Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected computer can't connect to internet


  • Please log in to reply

#1
micheleholder

micheleholder

    New Member

  • Member
  • Pip
  • 6 posts

I think I have a virus on my computer.  I have not been able to update windows 10 for a few weeks.  Just recently, I can't get on the internet or open my antivirus.  I've run malwarebytes and it quarantined a few things.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Holder (administrator) on HOME (21-12-2017 15:49:56)
Running from C:\Users\Holder\Desktop
Loaded Profiles: Holder (Available Profiles: Holder)
Platform: Windows 10 Home Version 1607 14393.1480 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\CE\authServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [13680024 2017-11-09] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [7214800 2017-12-20] (McAfee, Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-12-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{890536e6-8284-4159-a1f0-d33cf52f2873}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a39c8f15-2db8-410b-9822-af170b002b68}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\IEExtension.dll [2017-11-09] (Covenant Eyes)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x86\IEExtension.dll [2017-11-09] (Covenant Eyes)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\CE\extensions\firefox\[email protected]
FF Extension: (Covenant Eyes for Mozilla Firefox™) - C:\Program Files\CE\extensions\firefox\[email protected] [2017-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\CE\extensions\firefox\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-07-12] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2145206162-2560255737-4192909596-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Holder\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.southsidechristian.org/
CHR StartupUrls: Default -> "hxxp://www.southsidechristian.org/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151223&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default [2017-12-21]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (ParentsWeb ~ Login) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicpkmdmdfhpcmpmaobelkpebppfpoib [2015-12-23]
CHR Extension: (Reminders From God) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgmamgjgimmdcfmgegpeejbjhbegfjh [2015-12-23]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-04]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-22]
CHR Extension: (Polar Theme) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjfjidphipkgeggbbjlpcopinfofnnb [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Safe Browsing) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoabicoimpcomnmnjpahiadjpinkklh [2017-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-12]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-12]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (University of South Carolina New Tab) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijigldjdonmjahjiflbnknidcpfgejij [2016-04-23]
CHR Extension: (Baseball) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\njneehkdlobpllhkldmhhephffnniaec [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-18]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Teoma) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ckadhkfhcieallpikidnjojofenjpfni [2016-12-13]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Puppy Theme) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icaafalololmfkeakfpnihbhlglclllk [2015-12-28]
CHR Extension: (Tabby Cat) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mefhakmgclhhfbdadeojlkbllmecialg [2017-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\System Profile [2016-03-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Auth Service; C:\Program Files\CE\authServer.exe [4353944 2017-11-09] ()
S4 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S4 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7503768 2017-11-09] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5254040 2017-10-10] (CovenantEyes)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S2 LanmanServer; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 LanmanServer; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc.)
S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (Intel Security, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [118048 2017-06-22] (Wondershare)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208176 2015-10-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7551240 2015-09-22] (Broadcom Corporation)
R1 cewd64f; C:\WINDOWS\system32\Drivers\cewd64f.sys [44584 2017-10-10] () [File not signed]
R1 cewd64r; C:\WINDOWS\system32\Drivers\cewd64r.sys [55336 2017-10-10] () [File not signed]
R2 cewfp; C:\WINDOWS\system32\Drivers\cewfp64.sys [56360 2017-10-10] (CovenantEyes)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_b4551921048bc87c\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-09-25] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 MFE_RR; \??\C:\Users\Holder\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-21 15:49 - 2017-12-21 15:51 - 000026379 _____ C:\Users\Holder\Desktop\FRST.txt
2017-12-21 15:49 - 2017-12-21 15:49 - 000000000 ____D C:\FRST
2017-12-21 15:49 - 2017-12-21 15:46 - 002392064 _____ (Farbar) C:\Users\Holder\Desktop\FRST64.exe
2017-12-21 08:54 - 2017-12-21 13:59 - 000000802 _____ C:\Users\Holder\Desktop\Windows 10 Update Assistant.lnk
2017-12-20 23:22 - 2017-12-20 23:22 - 000000000 ____D C:\Users\Holder\AppData\Roaming\TotalAV
2017-12-20 23:10 - 2017-12-20 23:10 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-20 23:07 - 2017-12-20 23:07 - 000001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-12-20 23:07 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-20 23:07 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-20 23:07 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-20 22:56 - 2017-12-20 22:56 - 000000000 ____D C:\Quarantine
2017-12-20 22:56 - 2017-12-20 22:56 - 000000000 ____D C:\Program Files (x86)\stinger
2017-12-20 21:24 - 2017-12-20 22:50 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-16 14:11 - 2017-12-16 14:11 - 000000000 ____D C:\Users\Holder\AppData\Local\NetworkTiles
2017-12-15 16:45 - 2017-12-15 16:45 - 001101796 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-15_164532.mbf
2017-12-15 16:44 - 2017-12-15 16:44 - 000010798 _____ C:\Users\Holder\Documents\12-15-17.xlsx
2017-12-15 12:05 - 2017-12-15 12:05 - 001099930 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-15_120527.mbf
2017-12-14 09:34 - 2017-12-14 09:34 - 001121182 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-14_093448.mbf
2017-12-14 08:57 - 2017-12-14 09:22 - 000000000 ____D C:\ESD
2017-12-14 08:55 - 2017-12-14 08:55 - 018617536 _____ (Microsoft Corporation) C:\Users\Holder\Downloads\MediaCreationTool.exe
2017-12-14 08:55 - 2017-12-14 08:55 - 000000000 ___HD C:\$Windows.~WS
2017-12-12 09:03 - 2017-12-15 16:41 - 000010798 _____ C:\Users\Holder\Documents\December Reimbursement.xlsx
2017-12-08 07:11 - 2017-12-15 11:50 - 000000036 _____ C:\WINDOWS\progress.ini
2017-12-08 06:41 - 2017-12-21 14:00 - 000000000 ____D C:\Windows10Upgrade
2017-12-08 06:41 - 2017-12-21 13:59 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-12-08 06:41 - 2017-12-15 12:40 - 000000000 ___HD C:\$GetCurrent
2017-12-08 06:12 - 2017-12-08 06:12 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-12-04 19:16 - 2017-10-10 10:15 - 000055336 _____ C:\WINDOWS\system32\Drivers\cewd64r.sys
2017-12-04 19:16 - 2017-10-10 10:15 - 000044584 _____ C:\WINDOWS\system32\Drivers\cewd64f.sys
2017-12-04 19:09 - 2017-12-15 11:48 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-12-04 19:08 - 2017-12-21 12:31 - 000020656 _____ C:\WINDOWS\SysWOW64\CovenantEyesProxyOff.ini
2017-12-04 19:08 - 2017-12-21 12:31 - 000020656 _____ C:\WINDOWS\system32\CovenantEyesProxyOff.ini
2017-12-04 19:08 - 2017-12-04 19:15 - 000000000 ____D C:\ProgramData\CovenantEyes
2017-12-04 19:08 - 2017-12-04 19:09 - 000000000 ____D C:\Program Files\CE
2017-12-04 19:08 - 2017-12-04 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
2017-12-04 19:08 - 2017-10-10 10:15 - 000056360 _____ (CovenantEyes) C:\WINDOWS\system32\Drivers\cewfp64.sys
2017-12-04 19:07 - 2017-12-04 19:07 - 002584952 _____ (Flexera Software LLC) C:\Users\Holder\Downloads\CovenantEyesWindows.exe
2017-12-04 19:07 - 2017-12-04 19:07 - 000000000 ____D C:\Users\Holder\AppData\Local\Downloaded Installations
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-11-27 16:55 - 2017-11-27 16:55 - 000000000 ____D C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-27 16:54 - 2017-12-14 12:20 - 000000000 ___RD C:\Users\Holder\iCloudDrive
2017-11-27 14:19 - 2017-11-27 16:54 - 000000000 ____D C:\Users\Holder\AppData\Local\1C08C44E-3C40-4897-A3EF-4457172A79F5.aplzod
2017-11-27 14:18 - 2017-11-27 14:38 - 000000000 ____D C:\Users\Holder\Documents\Outlook Files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-21 15:44 - 2016-09-22 04:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-21 15:15 - 2017-09-29 10:18 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-21 15:10 - 2016-09-22 08:09 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-21 12:37 - 2015-12-23 13:44 - 003034938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-21 12:33 - 2017-02-10 08:05 - 000000000 ____D C:\Users\Holder\AppData\Local\CrashDumps
2017-12-21 12:31 - 2016-09-22 04:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-21 12:30 - 2016-07-16 01:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-21 09:04 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-20 23:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-20 23:02 - 2016-03-04 16:19 - 000000000 ____D C:\Users\Holder\AppData\Local\ElevatedDiagnostics
2017-12-20 22:56 - 2015-12-23 14:04 - 000000000 ____D C:\Program Files\McAfee
2017-12-20 22:35 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-20 22:15 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\registration
2017-12-20 16:53 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-20 16:53 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-20 16:01 - 2017-11-18 09:38 - 000000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHolder.job
2017-12-19 11:26 - 2017-11-18 09:38 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHolder
2017-12-19 03:27 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 03:25 - 2015-12-24 12:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-18 13:18 - 2017-01-28 21:59 - 005754880 _____ C:\Users\Holder\Documents\My Money.mny
2017-12-16 14:50 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-15 12:40 - 2016-09-22 04:33 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-12-15 12:40 - 2016-09-22 04:33 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-12-15 11:48 - 2015-12-26 16:56 - 000027382 _____ C:\Users\Holder\AppData\Roaming\wklnhst.dat
2017-12-14 12:16 - 2016-09-22 04:13 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-13 00:58 - 2017-04-19 20:18 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 00:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-13 00:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 22:09 - 2015-12-23 15:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 22:07 - 2017-10-10 19:27 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 22:07 - 2015-12-23 15:53 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-11 21:21 - 2015-12-23 13:52 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-11 21:21 - 2015-12-23 13:52 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-08 06:12 - 2017-09-28 16:10 - 000000000 ____D C:\Program Files\rempl
2017-12-06 07:34 - 2017-07-25 06:37 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2145206162-2560255737-4192909596-1001
2017-12-06 07:34 - 2015-12-23 13:51 - 000002377 _____ C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-06 07:34 - 2015-09-19 04:18 - 000000000 ___RD C:\Users\Holder\OneDrive
2017-12-04 19:18 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-04 19:09 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-12-04 19:09 - 2015-12-23 16:13 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-04 19:08 - 2016-03-17 18:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-01 20:06 - 2016-07-16 06:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 20:06 - 2016-07-16 06:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-27 16:54 - 2016-09-22 04:17 - 000000000 ____D C:\Users\Holder
2017-11-27 16:54 - 2016-05-26 05:32 - 000000000 ____D C:\Users\Holder\AppData\Local\Apple Inc
2017-11-21 08:35 - 2015-12-23 15:54 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2015-12-26 16:56 - 2017-12-15 11:48 - 000027382 _____ () C:\Users\Holder\AppData\Roaming\wklnhst.dat
 
