15 - 000056360 _____ (CovenantEyes) C:\WINDOWS\system32\Drivers\cewfp64.sys
2017-12-04 19:07 - 2017-12-04 19:07 - 002584952 _____ (Flexera Software LLC) C:\Users\Holder\Downloads\CovenantEyesWindows.exe
2017-12-04 19:07 - 2017-12-04 19:07 - 000000000 ____D C:\Users\Holder\AppData\Local\Downloaded Installations
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-11-27 16:55 - 2017-11-27 16:55 - 000000000 ____D C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-27 16:54 - 2017-12-14 12:20 - 000000000 ___RD C:\Users\Holder\iCloudDrive
2017-11-27 14:19 - 2017-11-27 16:54 - 000000000 ____D C:\Users\Holder\AppData\Local\1C08C44E-3C40-4897-A3EF-4457172A79F5.aplzod
2017-11-27 14:18 - 2017-11-27 14:38 - 000000000 ____D C:\Users\Holder\Documents\Outlook Files
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-21 15:44 - 2016-09-22 04:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-21 15:15 - 2017-09-29 10:18 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-21 15:10 - 2016-09-22 08:09 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-21 12:37 - 2015-12-23 13:44 - 003034938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-21 12:33 - 2017-02-10 08:05 - 000000000 ____D C:\Users\Holder\AppData\Local\CrashDumps
2017-12-21 12:31 - 2016-09-22 04:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-21 12:30 - 2016-07-16 01:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-21 09:04 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-20 23:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-20 23:02 - 2016-03-04 16:19 - 000000000 ____D C:\Users\Holder\AppData\Local\ElevatedDiagnostics
2017-12-20 22:56 - 2015-12-23 14:04 - 000000000 ____D C:\Program Files\McAfee
2017-12-20 22:35 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-20 22:15 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\registration
2017-12-20 16:53 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-20 16:53 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-20 16:01 - 2017-11-18 09:38 - 000000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHolder.job
2017-12-19 11:26 - 2017-11-18 09:38 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHolder
2017-12-19 03:27 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 03:25 - 2015-12-24 12:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-18 13:18 - 2017-01-28 21:59 - 005754880 _____ C:\Users\Holder\Documents\My Money.mny
2017-12-16 14:50 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-15 12:40 - 2016-09-22 04:33 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-12-15 12:40 - 2016-09-22 04:33 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-12-15 11:48 - 2015-12-26 16:56 - 000027382 _____ C:\Users\Holder\AppData\Roaming\wklnhst.dat
2017-12-14 12:16 - 2016-09-22 04:13 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-13 00:58 - 2017-04-19 20:18 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 00:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-13 00:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 22:09 - 2015-12-23 15:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 22:07 - 2017-10-10 19:27 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 22:07 - 2015-12-23 15:53 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-11 21:21 - 2015-12-23 13:52 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-11 21:21 - 2015-12-23 13:52 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-08 06:12 - 2017-09-28 16:10 - 000000000 ____D C:\Program Files\rempl
2017-12-06 07:34 - 2017-07-25 06:37 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2145206162-2560255737-4192909596-1001
2017-12-06 07:34 - 2015-12-23 13:51 - 000002377 _____ C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-06 07:34 - 2015-09-19 04:18 - 000000000 ___RD C:\Users\Holder\OneDrive
2017-12-04 19:18 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-04 19:09 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-12-04 19:09 - 2015-12-23 16:13 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-04 19:08 - 2016-03-17 18:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-01 20:06 - 2016-07-16 06:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 20:06 - 2016-07-16 06:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-27 16:54 - 2016-09-22 04:17 - 000000000 ____D C:\Users\Holder
2017-11-27 16:54 - 2016-05-26 05:32 - 000000000 ____D C:\Users\Holder\AppData\Local\Apple Inc
2017-11-21 08:35 - 2015-12-23 15:54 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-12-26 16:56 - 2017-12-15 11:48 - 000027382 _____ () C:\Users\Holder\AppData\Roaming\wklnhst.dat
Some files in TEMP:
====================
2017-09-17 20:56 - 2017-09-17 20:58 - 050761472 _____ (Wondershare ) C:\Users\Holder\AppData\Local\Temp\drfone-for-android_full1464.exe
2017-11-18 09:34 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Holder\AppData\Local\Temp\TAInstaller.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\cewd64f.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\cewd64r.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
LastRegBack: 2017-12-18 08:40
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Holder (21-12-2017 15:51:32)
Running from C:\Users\Holder\Desktop
Windows 10 Home Version 1607 14393.1480 (X64) (2016-09-22 09:36:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2145206162-2560255737-4192909596-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2145206162-2560255737-4192909596-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2145206162-2560255737-4192909596-503 - Limited - Disabled)
Guest (S-1-5-21-2145206162-2560255737-4192909596-501 - Limited - Disabled)
Holder (S-1-5-21-2145206162-2560255737-4192909596-1001 - Administrator - Enabled) => C:\Users\Holder
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avery Teoma Search App (HKLM-x32\...\{4156522D-5447-006A-76A7-A758B70C2D01}) (Version: 12.45.1.1317 - APN, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 7.2.48 - Covenant Eyes, Inc.)