Some files in TEMP:
====================
2017-09-17 20:56 - 2017-09-17 20:58 - 050761472 _____ (Wondershare                                                 ) C:\Users\Holder\AppData\Local\Temp\drfone-for-android_full1464.exe
2017-11-18 09:34 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Holder\AppData\Local\Temp\TAInstaller.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\cewd64f.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\cewd64r.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-12-18 08:40
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Holder (21-12-2017 15:51:32)
Running from C:\Users\Holder\Desktop
Windows 10 Home Version 1607 14393.1480 (X64) (2016-09-22 09:36:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2145206162-2560255737-4192909596-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2145206162-2560255737-4192909596-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2145206162-2560255737-4192909596-503 - Limited - Disabled)
Guest (S-1-5-21-2145206162-2560255737-4192909596-501 - Limited - Disabled)
Holder (S-1-5-21-2145206162-2560255737-4192909596-1001 - Administrator - Enabled) => C:\Users\Holder
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avery Teoma Search App (HKLM-x32\...\{4156522D-5447-006A-76A7-A758B70C2D01}) (Version: 12.45.1.1317 - APN, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 7.2.48 - Covenant Eyes, Inc.)
dr.fone toolkit for Android (Version 8.3.3) (HKLM-x32\...\{7B08A1E1-3644-4237-B39D-762B5F5564D0}_is1) (Version: 8.3.3.64 - Wondershare Technology Co.,Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Digital Image Standard 2006 (HKLM-x32\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2006 (HKLM-x32\...\{06040048-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Money 2006 (HKLM-x32\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Streets & Trips 2006 (HKLM-x32\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Pirate101 (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Unity Web Player (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22314 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 6.1.1.35) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.1.1.35 - Wondershare Software Co.,Ltd.)
Works Upgrade (HKLM-x32\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {033CD73B-5F44-4FE4-AE01-8CB7968BFE95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {07229B17-E28F-448A-B13A-37DBD3948C2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {078D65A4-D52C-4166-BCFA-1031E9B0F2E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {07EB0F88-2B90-4870-8F0C-D83240E13D90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0817042E-E554-4422-9B5C-F46873946F78} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {18BC7B8B-FE82-4615-9288-552675BFF49C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {202D930D-678B-4A60-87D4-1D1263F3188D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {21B0624C-2359-4441-94E8-730D3889F97E} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {29DD3E8D-79FD-43D4-8B5C-10CF536C92A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {376351F4-6BF6-4464-9AE6-A18C92501047} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {40F76E0E-0AA5-4B51-BDB1-08E1699CF249} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-30] (McAfee, Inc.)
Task: {46548D48-E520-4878-A261-AD92406BD864} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {46D1208C-2E22-42B9-9149-13089BF1630D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {472DAE2C-9D73-4402-B9FE-2B74160A4E87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {508B9CB0-AD20-4BEC-B328-E0051D61BF88} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {5E9A7925-E1BA-4809-9A92-8A711F07FC61} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-12-12] (Microsoft Corporation)
Task: {5F4D7C71-E2D3-4419-81EF-A601CD0CFC68} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {624EA3B3-56C2-45FA-ABF9-625D7CE19C47} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {693D95C7-C01D-4FF5-815E-FC39D8DEBB24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38L1T15T => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {7096106E-6CE5-4060-8ACE-615717D69B3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {7A8966A9-326F-4178-8D77-41E0E2263633} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {8015F67A-CC79-47E2-AEFD-BC453AFE0CBE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {8B34CA1B-3F98-49C4-8DC6-1EF66C1C9C58} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
Task: {9F8C925C-7B35-4FC7-AC2E-153A62AFF20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {A11BF47B-8C10-4A73-B7B0-58C6AFCF9AB7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Holder\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {A798AEE8-3B6B-4387-9827-97E3150A014C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {B4886C6D-39F0-4C72-8A13-69474E587838} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {B7DD6DEB-EE2F-48AC-88CA-9234D92999AD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {CA3AB5C5-1BB9-46FC-B659-3B7273681760} - System32\Tasks\HPCeeScheduleForHolder => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {D2662DBA-2365-49C3-AAED-88834380FE7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {D5337FFD-582B-49B8-A801-1E8D69FF72AB} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E5D44E82-3DE2-4E2F-9797-7AB78AFA5E73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {F8B773D0-16DE-4F1C-9A8C-F920A6D592A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {F8F7FF64-91D0-45C4-B392-E75A45ED64A5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHolder.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
ShortcutWithArgument: C:\Users\Holder\Desktop\Michele - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Holder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Holder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Brock - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 12:21 - 2017-06-21 02:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-12-04 19:08 - 2017-11-09 14:32 - 007503768 _____ () C:\Program Files\CE\CovenantEyesCommService.exe
2017-12-04 19:08 - 2017-11-09 14:31 - 004353944 _____ () C:\Program Files\CE\authServer.exe
2017-08-21 17:54 - 2017-12-19 03:23 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-22 08:02 - 2016-09-22 08:02 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 08:15 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 08:15 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 08:15 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 08:15 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-12 12:20 - 2017-06-21 01:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-12 12:20 - 2017-06-21 01:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-12 12:20 - 2017-06-21 01:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-12 21:22 - 2017-12-12 21:22 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\sharepoint.com -> hxxps://sabrenationorg-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-23 16:13 - 2015-12-23 16:11 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Control Panel\Desktop\\Wallpaper -> c:\users\holder\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{28e3994e-bb8a-426b-980b-dccb1fb03f7e}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Auth Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: CovenantEyesCommService => 2
MSCONFIG\Services: CovenantEyesProxy => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPTouchpointAnalyticsService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WsDrvInst => 2
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Covenant Eyes"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET)"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3114DDB9-6EAE-4CB5-9879-9A3C5C2CC367}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{00782AD3-A26F-41DA-A9FD-5756C5F1C57C}] => (Allow) LPort=5357
FirewallRules: [{45111E41-E5FD-481C-AB82-BCAEDA537DFC}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{86CA65D9-2C9A-40AC-A6F0-09FB3AA4C93E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8EC74BC-F457-44F9-B6D4-F7951E75F54F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{661BF544-E5DB-48BB-8175-87279CED0E9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3BC726F-DD66-4A37-AADB-0E70C41C94D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D54F8CA6-6629-4936-91D6-BAE9456DB32E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{210DF67F-B90D-4164-8800-50A40A3CCEAD}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
FirewallRules: [{6923B82B-1745-418E-B139-4C68D6CE3DFA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2D1D6A64-C5FB-4D55-B5A5-6E081B286602}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8C1E2932-EBB7-46D7-82B1-FC4E53919E98}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0AD250E0-E221-4283-B0D9-0DD0BF14DFF1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FC195117-2974-4D81-919F-83E4ED892F74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8BCFD599-9189-4AA9-9E81-2F0E248BED1C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{226F3695-1380-4BAA-A610-D52165CAA709}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{DF32C524-51C6-46B1-8F1E-E3FB6D7BD6E0}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{A97EB0CE-9AEF-4E27-955E-E7ECC646C7B6}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{70804B4E-77CD-434A-B920-F089F244A5F9}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{28A6355C-2C49-4D8D-A6AD-68A54CC5CB90}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{55C53FA7-9206-498F-9509-DF0B5A9FB37D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-12-2017 11:28:49 Windows Update
19-12-2017 08:46:08 Windows Update
20-12-2017 16:06:29 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/21/2017 12:36:53 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.
 
Error: (12/21/2017 12:36:53 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (12/21/2017 12:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1918
Faulting application start time: 0x01d37a81cbd2ebc5
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 2354fdd0-6bbf-43bf-be51-b762756760f8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/21/2017 12:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0xcd8
Faulting application start time: 0x01d37a81cbd2ec90
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 24d41da0-37fd-47e6-8956-078e7169d918
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/21/2017 12:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x218
Faulting application start time: 0x01d37a81cbd2ebdc
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 5691696d-9caa-4e88-9741-24c79233ad18
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/21/2017 12:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x404
Faulting application start time: 0x01d37a81cbd2ebd1
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: d1b4bc25-c26b-47e4-adf7-651f8f44e680
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/21/2017 07:53:53 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.
 
Error: (12/21/2017 07:53:53 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (12/21/2017 07:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1754
Faulting application start time: 0x01d37a5a3d946486
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 5d10dbc2-85cc-47b1-b8c7-9f69e9fc29ce
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/21/2017 07:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x174c
Faulting application start time: 0x01d37a5a3d946494
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 6031947a-fd35-4bcd-a9c1-0305dca202dc
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (12/21/2017 03:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
The system cannot find the file specified.
 
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
 
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
The system cannot find the file specified.
 
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
 
Error: (12/21/2017 03:34:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
 
Error: (12/21/2017 03:32:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
The system cannot find the file specified.
 
Error: (12/21/2017 03:32:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
 
Error: (12/21/2017 03:32:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
The system cannot find the file specified.
 
Error: (12/21/2017 03:32:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanWorkstation. This service might not be installed.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-04 19:09:19.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:16.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:16.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-21 20:38:28.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-21 20:38:28.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 16:25:07.995
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 16:25:07.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 15%
Total physical RAM: 12226.09 MB
Available physical RAM: 10318.73 MB
Total Virtual: 14082.09 MB
Available Virtual: 11991.37 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:910.68 GB) (Free:479.31 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.92 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C4E21D20)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 

 

 

 
 

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,
micheleholder

My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Can you post the Malwarebytes log,

open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.[/list]


  • 0

#3
micheleholder

micheleholder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/20/2017
Scan Time: 11:10 PM
Logfile: Scan log MBAM.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Holder
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381865
Time Elapsed: 23 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe, 2300, Delete-on-Reboot, [baac4b16a9f0f93d05e76399936f9d63]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\CKADHKFHCIEALLPIKIDNJOJOFENJPFNI, Quarantined, [2640ca97dabfb97d88a31cf8f31130d0], 
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, Quarantined, [b6b0124fb1e8ca6c5793c438986ac937], 
PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\CKADHKFHCIEALLPIKIDNJOJOFENJPFNI, Quarantined, [f670075a1a7f7abcd65520f431d39a66], 
PUP.Optional.APNToolBar.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\APNMCP, Quarantined, [baac4b16a9f0f93d05e76399936f9d63], 
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\SOFTWARE\AskPartnerNetwork, Quarantined, [5610c49de2b70a2c31b8b448917101ff], 
 
Registry Values: 3
PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ckadhkfhcieallpikidnjojofenjpfni|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\ckadhkfhcieallpikidnjojofenjpfni.crx, Quarantined, [2640ca97dabfb97d88a31cf8f31130d0]
PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ckadhkfhcieallpikidnjojofenjpfni|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\ckadhkfhcieallpikidnjojofenjpfni.crx, Quarantined, [f670075a1a7f7abcd65520f431d39a66]
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ApnTBMon, "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe", Quarantined, [0c5aa9b8f2a782b43faccb31877bc63a]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 36
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\AVR-TG, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\AVR-TG\Updater, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\AVR-TG\Updater\Config, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\AVR-TG\Updater\Response, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork, Delete-on-Reboot, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar, Delete-on-Reboot, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\appdata, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\appdata\Mozilla, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\appdata\Mozilla\Firefox, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\appdata\Mozilla\Firefox\Profiles, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar\Shared, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\ChromeUtils, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\Updater, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater, Delete-on-Reboot, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\AVR-TG, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
 
Files: 50
PUP.Optional.APNToolBar, C:\Users\Holder\Downloads\OffercastInstaller_AVR_U-0444-01-P_ (1).exe, Quarantined, [bfa750118316bf774c6c1026a65bd52b], 
PUP.Optional.APNToolBar, C:\Users\Holder\Downloads\OffercastInstaller_AVR_U-0444-01-P_ (2).exe, Quarantined, [89dd91d0bedbbe781f99a09651b0f30d], 
PUP.Optional.APNToolBar, C:\Users\Holder\Downloads\OffercastInstaller_AVR_U-0444-01-P_.exe, Quarantined, [e77f2f3238617abc1c9c270f5da437c9], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, Delete-on-Reboot, [0c5aa9b8f2a782b43faccb31877bc63a], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe, Delete-on-Reboot, [baac4b16a9f0f93d05e76399936f9d63], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\AVR-TG\Updater\Config\ConfigV1.33.11.0.8284-9.xml, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\AVR-TG\Updater\Response\ResponseV1.33.11.0.8284-236.xml, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\AVR-TG\Updater\Response\ResponseV1.33.11.0.8284-237.xml, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\ckadhkfhcieallpikidnjojofenjpfni.crx, Quarantined, [0561baa7c9d078be881febd56f9337c9], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_ckadhkfhcieallpikidnjojofenjpfni.json, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1031.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1033.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1034.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1036.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1040.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1041.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1043.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1045.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\1049.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\2070.mst, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\AskToolbarInstaller-12.45.1_AVR-TG.msi, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\[email protected], Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\ckadhkfhcieallpikidnjojofenjpfni.crx, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_ckadhkfhcieallpikidnjojofenjpfni.json, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\BrowserHost.dll, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\DeskBar.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\SO.dll, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\TopSitesRT.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\Updater\tbnhlpr.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVR-TG\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\AVR-TG\config.xml, Quarantined, [e086342d9bfead89b8f10ab69171f907], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Download adwCleaner to a flash drive and see if you can run it. In the mean time I'll review the log files from FRST64

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#5
micheleholder

micheleholder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I cant run the adwcleaner. Ive tried several times and I get this error. AdwCleaner has stopped working. A problem caused thby program to stop working correctly. Windows will close the program and notify you if a solution is available.
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Download the enclosed => file.Attached File  FIXLIST.txt   904bytes   167 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

*******************************************************************************************
Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.
  • 0

#7
micheleholder

micheleholder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Holder (22-12-2017 19:41:10) Run:1
Running from F:\
Loaded Profiles: Holder (Available Profiles: Holder)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
S2 LanmanServer; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 LanmanServer; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 MFE_RR; \??\C:\Users\Holder\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
2017-12-15 11:48 - 2015-12-26 16:56 - 000027382 _____ C:\Users\Holder\AppData\Roaming\wklnhst.dat
2017-11-18 09:34 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Holder\AppData\Local\Temp\TAInstaller.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\System\CurrentControlSet\Services\LanmanServer" => removed successfully
LanmanServer => service removed successfully
LanmanServer => service not found.
"HKLM\System\CurrentControlSet\Services\MFE_RR" => removed successfully
MFE_RR => service removed successfully
C:\Users\Holder\AppData\Roaming\wklnhst.dat => moved successfully
C:\Users\Holder\AppData\Local\Temp\TAInstaller.exe => moved successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 278637926 B
Java, Flash, Steam htmlcache => 2507 B
Windows/system/drivers => 146713332 B
Edge => 83563332 B
Chrome => 1787575163 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 761440 B
systemprofile32 => 128 B
LocalService => 126719 B
NetworkService => 513220 B
Holder => 758118319 B
 