dr.fone toolkit for Android (Version 8.3.3) (HKLM-x32\...\{7B08A1E1-3644-4237-B39D-762B5F5564D0}_is1) (Version: 8.3.3.64 - Wondershare Technology Co.,Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Digital Image Standard 2006 (HKLM-x32\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2006 (HKLM-x32\...\{06040048-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Money 2006 (HKLM-x32\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Streets & Trips 2006 (HKLM-x32\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Pirate101 (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Unity Web Player (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22314 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 6.1.1.35) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.1.1.35 - Wondershare Software Co.,Ltd.)
Works Upgrade (HKLM-x32\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {033CD73B-5F44-4FE4-AE01-8CB7968BFE95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {07229B17-E28F-448A-B13A-37DBD3948C2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {078D65A4-D52C-4166-BCFA-1031E9B0F2E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {07EB0F88-2B90-4870-8F0C-D83240E13D90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0817042E-E554-4422-9B5C-F46873946F78} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {18BC7B8B-FE82-4615-9288-552675BFF49C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {202D930D-678B-4A60-87D4-1D1263F3188D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {21B0624C-2359-4441-94E8-730D3889F97E} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {29DD3E8D-79FD-43D4-8B5C-10CF536C92A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {376351F4-6BF6-4464-9AE6-A18C92501047} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {40F76E0E-0AA5-4B51-BDB1-08E1699CF249} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-30] (McAfee, Inc.)
Task: {46548D48-E520-4878-A261-AD92406BD864} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {46D1208C-2E22-42B9-9149-13089BF1630D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {472DAE2C-9D73-4402-B9FE-2B74160A4E87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {508B9CB0-AD20-4BEC-B328-E0051D61BF88} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {5E9A7925-E1BA-4809-9A92-8A711F07FC61} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-12-12] (Microsoft Corporation)
Task: {5F4D7C71-E2D3-4419-81EF-A601CD0CFC68} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {624EA3B3-56C2-45FA-ABF9-625D7CE19C47} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {693D95C7-C01D-4FF5-815E-FC39D8DEBB24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38L1T15T => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {7096106E-6CE5-4060-8ACE-615717D69B3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {7A8966A9-326F-4178-8D77-41E0E2263633} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {8015F67A-CC79-47E2-AEFD-BC453AFE0CBE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {8B34CA1B-3F98-49C4-8DC6-1EF66C1C9C58} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
Task: {9F8C925C-7B35-4FC7-AC2E-153A62AFF20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {A11BF47B-8C10-4A73-B7B0-58C6AFCF9AB7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Holder\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {A798AEE8-3B6B-4387-9827-97E3150A014C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {B4886C6D-39F0-4C72-8A13-69474E587838} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {B7DD6DEB-EE2F-48AC-88CA-9234D92999AD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {CA3AB5C5-1BB9-46FC-B659-3B7273681760} - System32\Tasks\HPCeeScheduleForHolder => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {D2662DBA-2365-49C3-AAED-88834380FE7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {D5337FFD-582B-49B8-A801-1E8D69FF72AB} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E5D44E82-3DE2-4E2F-9797-7AB78AFA5E73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {F8B773D0-16DE-4F1C-9A8C-F920A6D592A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {F8F7FF64-91D0-45C4-B392-E75A45ED64A5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHolder.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
ShortcutWithArgument: C:\Users\Holder\Desktop\Michele - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Holder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Holder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Brock - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 12:21 - 2017-06-21 02:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-12-04 19:08 - 2017-11-09 14:32 - 007503768 _____ () C:\Program Files\CE\CovenantEyesCommService.exe
2017-12-04 19:08 - 2017-11-09 14:31 - 004353944 _____ () C:\Program Files\CE\authServer.exe
2017-08-21 17:54 - 2017-12-19 03:23 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-22 08:02 - 2016-09-22 08:02 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 08:15 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 08:15 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 08:15 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 08:15 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-12 12:20 - 2017-06-21 01:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-12 12:20 - 2017-06-21 01:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-12 12:20 - 2017-06-21 01:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-12 21:22 - 2017-12-12 21:22 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\sharepoint.com -> hxxps://sabrenationorg-files.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-12-23 16:13 - 2015-12-23 16:11 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Control Panel\Desktop\\Wallpaper -> c:\users\holder\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{28e3994e-bb8a-426b-980b-dccb1fb03f7e}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Auth Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: CovenantEyesCommService => 2