RecycleBin => 2286559 B
EmptyTemp: => 2.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:43:35 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Holder (administrator) on HOME (22-12-2017 19:46:21)
Running from C:\Users\Holder\Desktop
Loaded Profiles: Holder (Available Profiles: Holder)
Platform: Windows 10 Home Version 1607 14393.1480 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\CE\authServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [13680024 2017-11-09] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [7214800 2017-12-20] (McAfee, Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-12-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{890536e6-8284-4159-a1f0-d33cf52f2873}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a39c8f15-2db8-410b-9822-af170b002b68}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\IEExtension.dll [2017-11-09] (Covenant Eyes)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x86\IEExtension.dll [2017-11-09] (Covenant Eyes)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\CE\extensions\firefox\[email protected]
FF Extension: (Covenant Eyes for Mozilla Firefox™) - C:\Program Files\CE\extensions\firefox\[email protected] [2017-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\CE\extensions\firefox\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-07-12] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2145206162-2560255737-4192909596-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Holder\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.southsidechristian.org/
CHR StartupUrls: Default -> "hxxp://www.southsidechristian.org/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151223&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default [2017-12-22]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (ParentsWeb ~ Login) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicpkmdmdfhpcmpmaobelkpebppfpoib [2015-12-23]
CHR Extension: (Reminders From God) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgmamgjgimmdcfmgegpeejbjhbegfjh [2015-12-23]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-04]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-22]
CHR Extension: (Polar Theme) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjfjidphipkgeggbbjlpcopinfofnnb [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Safe Browsing) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoabicoimpcomnmnjpahiadjpinkklh [2017-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-12-22]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-22]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (University of South Carolina New Tab) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijigldjdonmjahjiflbnknidcpfgejij [2016-04-23]
CHR Extension: (Baseball) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\njneehkdlobpllhkldmhhephffnniaec [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-22]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Teoma) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ckadhkfhcieallpikidnjojofenjpfni [2016-12-13]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Puppy Theme) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icaafalololmfkeakfpnihbhlglclllk [2015-12-28]
CHR Extension: (Tabby Cat) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mefhakmgclhhfbdadeojlkbllmecialg [2017-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Auth Service; C:\Program Files\CE\authServer.exe [4353944 2017-11-09] ()
S4 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S4 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7503768 2017-11-09] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5254040 2017-10-10] (CovenantEyes)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc.)
S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (Intel Security, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [118048 2017-06-22] (Wondershare)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208176 2015-10-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7551240 2015-09-22] (Broadcom Corporation)
R1 cewd64f; C:\WINDOWS\system32\Drivers\cewd64f.sys [44584 2017-10-10] () [File not signed]
R1 cewd64r; C:\WINDOWS\system32\Drivers\cewd64r.sys [55336 2017-10-10] () [File not signed]
R2 cewfp; C:\WINDOWS\system32\Drivers\cewfp64.sys [56360 2017-10-10] (CovenantEyes)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_b4551921048bc87c\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-09-25] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-22 13:56 - 2017-12-22 14:00 - 000000000 ____D C:\AdwCleaner
2017-12-22 13:55 - 2017-12-22 13:54 - 008198432 _____ (Malwarebytes) C:\Users\Holder\Desktop\adwcleaner_7.0.6.0.exe
2017-12-22 12:31 - 2017-12-22 12:31 - 000017548 _____ C:\Users\Holder\Desktop\Scan log MBAM.txt
2017-12-21 15:51 - 2017-12-22 19:33 - 000039974 _____ C:\Users\Holder\Desktop\Addition.txt
2017-12-21 15:49 - 2017-12-22 19:48 - 000025664 _____ C:\Users\Holder\Desktop\FRST.txt
2017-12-21 15:49 - 2017-12-22 19:46 - 000000000 ____D C:\FRST
2017-12-21 15:49 - 2017-12-21 15:46 - 002392064 _____ (Farbar) C:\Users\Holder\Desktop\FRST64.exe
2017-12-21 08:54 - 2017-12-21 13:59 - 000000802 _____ C:\Users\Holder\Desktop\Windows 10 Update Assistant.lnk
2017-12-20 23:22 - 2017-12-20 23:22 - 000000000 ____D C:\Users\Holder\AppData\Roaming\TotalAV
2017-12-20 23:10 - 2017-12-22 12:31 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-20 23:07 - 2017-12-20 23:07 - 000001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-12-20 23:07 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-20 23:07 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-20 23:07 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-20 22:56 - 2017-12-20 22:56 - 000000000 ____D C:\Quarantine
2017-12-20 22:56 - 2017-12-20 22:56 - 000000000 ____D C:\Program Files (x86)\stinger
2017-12-20 21:24 - 2017-12-20 22:50 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-16 14:11 - 2017-12-16 14:11 - 000000000 ____D C:\Users\Holder\AppData\Local\NetworkTiles
2017-12-15 16:45 - 2017-12-15 16:45 - 001101796 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-15_164532.mbf
2017-12-15 16:44 - 2017-12-15 16:44 - 000010798 _____ C:\Users\Holder\Documents\12-15-17.xlsx
2017-12-15 12:05 - 2017-12-15 12:05 - 001099930 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-15_120527.mbf
2017-12-14 09:34 - 2017-12-14 09:34 - 001121182 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-14_093448.mbf
2017-12-14 08:57 - 2017-12-14 09:22 - 000000000 ____D C:\ESD
2017-12-14 08:55 - 2017-12-14 08:55 - 018617536 _____ (Microsoft Corporation) C:\Users\Holder\Downloads\MediaCreationTool.exe
2017-12-14 08:55 - 2017-12-14 08:55 - 000000000 ___HD C:\$Windows.~WS
2017-12-12 09:03 - 2017-12-15 16:41 - 000010798 _____ C:\Users\Holder\Documents\December Reimbursement.xlsx
2017-12-08 07:11 - 2017-12-15 11:50 - 000000036 _____ C:\WINDOWS\progress.ini
2017-12-08 06:41 - 2017-12-21 14:00 - 000000000 ____D C:\Windows10Upgrade
2017-12-08 06:41 - 2017-12-21 13:59 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-12-08 06:41 - 2017-12-15 12:40 - 000000000 ___HD C:\$GetCurrent
2017-12-08 06:12 - 2017-12-08 06:12 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-12-04 19:16 - 2017-10-10 10:15 - 000055336 _____ C:\WINDOWS\system32\Drivers\cewd64r.sys
2017-12-04 19:16 - 2017-10-10 10:15 - 000044584 _____ C:\WINDOWS\system32\Drivers\cewd64f.sys
2017-12-04 19:09 - 2017-12-22 19:44 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-12-04 19:08 - 2017-12-22 19:44 - 000020656 _____ C:\WINDOWS\SysWOW64\CovenantEyesProxyOff.ini
2017-12-04 19:08 - 2017-12-22 19:44 - 000020656 _____ C:\WINDOWS\system32\CovenantEyesProxyOff.ini
2017-12-04 19:08 - 2017-12-04 19:15 - 000000000 ____D C:\ProgramData\CovenantEyes
2017-12-04 19:08 - 2017-12-04 19:09 - 000000000 ____D C:\Program Files\CE
2017-12-04 19:08 - 2017-12-04 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
2017-12-04 19:08 - 2017-10-10 10:15 - 000056360 _____ (CovenantEyes) C:\WINDOWS\system32\Drivers\cewfp64.sys
2017-12-04 19:07 - 2017-12-04 19:07 - 002584952 _____ (Flexera Software LLC) C:\Users\Holder\Downloads\CovenantEyesWindows.exe
2017-12-04 19:07 - 2017-12-04 19:07 - 000000000 ____D C:\Users\Holder\AppData\Local\Downloaded Installations
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-11-27 16:55 - 2017-11-27 16:55 - 000000000 ____D C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-27 16:54 - 2017-12-14 12:20 - 000000000 ___RD C:\Users\Holder\iCloudDrive
2017-11-27 14:19 - 2017-11-27 16:54 - 000000000 ____D C:\Users\Holder\AppData\Local\1C08C44E-3C40-4897-A3EF-4457172A79F5.aplzod
2017-11-27 14:18 - 2017-11-27 14:38 - 000000000 ____D C:\Users\Holder\Documents\Outlook Files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-22 19:46 - 2017-02-10 08:05 - 000000000 ____D C:\Users\Holder\AppData\Local\CrashDumps
2017-12-22 19:44 - 2016-09-22 04:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-22 19:44 - 2016-07-16 01:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-22 19:42 - 2016-07-12 07:48 - 000000000 ____D C:\Users\Holder\AppData\LocalLow\Temp
2017-12-22 19:41 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-12-22 19:41 - 2015-12-23 16:13 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-22 19:30 - 2016-09-22 04:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-22 16:32 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-21 21:28 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-21 15:15 - 2017-09-29 10:18 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-21 15:10 - 2016-09-22 08:09 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-21 12:37 - 2015-12-23 13:44 - 003034938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-21 09:04 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-20 23:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-20 23:02 - 2016-03-04 16:19 - 000000000 ____D C:\Users\Holder\AppData\Local\ElevatedDiagnostics
2017-12-20 22:56 - 2015-12-23 14:04 - 000000000 ____D C:\Program Files\McAfee
2017-12-20 22:15 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\registration
2017-12-20 16:53 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-20 16:01 - 2017-11-18 09:38 - 000000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHolder.job
2017-12-19 11:26 - 2017-11-18 09:38 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHolder
2017-12-19 03:27 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 03:25 - 2015-12-24 12:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-18 13:18 - 2017-01-28 21:59 - 005754880 _____ C:\Users\Holder\Documents\My Money.mny
2017-12-16 14:50 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-15 12:40 - 2016-09-22 04:33 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-12-15 12:40 - 2016-09-22 04:33 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-12-14 12:16 - 2016-09-22 04:13 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-13 00:58 - 2017-04-19 20:18 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 00:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-13 00:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 22:09 - 2015-12-23 15:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 22:07 - 2017-10-10 19:27 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 22:07 - 2015-12-23 15:53 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-11 21:21 - 2015-12-23 13:52 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-11 21:21 - 2015-12-23 13:52 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-08 06:12 - 2017-09-28 16:10 - 000000000 ____D C:\Program Files\rempl
2017-12-06 07:34 - 2017-07-25 06:37 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2145206162-2560255737-4192909596-1001
2017-12-06 07:34 - 2015-12-23 13:51 - 000002377 _____ C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-06 07:34 - 2015-09-19 04:18 - 000000000 ___RD C:\Users\Holder\OneDrive
2017-12-04 19:18 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-04 19:08 - 2016-03-17 18:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-01 20:06 - 2016-07-16 06:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 20:06 - 2016-07-16 06:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-27 16:54 - 2016-09-22 04:17 - 000000000 ____D C:\Users\Holder
2017-11-27 16:54 - 2016-05-26 05:32 - 000000000 ____D C:\Users\Holder\AppData\Local\Apple Inc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\cewd64f.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\cewd64r.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-12-18 08:40
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Holder (22-12-2017 19:49:19)
Running from C:\Users\Holder\Desktop
Windows 10 Home Version 1607 14393.1480 (X64) (2016-09-22 09:36:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2145206162-2560255737-4192909596-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2145206162-2560255737-4192909596-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2145206162-2560255737-4192909596-503 - Limited - Disabled)
Guest (S-1-5-21-2145206162-2560255737-4192909596-501 - Limited - Disabled)
Holder (S-1-5-21-2145206162-2560255737-4192909596-1001 - Administrator - Enabled) => C:\Users\Holder
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avery Teoma Search App (HKLM-x32\...\{4156522D-5447-006A-76A7-A758B70C2D01}) (Version: 12.45.1.1317 - APN, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 7.2.48 - Covenant Eyes, Inc.)
dr.fone toolkit for Android (Version 8.3.3) (HKLM-x32\...\{7B08A1E1-3644-4237-B39D-762B5F5564D0}_is1) (Version: 8.3.3.64 - Wondershare Technology Co.,Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Digital Image Standard 2006 (HKLM-x32\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2006 (HKLM-x32\...\{06040048-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Money 2006 (HKLM-x32\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Streets & Trips 2006 (HKLM-x32\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Pirate101 (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Unity Web Player (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22314 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 6.1.1.35) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.1.1.35 - Wondershare Software Co.,Ltd.)
Works Upgrade (HKLM-x32\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {033CD73B-5F44-4FE4-AE01-8CB7968BFE95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {07229B17-E28F-448A-B13A-37DBD3948C2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {078D65A4-D52C-4166-BCFA-1031E9B0F2E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {07EB0F88-2B90-4870-8F0C-D83240E13D90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0817042E-E554-4422-9B5C-F46873946F78} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {18BC7B8B-FE82-4615-9288-552675BFF49C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {202D930D-678B-4A60-87D4-1D1263F3188D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {21B0624C-2359-4441-94E8-730D3889F97E} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {29DD3E8D-79FD-43D4-8B5C-10CF536C92A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {376351F4-6BF6-4464-9AE6-A18C92501047} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {40F76E0E-0AA5-4B51-BDB1-08E1699CF249} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-30] (McAfee, Inc.)
Task: {46548D48-E520-4878-A261-AD92406BD864} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {46D1208C-2E22-42B9-9149-13089BF1630D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {472DAE2C-9D73-4402-B9FE-2B74160A4E87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {508B9CB0-AD20-4BEC-B328-E0051D61BF88} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {5E9A7925-E1BA-4809-9A92-8A711F07FC61} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-12-12] (Microsoft Corporation)
Task: {5F4D7C71-E2D3-4419-81EF-A601CD0CFC68} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {624EA3B3-56C2-45FA-ABF9-625D7CE19C47} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {693D95C7-C01D-4FF5-815E-FC39D8DEBB24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38L1T15T => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {7096106E-6CE5-4060-8ACE-615717D69B3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {7A8966A9-326F-4178-8D77-41E0E2263633} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {8015F67A-CC79-47E2-AEFD-BC453AFE0CBE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {8B34CA1B-3F98-49C4-8DC6-1EF66C1C9C58} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
Task: {9F8C925C-7B35-4FC7-AC2E-153A62AFF20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {A11BF47B-8C10-4A73-B7B0-58C6AFCF9AB7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Holder\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {A798AEE8-3B6B-4387-9827-97E3150A014C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {B4886C6D-39F0-4C72-8A13-69474E587838} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {B7DD6DEB-EE2F-48AC-88CA-9234D92999AD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {CA3AB5C5-1BB9-46FC-B659-3B7273681760} - System32\Tasks\HPCeeScheduleForHolder => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {D2662DBA-2365-49C3-AAED-88834380FE7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {D5337FFD-582B-49B8-A801-1E8D69FF72AB} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E5D44E82-3DE2-4E2F-9797-7AB78AFA5E73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {F8B773D0-16DE-4F1C-9A8C-F920A6D592A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {F8F7FF64-91D0-45C4-B392-E75A45ED64A5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHolder.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
ShortcutWithArgument: C:\Users\Holder\Desktop\Michele - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Holder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Holder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Brock - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 12:21 - 2017-06-21 02:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-12-04 19:08 - 2017-11-09 14:32 - 007503768 _____ () C:\Program Files\CE\CovenantEyesCommService.exe
2017-12-04 19:08 - 2017-11-09 14:31 - 004353944 _____ () C:\Program Files\CE\authServer.exe
2017-08-21 17:54 - 2017-12-19 03:23 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-22 08:02 - 2016-09-22 08:02 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 08:15 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 08:15 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 08:15 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 08:15 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-12 12:20 - 2017-06-21 01:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-12 12:20 - 2017-06-21 01:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-12 12:20 - 2017-06-21 01:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-15 08:15 - 2017-03-04 01:04 - 000114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-07-09 07:01 - 2017-07-09 07:01 - 017818112 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm\Twitter.Windows.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\sharepoint.com -> hxxps://sabrenationorg-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-23 16:13 - 2017-12-22 19:41 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Control Panel\Desktop\\Wallpaper -> c:\users\holder\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{28e3994e-bb8a-426b-980b-dccb1fb03f7e}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Auth Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: CovenantEyesCommService => 2
MSCONFIG\Services: CovenantEyesProxy => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPTouchpointAnalyticsService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WsDrvInst => 2
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Covenant Eyes"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET)"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3114DDB9-6EAE-4CB5-9879-9A3C5C2CC367}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{00782AD3-A26F-41DA-A9FD-5756C5F1C57C}] => (Allow) LPort=5357
FirewallRules: [{45111E41-E5FD-481C-AB82-BCAEDA537DFC}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{86CA65D9-2C9A-40AC-A6F0-09FB3AA4C93E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8EC74BC-F457-44F9-B6D4-F7951E75F54F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{661BF544-E5DB-48BB-8175-87279CED0E9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3BC726F-DD66-4A37-AADB-0E70C41C94D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D54F8CA6-6629-4936-91D6-BAE9456DB32E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{210DF67F-B90D-4164-8800-50A40A3CCEAD}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
FirewallRules: [{6923B82B-1745-418E-B139-4C68D6CE3DFA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2D1D6A64-C5FB-4D55-B5A5-6E081B286602}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8C1E2932-EBB7-46D7-82B1-FC4E53919E98}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0AD250E0-E221-4283-B0D9-0DD0BF14DFF1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FC195117-2974-4D81-919F-83E4ED892F74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8BCFD599-9189-4AA9-9E81-2F0E248BED1C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{226F3695-1380-4BAA-A610-D52165CAA709}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{DF32C524-51C6-46B1-8F1E-E3FB6D7BD6E0}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{A97EB0CE-9AEF-4E27-955E-E7ECC646C7B6}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{70804B4E-77CD-434A-B920-F089F244A5F9}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{28A6355C-2C49-4D8D-A6AD-68A54CC5CB90}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{55C53FA7-9206-498F-9509-DF0B5A9FB37D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-12-2017 11:28:49 Windows Update
19-12-2017 08:46:08 Windows Update
20-12-2017 16:06:29 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2017 07:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1440
Faulting application start time: 0x01d37b876de2c1d2
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: f6b35393-689d-47e9-b960-73b8b97757e9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x94c
Faulting application start time: 0x01d37b876de2c1dd
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: ef242791-3b09-4b0a-8030-2a6011d65a0a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x49c
Faulting application start time: 0x01d37b876de2c210
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: f3d45d89-8b7b-4fb8-bbbb-d1204dd18106
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1418
Faulting application start time: 0x01d37b876de2c1fc
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 177fc443-c806-4691-9c57-724def4fe919
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:42:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1944
Faulting application start time: 0x01d37b86e17ac345
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 258204fd-8442-4d33-862c-d42a2c465670
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x15f8
Faulting application start time: 0x01d37b86e111e902
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: a61a5d4e-673f-4f83-8e8f-071571218a06
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:42:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1e28
Faulting application start time: 0x01d37b86dff0f99d
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 09653c59-84b0-43a2-aae6-cd2d6260ae4b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:42:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x19fc
Faulting application start time: 0x01d37b86dff10973
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: b0bad6b9-a853-48b7-bf52-45c0affeec72
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:42:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1b50
Faulting application start time: 0x01d37b86dff11259
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: 6faa85ce-da77-4792-b7a5-984098b3a2a8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/22/2017 07:42:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x15e0
Faulting application start time: 0x01d37b86dff0fa0f
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: addd138b-9b90-4690-8f00-2c3f27f09ccd
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (12/22/2017 07:47:03 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanServer. This service might not be installed.
 