MSCONFIG\Services: CovenantEyesProxy => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPTouchpointAnalyticsService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WsDrvInst => 2
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Covenant Eyes"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET)"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3114DDB9-6EAE-4CB5-9879-9A3C5C2CC367}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{00782AD3-A26F-41DA-A9FD-5756C5F1C57C}] => (Allow) LPort=5357
FirewallRules: [{45111E41-E5FD-481C-AB82-BCAEDA537DFC}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{86CA65D9-2C9A-40AC-A6F0-09FB3AA4C93E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8EC74BC-F457-44F9-B6D4-F7951E75F54F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{661BF544-E5DB-48BB-8175-87279CED0E9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3BC726F-DD66-4A37-AADB-0E70C41C94D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D54F8CA6-6629-4936-91D6-BAE9456DB32E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{210DF67F-B90D-4164-8800-50A40A3CCEAD}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
FirewallRules: [{6923B82B-1745-418E-B139-4C68D6CE3DFA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2D1D6A64-C5FB-4D55-B5A5-6E081B286602}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8C1E2932-EBB7-46D7-82B1-FC4E53919E98}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0AD250E0-E221-4283-B0D9-0DD0BF14DFF1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FC195117-2974-4D81-919F-83E4ED892F74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8BCFD599-9189-4AA9-9E81-2F0E248BED1C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{226F3695-1380-4BAA-A610-D52165CAA709}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{DF32C524-51C6-46B1-8F1E-E3FB6D7BD6E0}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{A97EB0CE-9AEF-4E27-955E-E7ECC646C7B6}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{70804B4E-77CD-434A-B920-F089F244A5F9}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{28A6355C-2C49-4D8D-A6AD-68A54CC5CB90}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{55C53FA7-9206-498F-9509-DF0B5A9FB37D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
15-12-2017 11:28:49 Windows Update
19-12-2017 08:46:08 Windows Update
20-12-2017 16:06:29 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/21/2017 12:36:53 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.
Error: (12/21/2017 12:36:53 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Error: (12/21/2017 12:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1918
Faulting application start time: 0x01d37a81cbd2ebc5
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 2354fdd0-6bbf-43bf-be51-b762756760f8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2017 12:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0xcd8
Faulting application start time: 0x01d37a81cbd2ec90
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 24d41da0-37fd-47e6-8956-078e7169d918
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2017 12:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x218
Faulting application start time: 0x01d37a81cbd2ebdc
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 5691696d-9caa-4e88-9741-24c79233ad18
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2017 12:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x404
Faulting application start time: 0x01d37a81cbd2ebd1
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: d1b4bc25-c26b-47e4-adf7-651f8f44e680
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2017 07:53:53 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.
Error: (12/21/2017 07:53:53 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Error: (12/21/2017 07:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1754
Faulting application start time: 0x01d37a5a3d946486
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 5d10dbc2-85cc-47b1-b8c7-9f69e9fc29ce
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2017 07:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x174c
Faulting application start time: 0x01d37a5a3d946494
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 6031947a-fd35-4bcd-a9c1-0305dca202dc
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (12/21/2017 03:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
The system cannot find the file specified.
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
The system cannot find the file specified.
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
Error: (12/21/2017 03:32:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
The system cannot find the file specified.
Error: (12/21/2017 03:32:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
Error: (12/21/2017 03:32:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
The system cannot find the file specified.
Error: (12/21/2017 03:32:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
CodeIntegrity:
===================================
Date: 2017-12-04 19:09:19.921
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-12-04 19:09:19.920
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-12-04 19:09:19.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-12-04 19:09:19.880
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-12-04 19:09:16.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-12-04 19:09:16.676
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-09-21 20:38:28.736
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-09-21 20:38:28.733
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-03 16:25:07.995
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-03 16:25:07.993
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 15%
Total physical RAM: 12226.09 MB
Available physical RAM: 10318.73 MB
Total Virtual: 14082.09 MB
Available Virtual: 11991.37 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:910.68 GB) (Free:479.31 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.92 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C4E21D20)
Partition: GPT.
==================== End of Addition.txt ============================