Error: (12/22/2017 07:47:03 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanServer. This service might not be installed.
 
Error: (12/22/2017 07:47:03 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Computer Browser service depends on the following service: LanmanServer. This service might not be installed.
 
Error: (12/22/2017 07:46:14 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (12/22/2017 07:46:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/22/2017 07:46:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
 
Error: (12/22/2017 07:46:14 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (12/22/2017 07:46:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/22/2017 07:46:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
 
Error: (12/22/2017 07:46:13 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}
 
 
CodeIntegrity:
===================================
  Date: 2017-12-04 19:09:19.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:16.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:16.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-21 20:38:28.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-21 20:38:28.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 16:25:07.995
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 16:25:07.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 15%
Total physical RAM: 12226.09 MB
Available physical RAM: 10270.19 MB
Total Virtual: 14082.09 MB
Available Virtual: 12059.67 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:910.68 GB) (Free:488.77 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.92 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:58.43 GB) (Free:57.38 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C4E21D20)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 58.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

See if adwCleaner runs in safemode

How to boot to safemode
https://www.digitalc...mode-windows-10

Also try safemode with networking to see if the computer can connect ti the internet in that mode.

Thanks
Joe
  • 0

#9
micheleholder

micheleholder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
No. I cant get on the internet in safe mode with networking. When I open the adwcleaner and scan, it starts. Get to heuristic and closes.
  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Download the enclosed => file.Attached File  FIXLIST.txt   282bytes   137 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

*******************************************************************************************
Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.


Next

Paste the following into the Command Prompt window, exactly as shown, including double quotes:

cmd /c "ipconfig /all > postme.txt & ping yahoo.com >> postme.txt & reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | find /i "proxy" >> postme.txt & notepad postme.txt & del postme.txt"

and press ENTER.

A file will open in Notepad. Please copy and paste the contents here. Close the Notepad window and the file will be deleted and the Command Prompt window will also close. Post results in a reply here.
  • 0

#11
micheleholder

micheleholder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Holder (23-12-2017 12:45:33) Run:2
Running from F:\virus
Loaded Profiles: Holder (Available Profiles: Holder)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
 
 
CloseProcesses:
CreateRestorePoint:
C:\WINDOWS\system32\drivers\cewd64f.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\cewd64r.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
Emptytemp:
*****************
 
Processes closed successfully.
Error: Restore point can only be created in normal mode.
"C:\WINDOWS\system32\drivers\cewd64f.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION" => not found.
"C:\WINDOWS\system32\drivers\cewd64r.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7958280 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 183060 B
Edge => 0 B
Chrome => 5920831 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 6792 B
Holder => 26470083 B
 
RecycleBin => 0 B
EmptyTemp: => 38.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:45:50 ====
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Holder (administrator) on HOME (23-12-2017 12:48:24)
Running from F:\virus
Loaded Profiles: Holder (Available Profiles: Holder)
Platform: Windows 10 Home Version 1607 14393.1480 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\CE\authServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [13680024 2017-11-09] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [7214800 2017-12-20] (McAfee, Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-12-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{890536e6-8284-4159-a1f0-d33cf52f2873}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a39c8f15-2db8-410b-9822-af170b002b68}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\IEExtension.dll [2017-11-09] (Covenant Eyes)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x86\IEExtension.dll [2017-11-09] (Covenant Eyes)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\CE\extensions\firefox\[email protected]
FF Extension: (Covenant Eyes for Mozilla Firefox™) - C:\Program Files\CE\extensions\firefox\[email protected] [2017-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\CE\extensions\firefox\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-07-12] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2145206162-2560255737-4192909596-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Holder\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.southsidechristian.org/
CHR StartupUrls: Default -> "hxxp://www.southsidechristian.org/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151223&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default [2017-12-23]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (ParentsWeb ~ Login) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicpkmdmdfhpcmpmaobelkpebppfpoib [2015-12-23]
CHR Extension: (Reminders From God) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgmamgjgimmdcfmgegpeejbjhbegfjh [2015-12-23]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-04]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-22]
CHR Extension: (Polar Theme) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjfjidphipkgeggbbjlpcopinfofnnb [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Safe Browsing) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoabicoimpcomnmnjpahiadjpinkklh [2017-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-12-22]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-22]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (University of South Carolina New Tab) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijigldjdonmjahjiflbnknidcpfgejij [2016-04-23]
CHR Extension: (Baseball) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\njneehkdlobpllhkldmhhephffnniaec [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-22]
CHR Extension: (Slides) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Teoma) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ckadhkfhcieallpikidnjojofenjpfni [2016-12-13]
CHR Extension: (Google Search) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Sheets) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Puppy Theme) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icaafalololmfkeakfpnihbhlglclllk [2015-12-28]
CHR Extension: (Tabby Cat) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mefhakmgclhhfbdadeojlkbllmecialg [2017-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Holder\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Holder\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Auth Service; C:\Program Files\CE\authServer.exe [4353944 2017-11-09] ()
S4 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S4 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7503768 2017-11-09] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5254040 2017-10-10] (CovenantEyes)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc.)
S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (Intel Security, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [118048 2017-06-22] (Wondershare)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208176 2015-10-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7551240 2015-09-22] (Broadcom Corporation)
R1 cewd64f; C:\WINDOWS\system32\Drivers\cewd64f.sys [44584 2017-10-10] () [File not signed]
R1 cewd64r; C:\WINDOWS\system32\Drivers\cewd64r.sys [55336 2017-10-10] () [File not signed]
R2 cewfp; C:\WINDOWS\system32\Drivers\cewfp64.sys [56360 2017-10-10] (CovenantEyes)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.)
S3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.)
S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
S3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_b4551921048bc87c\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-09-25] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-23 08:26 - 2017-12-23 08:26 - 001140890 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-23_082627.mbf
2017-12-23 07:58 - 2017-12-23 07:58 - 000000000 ____D C:\WINDOWS\pss
2017-12-22 19:53 - 2017-12-22 19:53 - 000037328 _____ C:\Users\Holder\Desktop\FRST1.txt
2017-12-22 19:52 - 2017-12-22 19:52 - 000043847 _____ C:\Users\Holder\Desktop\Addition 1.txt
2017-12-22 13:56 - 2017-12-23 12:47 - 000000000 ____D C:\AdwCleaner
2017-12-22 13:55 - 2017-12-22 13:54 - 008198432 _____ (Malwarebytes) C:\Users\Holder\Desktop\adwcleaner_7.0.6.0.exe
2017-12-22 12:31 - 2017-12-22 12:31 - 000017548 _____ C:\Users\Holder\Desktop\Scan log MBAM.txt
2017-12-21 15:51 - 2017-12-22 19:50 - 000043847 _____ C:\Users\Holder\Desktop\Addition.txt
2017-12-21 15:49 - 2017-12-23 12:48 - 000000000 ____D C:\FRST
2017-12-21 15:49 - 2017-12-22 19:50 - 000037325 _____ C:\Users\Holder\Desktop\FRST.txt
2017-12-21 15:49 - 2017-12-21 15:46 - 002392064 _____ (Farbar) C:\Users\Holder\Desktop\FRST64.exe
2017-12-21 08:54 - 2017-12-23 07:58 - 000000802 _____ C:\Users\Holder\Desktop\Windows 10 Update Assistant.lnk
2017-12-20 23:22 - 2017-12-20 23:22 - 000000000 ____D C:\Users\Holder\AppData\Roaming\TotalAV
2017-12-20 23:10 - 2017-12-22 12:31 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-20 23:07 - 2017-12-20 23:07 - 000001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-12-20 23:07 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-20 23:07 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-20 23:07 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-20 22:56 - 2017-12-20 22:56 - 000000000 ____D C:\Quarantine
2017-12-20 22:56 - 2017-12-20 22:56 - 000000000 ____D C:\Program Files (x86)\stinger
2017-12-20 21:24 - 2017-12-23 12:46 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-16 14:11 - 2017-12-16 14:11 - 000000000 ____D C:\Users\Holder\AppData\Local\NetworkTiles
2017-12-15 16:45 - 2017-12-15 16:45 - 001101796 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-15_164532.mbf
2017-12-15 16:44 - 2017-12-15 16:44 - 000010798 _____ C:\Users\Holder\Documents\12-15-17.xlsx
2017-12-15 12:05 - 2017-12-15 12:05 - 001099930 ____R C:\Users\Holder\Documents\My Money Backup_2017-12-15_120527.mbf
2017-12-14 08:57 - 2017-12-14 09:22 - 000000000 ____D C:\ESD
2017-12-14 08:55 - 2017-12-14 08:55 - 018617536 _____ (Microsoft Corporation) C:\Users\Holder\Downloads\MediaCreationTool.exe
2017-12-14 08:55 - 2017-12-14 08:55 - 000000000 ___HD C:\$Windows.~WS
2017-12-12 09:03 - 2017-12-15 16:41 - 000010798 _____ C:\Users\Holder\Documents\December Reimbursement.xlsx
2017-12-08 07:11 - 2017-12-15 11:50 - 000000036 _____ C:\WINDOWS\progress.ini
2017-12-08 06:41 - 2017-12-23 07:58 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-12-08 06:41 - 2017-12-23 07:58 - 000000000 ____D C:\Windows10Upgrade
2017-12-08 06:41 - 2017-12-15 12:40 - 000000000 ___HD C:\$GetCurrent
2017-12-08 06:12 - 2017-12-08 06:12 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-12-04 19:16 - 2017-10-10 10:15 - 000055336 _____ C:\WINDOWS\system32\Drivers\cewd64r.sys
2017-12-04 19:16 - 2017-10-10 10:15 - 000044584 _____ C:\WINDOWS\system32\Drivers\cewd64f.sys
2017-12-04 19:09 - 2017-12-22 19:44 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-12-04 19:08 - 2017-12-23 12:46 - 000020656 _____ C:\WINDOWS\SysWOW64\CovenantEyesProxyOff.ini
2017-12-04 19:08 - 2017-12-23 12:46 - 000020656 _____ C:\WINDOWS\system32\CovenantEyesProxyOff.ini
2017-12-04 19:08 - 2017-12-04 19:15 - 000000000 ____D C:\ProgramData\CovenantEyes
2017-12-04 19:08 - 2017-12-04 19:09 - 000000000 ____D C:\Program Files\CE
2017-12-04 19:08 - 2017-12-04 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes
2017-12-04 19:08 - 2017-10-10 10:15 - 000056360 _____ (CovenantEyes) C:\WINDOWS\system32\Drivers\cewfp64.sys
2017-12-04 19:07 - 2017-12-04 19:07 - 002584952 _____ (Flexera Software LLC) C:\Users\Holder\Downloads\CovenantEyesWindows.exe
2017-12-04 19:07 - 2017-12-04 19:07 - 000000000 ____D C:\Users\Holder\AppData\Local\Downloaded Installations
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-11-27 16:55 - 2017-11-27 16:55 - 000000000 ____D C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-27 16:54 - 2017-12-14 12:20 - 000000000 ___RD C:\Users\Holder\iCloudDrive
2017-11-27 14:19 - 2017-11-27 16:54 - 000000000 ____D C:\Users\Holder\AppData\Local\1C08C44E-3C40-4897-A3EF-4457172A79F5.aplzod
2017-11-27 14:18 - 2017-11-27 14:38 - 000000000 ____D C:\Users\Holder\Documents\Outlook Files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-23 12:46 - 2016-07-16 01:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-23 12:41 - 2016-09-22 04:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-23 08:26 - 2017-01-28 21:59 - 005251072 _____ C:\Users\Holder\Documents\My Money.mny
2017-12-23 08:17 - 2015-12-26 13:26 - 000000000 ____D C:\Program Files (x86)\microsoft money 2006
2017-12-23 08:08 - 2016-09-22 04:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-23 08:01 - 2017-09-29 10:18 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-23 06:24 - 2016-09-22 08:09 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-22 21:55 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-22 21:54 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-22 19:51 - 2015-12-23 13:44 - 003052988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-22 19:46 - 2017-02-10 08:05 - 000000000 ____D C:\Users\Holder\AppData\Local\CrashDumps
2017-12-22 19:42 - 2016-07-12 07:48 - 000000000 ____D C:\Users\Holder\AppData\LocalLow\Temp
2017-12-22 19:41 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-12-22 19:41 - 2015-12-23 16:13 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-22 16:32 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-20 23:36 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-20 23:02 - 2016-03-04 16:19 - 000000000 ____D C:\Users\Holder\AppData\Local\ElevatedDiagnostics
2017-12-20 22:56 - 2015-12-23 14:04 - 000000000 ____D C:\Program Files\McAfee
2017-12-20 22:15 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\registration
2017-12-20 16:53 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-20 16:01 - 2017-11-18 09:38 - 000000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHolder.job
2017-12-19 11:26 - 2017-11-18 09:38 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHolder
2017-12-19 03:27 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 03:25 - 2015-12-24 12:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-16 14:50 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-15 12:40 - 2016-09-22 04:33 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-12-15 12:40 - 2016-09-22 04:33 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-12-14 12:16 - 2016-09-22 04:13 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-13 00:58 - 2017-04-19 20:18 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 00:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-13 00:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 22:09 - 2015-12-23 15:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 22:07 - 2017-10-10 19:27 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 22:07 - 2015-12-23 15:53 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-11 21:21 - 2015-12-23 13:52 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-11 21:21 - 2015-12-23 13:52 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-08 06:12 - 2017-09-28 16:10 - 000000000 ____D C:\Program Files\rempl
2017-12-06 07:34 - 2017-07-25 06:37 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2145206162-2560255737-4192909596-1001
2017-12-06 07:34 - 2015-12-23 13:51 - 000002377 _____ C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-06 07:34 - 2015-09-19 04:18 - 000000000 ___RD C:\Users\Holder\OneDrive
2017-12-04 19:18 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-04 19:08 - 2016-03-17 18:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-01 20:06 - 2016-07-16 06:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 20:06 - 2016-07-16 06:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-27 16:54 - 2016-09-22 04:17 - 000000000 ____D C:\Users\Holder
2017-11-27 16:54 - 2016-05-26 05:32 - 000000000 ____D C:\Users\Holder\AppData\Local\Apple Inc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\cewd64f.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\cewd64r.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
 
safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
 
LastRegBack: 2017-12-18 08:40
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Holder (23-12-2017 12:50:10)
Running from F:\virus
Windows 10 Home Version 1607 14393.1480 (X64) (2016-09-22 09:36:15)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2145206162-2560255737-4192909596-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2145206162-2560255737-4192909596-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2145206162-2560255737-4192909596-503 - Limited - Disabled)
Guest (S-1-5-21-2145206162-2560255737-4192909596-501 - Limited - Disabled)
Holder (S-1-5-21-2145206162-2560255737-4192909596-1001 - Administrator - Enabled) => C:\Users\Holder
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avery Teoma Search App (HKLM-x32\...\{4156522D-5447-006A-76A7-A758B70C2D01}) (Version: 12.45.1.1317 - APN, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 7.2.48 - Covenant Eyes, Inc.)
dr.fone toolkit for Android (Version 8.3.3) (HKLM-x32\...\{7B08A1E1-3644-4237-B39D-762B5F5564D0}_is1) (Version: 8.3.3.64 - Wondershare Technology Co.,Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Digital Image Standard 2006 (HKLM-x32\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2006 (HKLM-x32\...\{06040048-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Money 2006 (HKLM-x32\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Streets & Trips 2006 (HKLM-x32\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Pirate101 (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Unity Web Player (HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22314 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 6.1.1.35) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.1.1.35 - Wondershare Software Co.,Ltd.)
Works Upgrade (HKLM-x32\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {033CD73B-5F44-4FE4-AE01-8CB7968BFE95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {07229B17-E28F-448A-B13A-37DBD3948C2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {078D65A4-D52C-4166-BCFA-1031E9B0F2E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {07EB0F88-2B90-4870-8F0C-D83240E13D90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0817042E-E554-4422-9B5C-F46873946F78} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {18BC7B8B-FE82-4615-9288-552675BFF49C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {202D930D-678B-4A60-87D4-1D1263F3188D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {21B0624C-2359-4441-94E8-730D3889F97E} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {29DD3E8D-79FD-43D4-8B5C-10CF536C92A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {376351F4-6BF6-4464-9AE6-A18C92501047} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {40F76E0E-0AA5-4B51-BDB1-08E1699CF249} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-30] (McAfee, Inc.)
Task: {46548D48-E520-4878-A261-AD92406BD864} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {46D1208C-2E22-42B9-9149-13089BF1630D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {472DAE2C-9D73-4402-B9FE-2B74160A4E87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {508B9CB0-AD20-4BEC-B328-E0051D61BF88} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {5E9A7925-E1BA-4809-9A92-8A711F07FC61} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-12-12] (Microsoft Corporation)
Task: {5F4D7C71-E2D3-4419-81EF-A601CD0CFC68} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {624EA3B3-56C2-45FA-ABF9-625D7CE19C47} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {693D95C7-C01D-4FF5-815E-FC39D8DEBB24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38L1T15T => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {7096106E-6CE5-4060-8ACE-615717D69B3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {7A8966A9-326F-4178-8D77-41E0E2263633} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {8015F67A-CC79-47E2-AEFD-BC453AFE0CBE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {8B34CA1B-3F98-49C4-8DC6-1EF66C1C9C58} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
Task: {9F8C925C-7B35-4FC7-AC2E-153A62AFF20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {A11BF47B-8C10-4A73-B7B0-58C6AFCF9AB7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Holder\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {A798AEE8-3B6B-4387-9827-97E3150A014C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {B4886C6D-39F0-4C72-8A13-69474E587838} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {B7DD6DEB-EE2F-48AC-88CA-9234D92999AD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {CA3AB5C5-1BB9-46FC-B659-3B7273681760} - System32\Tasks\HPCeeScheduleForHolder => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {D2662DBA-2365-49C3-AAED-88834380FE7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {D5337FFD-582B-49B8-A801-1E8D69FF72AB} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E5D44E82-3DE2-4E2F-9797-7AB78AFA5E73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {F8B773D0-16DE-4F1C-9A8C-F920A6D592A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {F8F7FF64-91D0-45C4-B392-E75A45ED64A5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHolder.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Holder\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
ShortcutWithArgument: C:\Users\Holder\Desktop\Michele - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Holder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Holder\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Brock - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 12:21 - 2017-06-21 02:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-12-04 19:08 - 2017-11-09 14:32 - 007503768 _____ () C:\Program Files\CE\CovenantEyesCommService.exe
2017-12-04 19:08 - 2017-11-09 14:31 - 004353944 _____ () C:\Program Files\CE\authServer.exe
2017-08-21 17:54 - 2017-12-19 03:23 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-22 08:02 - 2016-09-22 08:02 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 08:15 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 08:15 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 08:15 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 08:15 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-12 12:20 - 2017-06-21 01:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-12 12:20 - 2017-06-21 01:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-12 12:20 - 2017-06-21 01:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\sharepoint.com -> hxxps://sabrenationorg-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-23 16:13 - 2017-12-22 19:41 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\Control Panel\Desktop\\Wallpaper -> c:\users\holder\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{28e3994e-bb8a-426b-980b-dccb1fb03f7e}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Auth Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: CovenantEyesCommService => 2
MSCONFIG\Services: CovenantEyesProxy => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPTouchpointAnalyticsService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WsDrvInst => 2
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Covenant Eyes"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET)"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2145206162-2560255737-4192909596-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3114DDB9-6EAE-4CB5-9879-9A3C5C2CC367}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{00782AD3-A26F-41DA-A9FD-5756C5F1C57C}] => (Allow) LPort=5357
FirewallRules: [{45111E41-E5FD-481C-AB82-BCAEDA537DFC}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{86CA65D9-2C9A-40AC-A6F0-09FB3AA4C93E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8EC74BC-F457-44F9-B6D4-F7951E75F54F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{661BF544-E5DB-48BB-8175-87279CED0E9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3BC726F-DD66-4A37-AADB-0E70C41C94D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D54F8CA6-6629-4936-91D6-BAE9456DB32E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{210DF67F-B90D-4164-8800-50A40A3CCEAD}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
FirewallRules: [{6923B82B-1745-418E-B139-4C68D6CE3DFA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2D1D6A64-C5FB-4D55-B5A5-6E081B286602}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8C1E2932-EBB7-46D7-82B1-FC4E53919E98}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0AD250E0-E221-4283-B0D9-0DD0BF14DFF1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FC195117-2974-4D81-919F-83E4ED892F74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8BCFD599-9189-4AA9-9E81-2F0E248BED1C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{226F3695-1380-4BAA-A610-D52165CAA709}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{DF32C524-51C6-46B1-8F1E-E3FB6D7BD6E0}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{A97EB0CE-9AEF-4E27-955E-E7ECC646C7B6}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{70804B4E-77CD-434A-B920-F089F244A5F9}] => (Allow) C:\Users\Holder\AppData\Local\Temp\7zS2FCF\HPDiagnosticCoreUI.exe
FirewallRules: [{28A6355C-2C49-4D8D-A6AD-68A54CC5CB90}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{55C53FA7-9206-498F-9509-DF0B5A9FB37D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-12-2017 11:28:49 Windows Update
19-12-2017 08:46:08 Windows Update
20-12-2017 16:06:29 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/23/2017 12:46:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Home)
Description: Activation of app Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/23/2017 12:44:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Home)
Description: Activation of app Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/23/2017 08:11:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Home)
Description: Activation of app Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/23/2017 07:57:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Home)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/22/2017 09:56:55 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.
 
Error: (12/22/2017 09:56:55 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (12/22/2017 07:51:41 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.
 
Error: (12/22/2017 07:51:41 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (12/22/2017 07:50:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/22/2017 07:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Faulting module name: WACNotifications.exe, version: 1.8.177.0, time stamp: 0x592e36cc
Exception code: 0xc0000409
Fault offset: 0x0000000000060d74
Faulting process id: 0x1440
Faulting application start time: 0x01d37b876de2c1d2
Faulting application path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Faulting module path: C:\Program Files\Common Files\McAfee\WACModule\WACNotifications.exe
Report Id: f6b35393-689d-47e9-b960-73b8b97757e9
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (12/23/2017 12:50:50 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/23/2017 12:50:44 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/23/2017 12:50:11 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/23/2017 12:50:11 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/23/2017 12:50:07 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/23/2017 12:50:07 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/23/2017 12:50:07 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/23/2017 12:49:35 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/23/2017 12:49:35 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/23/2017 12:49:35 PM) (Source: DCOM) (EventID: 10005) (User: Home)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2017-12-04 19:09:19.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:19.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:16.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 19:09:16.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-21 20:38:28.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-21 20:38:28.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 16:25:07.995
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 16:25:07.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 13%
Total physical RAM: 12226.09 MB
Available physical RAM: 10618.33 MB
Total Virtual: 14082.09 MB
Available Virtual: 12647.72 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:910.68 GB) (Free:483.71 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.92 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:58.43 GB) (Free:57.39 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C4E21D20)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 58.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Home
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 7C-05-07-93-B9-F6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : DA-5D-E2-E3-70-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom BCM43142 802.11 bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : D8-5D-E2-E3-70-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f58c:c1b3:d881:fa6d%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, December 23, 2017 12:47:17 PM
   Lease Expires . . . . . . . . . . : Sunday, December 24, 2017 12:47:17 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 114843106
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-0C-A3-3F-7C-05-07-93-B9-F6
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Pinging yahoo.com [98.138.252.38] with 32 bytes of data:
Reply from 98.138.252.38: bytes=32 time=50ms TTL=49
Reply from 98.138.252.38: bytes=32 time=48ms TTL=49
Reply from 98.138.252.38: bytes=32 time=48ms TTL=49
Reply from 98.138.252.38: bytes=32 time=49ms TTL=49
 
Ping statistics for 98.138.252.38:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 50ms, Average = 48ms
    MigrateProxy    REG_DWORD    0x1
    ProxyEnable    REG_DWORD    0x0

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP