Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

An unknown program is affecting my computer


  • Please log in to reply

#1
Washetoo

Washetoo

    Member

  • Member
  • PipPip
  • 35 posts

I am having trouble running programs on this computer.  It seems that something is running in the background affecting the speed of the computer and the internet connection.  I also can't shut down the computer normally, I have to force the shutdown.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by Steve (administrator) on STEVE-PC (20-09-2018 08:26:32)
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Steve & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(HP Inc.) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\ScanToPCActivationApp.exe
(McAfee Inc.) C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
(Facebook) C:\Users\Steve\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(HP Inc.) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(The CefSharp Authors) C:\Users\Steve\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\...\Run: [HP ENVY Photo 7100 (NET)] => C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\ScanToPCActivationApp.exe [4062344 2017-07-11] (HP Inc.)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk [2017-11-22]
ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (Realtek Semiconductor Corp.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-05-06]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-05-06]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-05-06]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-09-18]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Steve\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0e3da44d-f79e-4abb-9a53-e4c1dcef5001}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5c81cd94-64ff-43fc-ba2c-ad444fc8324c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b2c8fb65-68d4-4843-89bc-03c917f588b2}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {D16712B1-06E5-40C6-BE20-6F6D92D9B613} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {D16712B1-06E5-40C6-BE20-6F6D92D9B613} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {7A9F991B-3D8A-4AC1-8BA8-BC302CA21DED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7A9F991B-3D8A-4AC1-8BA8-BC302CA21DED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> DefaultScope {3BD6259F-67D1-4B56-80DF-4A2959E88953} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {3BD6259F-67D1-4B56-80DF-4A2959E88953} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {7A9F991B-3D8A-4AC1-8BA8-BC302CA21DED} URL =
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {9DF20BFE-9C9A-4470-BD31-CD34778F77A3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_58129979_1201_1401_20160723_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {D16712B1-06E5-40C6-BE20-6F6D92D9B613} URL =
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {D8009B4E-5E8B-43E8-A566-9ABF0B745A8F} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D19700101&p={searchTerms}
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\MSKAPB~1.DLL => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\SysWOW64\mscoree.dll [2017-09-29] (Microsoft Corporation)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\mskapbho.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-19] (Oracle Corporation)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2009-11-27] (Skype Technologies S.A.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-19] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2009-11-27] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-07-19] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-07-19] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-09-18] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-07-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-19] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-07-19] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-08-02] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-12]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-12]
CHR Extension: (Yahoo Partner) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\commhkacjheiacaopdonmodahaoadoln [2017-09-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-30]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2126779717-1312616141-414031349-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_6\McApExe.exe [729320 2018-08-27] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe [2159464 2018-06-29] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [366968 2018-08-22] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [539512 2018-08-22] (McAfee, LLC)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [490360 2018-08-22] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1690976 2018-07-27] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1316024 2018-07-25] (McAfee, Inc.)
R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S4 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 A6100; C:\WINDOWS\System32\drivers\A6100.sys [5004560 2017-11-22] (Realtek Semiconductor Corporation )
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78640 2018-08-27] (McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [105824 2018-05-02] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [507696 2018-08-27] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [368944 2018-08-27] (McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2018-08-27] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [534832 2018-08-27] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [969008 2018-08-27] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [557344 2018-08-13] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [110368 2018-08-13] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [117040 2018-08-27] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254256 2018-08-27] (McAfee, LLC)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-20 08:26 - 2018-09-20 08:26 - 000026117 _____ C:\Users\Steve\Desktop\FRST.txt
2018-09-20 08:14 - 2018-09-20 09:08 - 002413568 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2018-09-20 08:13 - 2018-09-20 08:26 - 000000000 ____D C:\FRST
2018-09-18 19:24 - 2018-09-20 08:03 - 000000000 __RSD C:\Users\Steve\Documents\McAfee Vaults
2018-09-18 19:24 - 2018-09-18 19:24 - 000000000 ____D C:\Users\Steve\AppData\Local\McAfee File Lock
2018-09-18 19:16 - 2018-08-31 12:11 - 000025424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Luadgmgt.dll
2018-09-18 19:15 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-09-18 19:14 - 2018-09-18 19:14 - 000000000 ___HD C:\$GetCurrent
2018-09-18 19:12 - 2018-09-18 19:14 - 000000000 ____D C:\Windows10Upgrade
2018-09-18 19:11 - 2018-05-02 05:53 - 000105824 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
2018-09-18 17:17 - 2018-09-20 07:59 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSteve.job
2018-09-18 17:17 - 2018-09-18 17:17 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSteve
2018-09-18 16:43 - 2018-09-18 17:11 - 000000000 ___HD C:\$WINDOWS.~BT
2018-09-18 16:31 - 2018-09-18 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-09-18 16:31 - 2018-09-18 16:31 - 000002123 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2018-09-18 16:29 - 2018-09-18 16:29 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-09-18 16:29 - 2018-09-18 16:29 - 000002243 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-09-18 16:29 - 2018-09-18 16:29 - 000000000 ____D C:\Program Files\Google
2018-09-18 16:08 - 2018-06-29 02:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-09-18 16:08 - 2018-06-29 01:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-09-18 16:08 - 2018-06-13 15:14 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-09-18 16:08 - 2018-06-13 15:02 - 002786304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-18 16:08 - 2018-06-08 00:07 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-18 16:08 - 2018-06-08 00:02 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-09-18 16:08 - 2018-06-07 23:57 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-09-18 16:08 - 2018-05-11 15:54 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-18 16:08 - 2018-05-03 00:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-18 16:08 - 2018-03-29 21:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-09-18 16:08 - 2018-03-29 21:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-09-18 16:08 - 2018-03-29 21:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-18 16:08 - 2018-03-29 21:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-18 16:08 - 2018-03-29 21:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-18 16:08 - 2018-03-29 21:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-09-18 16:08 - 2018-03-29 21:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-09-18 16:08 - 2018-03-29 21:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-18 16:08 - 2018-03-12 23:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-09-18 16:08 - 2018-03-01 01:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-18 16:08 - 2018-03-01 00:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-09-18 16:08 - 2018-02-28 23:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-09-18 16:08 - 2018-02-28 23:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-09-18 16:08 - 2018-02-28 23:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-09-18 16:08 - 2018-02-09 22:45 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-18 16:08 - 2018-02-09 22:42 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-18 16:05 - 2018-05-04 03:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-09-18 15:24 - 2018-09-18 15:24 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-09-18 15:11 - 2018-09-18 15:11 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2018-09-18 15:11 - 2018-09-18 15:11 - 000001180 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2018-08-27 09:44 - 2018-08-27 09:44 - 000117040 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\SET32F0.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-20 08:21 - 2017-12-09 13:56 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8B40685A-D79D-4276-AA7C-A6D93E75798D}
2018-09-20 08:09 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-09-20 08:07 - 2017-12-09 13:33 - 000007050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-20 08:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-20 08:06 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-20 08:02 - 2017-12-09 13:38 - 000000000 ____D C:\Users\Steve
2018-09-20 08:01 - 2017-12-09 13:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-20 08:00 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-09-20 07:59 - 2017-12-09 13:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-18 19:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-18 19:20 - 2015-06-11 16:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-18 19:16 - 2017-09-29 10:01 - 000000000 ____D C:\Program Files\rempl
2018-09-18 19:16 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-18 19:16 - 2010-05-30 08:14 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-18 19:14 - 2009-07-13 20:34 - 000000478 _____ C:\WINDOWS\win.ini
2018-09-18 19:12 - 2017-12-09 13:38 - 000000000 ____D C:\Users\DefaultAppPool
2018-09-18 19:11 - 2010-05-06 09:23 - 000000000 ____D C:\ProgramData\McAfee
2018-09-18 19:11 - 2010-05-06 09:23 - 000000000 ____D C:\Program Files\McAfee
2018-09-18 18:44 - 2017-03-02 16:21 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-18 18:44 - 2017-03-02 16:21 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-18 18:18 - 2015-09-06 08:52 - 000000000 ____D C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2018-09-18 17:16 - 2017-12-08 23:32 - 000000000 ___DC C:\WINDOWS\Panther
2018-09-18 16:29 - 2015-07-10 19:20 - 000000000 ____D C:\Program Files (x86)\Google
2018-09-18 16:21 - 2017-03-02 16:20 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-18 16:19 - 2018-01-23 09:18 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-09-18 16:19 - 2016-10-02 20:42 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-09-18 16:11 - 2018-01-23 09:19 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-09-18 16:10 - 2017-12-09 13:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-09-18 16:09 - 2017-09-29 07:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-09-18 16:09 - 2010-05-06 09:23 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-09-18 16:03 - 2017-12-09 13:56 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-09-18 16:03 - 2017-12-09 13:56 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-09-18 16:03 - 2017-12-09 13:56 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-09-18 15:48 - 2017-12-09 13:56 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2126779717-1312616141-414031349-1003
2018-09-18 15:48 - 2016-07-07 07:08 - 000002405 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-18 15:48 - 2016-07-07 07:08 - 000000000 ___RD C:\Users\Steve\OneDrive
2018-09-18 15:40 - 2018-01-21 11:11 - 000001281 _____ C:\Users\Steve\Desktop\Facebook Gameroom.lnk
2018-09-18 15:40 - 2018-01-21 11:11 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2018-09-18 15:34 - 2016-01-12 08:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-18 15:12 - 2010-05-06 09:23 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-09-18 15:11 - 2018-01-04 11:00 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-09-18 15:11 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-09-18 15:10 - 2018-01-04 11:00 - 000000000 ____D C:\Users\Steve\AppData\Roaming\McAfee Safe Connect
2018-09-18 15:05 - 2017-09-29 02:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-09-05 12:02 - 2017-09-29 07:49 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-05 12:02 - 2017-09-29 07:49 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-27 09:44 - 2017-10-19 10:36 - 000969008 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfehidk.sys
2018-08-27 09:44 - 2017-10-19 10:36 - 000534832 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfefirek.sys
2018-08-27 09:44 - 2017-10-19 10:36 - 000507696 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeaack.sys
2018-08-27 09:44 - 2017-10-19 10:36 - 000507696 _____ (McAfee, LLC) C:\WINDOWS\SMSS-PFRO6b5c.tmp
2018-08-27 09:44 - 2017-10-19 10:36 - 000368944 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2018-08-27 09:44 - 2017-10-19 10:36 - 000254256 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2018-08-27 09:44 - 2017-10-19 10:36 - 000117040 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeplk.sys
2018-08-27 09:44 - 2017-10-19 10:36 - 000085048 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeelamk.sys
2018-08-27 09:44 - 2017-10-19 10:36 - 000078640 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\cfwids.sys
2018-08-22 10:42 - 2018-01-23 09:15 - 000490360 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
==================== Files in the root of some directories =======
2010-05-11 17:31 - 2010-05-11 17:31 - 000003584 _____ () C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2018-09-18 15:11 - 2018-09-18 15:11 - 000290304 _____ (Microsoft Corporation) C:\Users\Steve\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-09-18 19:16
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Steve (20-09-2018 08:27:07)
Running from C:\Users\Steve\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-09 19:58:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2126779717-1312616141-414031349-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2126779717-1312616141-414031349-503 - Limited - Disabled)
Guest (S-1-5-21-2126779717-1312616141-414031349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2126779717-1312616141-414031349-1005 - Limited - Enabled)
Steve (S-1-5-21-2126779717-1312616141-414031349-1003 - Administrator - Enabled) => C:\Users\Steve
WDAGUtilityAccount (S-1-5-21-2126779717-1312616141-414031349-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{3BBC4F87-1F46-431F-A5DB-AFB28F692775}) (Version: 10.17.0612 - Amazon) <==== ATTENTION
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{C73A3942-84C8-4597-9F9B-EE227DCBA758}) (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
DirectXInstallService (HKLM-x32\...\{098122AB-C605-4853-B441-C0A4EB359B75}) (Version: 9.0.2 - Roxio) Hidden
EMC 10 Content (HKLM-x32\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (HKLM\...\{02AD9D20-03D2-4DE0-8793-E8253026AD86}) (Version: 1.0.302 - Sonic) Hidden
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP)
HP ENVY Photo 7100 series Basic Device Software (HKLM\...\{2D3A5D2F-C05C-4535-903F-B45345892403}) (Version: 44.1.2550.17192 - HP Inc.)
HP ENVY Photo 7100 series Help (HKLM-x32\...\{044AF040-9AF7-4B0A-ABB5-302B9D6A8155}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{3D16A9C5-8107-4EBB-B988-08CD363A9D0F}) (Version: 12.9.24.3 - HP Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R14 - McAfee, Inc.)
McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.208 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4989.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2126779717-1312616141-414031349-1003\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
NETGEAR A6100 Genie (HKLM-x32\...\{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.32 - NETGEAR) Hidden
NETGEAR A6100 Genie (HKLM-x32\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.32 - NETGEAR)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4989.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4989.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4989.1000 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Product Improvement Study for HP ENVY Photo 7100 series (HKLM\...\{C52AD089-3F71-476C-8D7A-B005540B68A0}) (Version: 44.1.2550.17192 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.0 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4036 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Sonic Solutions) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F94A5095-E4DD-4ED8-AB0B-BFAC62176F8C}) (Version: 2.49.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-07-19] (McAfee, Inc.)
ContextMenuHandlers1: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions)
ContextMenuHandlers2: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-07-19] (McAfee, Inc.)
ContextMenuHandlers6: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0060F4F9-C3BB-45F8-ADF6-8446937723C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {108191A9-B81B-4A89-8324-CBAE19F79526} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {15D8AA86-EAFE-42B9-8BB2-0C0D976BF002} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {19A7AACA-5CB8-498E-9C2F-96B660D3564D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {1BB538FD-10C1-41A4-A76D-25B230E6E72F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {2C362EB4-8053-43A6-BA72-BD6420FBE056} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2D76A2B7-61A8-4001-91BD-2403A210CFAC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F71164D-1181-41C0-A09E-5B4AA1220707} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-15] (Adobe Systems Incorporated)
Task: {32F4050D-2881-4AEE-87DE-152266044E8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {34E08A51-7865-467F-BD01-B14F897CD923} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {359E2C4C-94D3-4EC4-8133-96D33B00729E} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-06-06] (McAfee, Inc.)
Task: {367B7261-251B-4B7C-92C1-DB533D14F1AC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {3A79D6E2-FA26-4257-99E0-10274054C3F4} - System32\Tasks\{F669A1E0-0F2E-47AF-B532-88847F1F8A68} => C:\Windows\system32\pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9L9IH5A\JavaSetup8u45.exe" -d C:\Users\Steve\Desktop
Task: {45001587-1E69-46DA-ADDA-8E61A3DEFAFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {460D5FE4-DCD8-40FB-B850-0B6D8962B2AF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-15] (Adobe Systems Incorporated)
Task: {47B3E690-6617-4D13-AD0F-07181DC9476D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH78E1S0XW => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {4C9C1653-252B-4082-8DE0-E7DD7263BF86} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5043BBDD-FB4B-43EA-B98D-465C92741B4C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {556C7491-8685-4490-9663-5232AA65DDB1} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {55CB7007-C249-4BC7-A1FF-03A82008C1CA} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {633E6906-1388-4235-A404-90CEBA38C54C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-10-19] (HP Inc.)
Task: {63C7A0E5-B90B-4913-BB15-A4623643A6AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {674E761A-1C56-4639-9114-EC815ED10FCB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {6C876844-9496-4246-A984-9516F1186740} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6C89DD9F-B831-4DE6-BF4B-E0991DC98AD5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {6DD71C20-833A-447E-B542-3F5261EE0DB7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71437354-E985-401A-AC82-7F07E9AC448E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {743E044B-DE63-47F6-9DA8-E9B817066376} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7A2EE8C6-D82D-48B9-AA59-C54A3E8F5491} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81C91F2C-A058-4B59-9AA8-352C6ED6FA35} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {829A157E-CAA9-4751-AC4D-5F5A042A72C8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83CFE42F-9ECC-4A65-B3BD-549ADC39767C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {84084A39-63CC-4C24-81B1-0D09EBB720A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-10] (Google Inc.)
Task: {87879C5E-84AE-4340-8EEB-B6FC8FD89F0E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8B18B941-C40D-4DDD-AC35-C23C1A3936D0} - System32\Tasks\HPCustParticipation HP ENVY Photo 7100 series => C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\HPCustPartic.exe [2017-07-11] (HP Inc.)
Task: {949A672C-21D2-4831-85B0-4E3312AE3190} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {95D44650-B512-4F7E-8937-EA100CB2CB3C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9721E916-859D-401D-BE52-CBB64FFB45C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {997C9B59-4132-4E53-9997-E3878B6BA018} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A0AFC522-E575-47FA-9685-9C11A3F91258} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A0C47F00-3581-4FC0-AB65-05AE3DF924B0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {A97FC179-F898-491B-8402-0060BBDE85B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {AE0EDA73-6C12-4FAF-87C1-AFE365E863F1} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AE1E62D9-3944-465E-90E6-F836B2B3BC08} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B85E8E50-04A3-4D32-8211-C4C3A1134671} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB7E869E-194C-454F-9CBB-D4F06A4C0041} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {BC2EA5AD-2C23-41E0-8796-CC85832B73C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {BC70B943-ACFF-4605-AD8E-572DAA02BA15} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD682918-AECB-411E-99C7-AF0558419E97} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C02DCCEC-FA7B-44A5-959A-DABA9DA9A921} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C95F6FC2-F48F-4300-9B31-ECAD0E79ECFB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CC4FE8CA-1E3D-4F3B-ACCD-425E6CBE06F8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CC6C8F9B-EDB0-4EA1-AD07-35CBBF27B95B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-10-19] (HP Inc.)
Task: {D049FA15-366A-4936-BE98-30BA1F5F1755} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {D1937180-37B5-4FC7-8D5B-D62364DAD431} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1AFFD06-5FE9-47FC-9609-AB85AAA9F4FD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {DCFD5C37-A6F5-474B-8DBB-5DD0A250C23F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DFD2F50F-27EF-4C9C-A0FC-46FDC7C39B1E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E7D394DF-55C8-419F-98F0-3685095EBE5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {E8BF607D-0D89-4A7C-80AF-31B1BD37F77A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {EB2D6327-6E2B-4201-AC21-944C68564E6E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F2E23047-E463-40B5-ADFB-0CDD7B8D73CE} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-07-13] (McAfee, Inc.)
Task: {FB552AA2-8C66-49D0-A958-EBF4A79A4FB2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-06-11] (McAfee, Inc.)
Task: {FBCFF9A8-AED7-457E-BCCA-EB216366D720} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-10] (Google Inc.)
Task: {FC698D1C-8FBC-4100-8686-D6116D44CC6D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FEDB12BA-C593-49E2-B5E1-CC57D459171D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-09-25 03:04 - 2016-11-14 05:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-19 08:03 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-06-29 14:34 - 2018-06-29 14:34 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\McCSPMsgBusDLL.dll
2017-03-22 16:14 - 2017-01-31 06:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-09 02:18 - 2017-12-09 02:18 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-09 02:18 - 2017-12-09 02:18 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-17 21:58 - 2018-01-17 21:59 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-17 21:58 - 2018-01-17 21:59 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-17 21:58 - 2018-01-17 21:59 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 03:11 - 2018-01-03 03:11 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-12-09 02:17 - 2017-12-09 02:17 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2016-01-07 10:17 - 2016-01-07 10:17 - 000094208 _____ () C:\Program Files (x86)\NETGEAR\A6100\Realtek.dll
2012-11-06 10:47 - 2012-11-06 10:47 - 000114688 _____ () C:\Program Files (x86)\NETGEAR\A6100\EnumDevLib.dll
2018-05-03 11:03 - 2018-05-03 11:03 - 001184256 _____ () C:\Users\Steve\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-05-03 11:03 - 2018-05-03 11:03 - 071641088 _____ () C:\Users\Steve\AppData\Local\Facebook\Games\libcef.dll
2018-05-03 11:03 - 2018-05-03 11:03 - 000774656 _____ () C:\Users\Steve\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-05-03 11:03 - 2018-05-03 11:03 - 003149824 _____ () C:\Users\Steve\AppData\Local\Facebook\Games\libglesv2.dll
2018-05-03 11:03 - 2018-05-03 11:03 - 000078848 _____ () C:\Users\Steve\AppData\Local\Facebook\Games\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2018-01-23 08:54 - 000000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Local\Microsoft\Windows\Themes\US-wp3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Amazon Assistant Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: mcbootdelaystartsvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: sprtsvc_DellSupportCenter => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{97B71F17-E05A-48A1-87F5-86B7275A31A4}] => (Allow) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{2ED558AA-7E93-45BA-8887-3FD9A334F721}] => (Allow) LPort=5357
FirewallRules: [{A33F19FB-D5D7-4F29-A9DA-6406E13FE9DC}] => (Allow) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\DeviceSetup.exe
FirewallRules: [{FB9EDA76-53EA-4C1B-B8AC-5B87CB558736}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS428A\HP.EasyStart.exe
FirewallRules: [{D80D20DE-E26C-4C53-9B1E-1F6AA03F0F80}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{7B91679E-A0B3-441B-B79F-85F67B003DC0}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [UDP Query User{ECB6991E-C966-4E8F-9A2B-CA963C36326C}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe
FirewallRules: [TCP Query User{7E337C97-2529-4F5D-948A-49E83712CA18}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe
FirewallRules: [{CD9BC679-0000-4290-A2C6-5F4943CA7112}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{45596FD8-C7FD-4134-AC54-EC66A9253A88}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4F86D8A2-205C-4B7E-9F23-7CB2D94BEC6B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2C378DDE-9B41-42A5-824E-D45F7D2E5E97}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D09492D7-8790-4B64-8E3A-AAE29ECD8AAA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0717CA3B-45BB-46DA-92EF-C22A25764015}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{47FD41E5-C370-4E0A-99FD-01CC339CD7C1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{A62F5D17-6035-4A90-890E-C69EFD12EE87}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{8CBCB993-B44E-4D5C-9509-BA197A8556A0}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{DC66297B-F748-4457-B8AB-D0B6E181E16F}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{05FD4A43-2A69-4CFF-892A-6628172EF025}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{84EBCE59-E8C2-4C36-AE73-BAAD296CE789}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{68D60C25-04C7-49DC-B08C-06BD91BEDCD8}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{D780303B-4D77-4303-839A-F4DA8511FA99}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{1D1BD262-6155-4BD1-A217-32350A3A77A6}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{91B40DB7-D83C-4029-B7BF-A058BC59C1D0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{BE7EE797-1903-4AEA-9E5E-CE3A078DE523}] => (Allow) svchost.exe
FirewallRules: [{3CB4AEE4-9EFC-495B-AE6E-302F5555CABA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3E7D93D7-5119-4EE5-BCC2-7D674CA5801C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{BEA8B30F-A285-4C2B-A0AA-EB77F954C4C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{2F641C97-940F-4A69-88D9-CCA7A2E0336B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{2ADC9B45-CA25-4C9A-8428-6D9F4744A2EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-01-2018 20:00:50 Windows Backup
18-09-2018 19:12:41 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (09/20/2018 08:09:43 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL MSSQL$MSSMLBIZ. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (09/20/2018 08:08:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Steve-PC)
Description: Package Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
Error: (09/18/2018 07:22:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_InstallService, version: 10.0.16299.15, time stamp: 0x9c786b9a
Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4
Exception code: 0xc0000409
Fault offset: 0x000000000006b70e
Faulting process id: 0x3468
Faulting application start time: 0x01d44f942ab8e00b
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: c7d7f9fe-0394-43ae-a2d9-74bb6d28f198
Faulting package full name:
Faulting package-relative application ID:
Error: (09/18/2018 03:33:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 3.0.0.1490 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 282c
Start Time: 01d44f96c0dcb4b8
Termination Time: 58
Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Report Id: 294437de-c4ce-4a34-9bed-fdc95474df7b
Faulting package full name:
Faulting package-relative application ID:
Error: (09/18/2018 03:26:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514
Exception code: 0xcfffffff
Fault offset: 0x000000000009fef4
Faulting process id: 0x19c4
Faulting application start time: 0x01d44f943805cf97
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f79f6fbc-74b9-4638-939b-96e9c83b8c85
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (09/18/2018 03:13:48 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
Error: (09/18/2018 03:11:53 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL MSSQL$MSSMLBIZ. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (09/18/2018 03:11:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (09/20/2018 08:07:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (09/20/2018 08:02:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/20/2018 08:02:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/20/2018 08:02:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/20/2018 08:02:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/20/2018 07:59:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:04:37 PM on ‎9/‎18/‎2018 was unexpected.
Error: (09/18/2018 07:23:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/18/2018 07:23:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2017-12-13 15:44:20.820
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.1024.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2017-12-13 15:44:20.820
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 117.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.13804.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2017-12-13 15:44:18.963
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.1024.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2017-12-13 15:44:18.962
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.1024.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2017-12-13 15:44:18.962
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.1024.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
CodeIntegrity:
===================================
Date: 2018-09-18 16:07:34.154
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-09-18 16:07:34.136
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-09-18 16:07:34.122
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-09-18 16:07:34.112
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-09-18 16:07:34.090
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-09-18 16:07:33.879
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\SystemCore\mfehida.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-01-27 11:45:40.479
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-01-27 11:45:38.853
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 54%
Total physical RAM: 3959.07 MB
Available physical RAM: 1796.2 MB
Total Virtual: 8311.07 MB
Available Virtual: 5789.54 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:586.01 GB) (Free:512.22 GB) NTFS
Drive j: (KINGSTON) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32
\\?\Volume{bdd980e4-592e-11df-9826-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:10.12 GB) (Free:3.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: C796C701)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=586 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 14.5 GB) (Disk ID: 7E1D50F6)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 


  • 0

#3
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

After I started this thread a major Windows 10 update was installed.  Attached are the Registry, Junk and speccy results:

 

Attached File  STEVE-PC.txt   85.2KB   10 downloads

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 91.28 52 K 8 K 0   
MicrosoftEdgeCP.exe 2.74 110,460 K 134,060 K 5124 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 1.76 29,912 K 64,128 K 3716 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 1.10 188 K 552 K 4   
dwm.exe 0.94 55,756 K 50,324 K 8644   
McAfee Safe Connect.exe 0.88 50,976 K 10,088 K 9812 McAfee Safe Connect McAfee Inc. (Verified) AnchorFree Inc
Interrupts 0.58 0 K 0 K n/a Hardware Interrupts and DPCs  
csrss.exe 0.29 2,548 K 4,924 K 9348   
explorer.exe 0.16 46,256 K 103,804 K 12420 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
MicrosoftEdge.exe 0.07 34,048 K 81,668 K 10944 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
FacebookGameroom.exe 0.06 26,484 K 52,368 K 8076 FacebookGameroom Facebook (Verified) Facebook
svchost.exe 0.04 9,444 K 32,716 K 8568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 4,140 K 10,388 K 1844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 12,032 K 11,144 K 5920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 4,624 K 19,752 K 6472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 4,176 K 15,696 K 6396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 3,192 K 10,928 K 2728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
HPNetworkCommunicatorCom.exe 0.01 2,932 K 11,932 K 4184 HPNetworkCommunicatorCom HP Inc. (Verified) Hewlett Packard
ScanToPCActivationApp.exe 0.01 4,756 K 17,156 K 5196 ScanToPCActivationApp HP Inc. (Verified) Hewlett Packard
mcapexe.exe < 0.01 3,192 K 1,060 K 6380 McAfee Access Protection McAfee, Inc. (Verified) McAfee
svchost.exe < 0.01 9,228 K 16,152 K 560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
A6100.EXE < 0.01 8,728 K 18,544 K 1308   
RtlService.exe < 0.01 1,648 K 6,388 K 3304 Realtek RtlService Application Realtek Semiconductor Corp. (Verified) NETGEAR
NvBackend.exe < 0.01 1,960 K 8,228 K 11792 NVIDIA Update Backend NVIDIA Corporation (Verified) NVIDIA Corporation
officeclicktorun.exe < 0.01 32,996 K 27,900 K 3372 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
MfeAVSvc.exe < 0.01 17,892 K 5,680 K 5512   
svchost.exe < 0.01 4,280 K 10,720 K 1612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 2,084 K 5,100 K 620   
McPvTray.exe < 0.01 2,600 K 1,276 K 6608 McAfee File Lock Monitor McAfee, Inc. (Verified) McAfee
smartscreen.exe < 0.01 56,540 K 61,728 K 9000 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe < 0.01 4,360 K 12,920 K 11908   
svchost.exe < 0.01 3,932 K 14,136 K 11832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,392 K 11,424 K 4540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WUDFHost.exe  2,060 K 6,940 K 1624   
WmiPrvSE.exe  3,824 K 10,936 K 7424   
WmiPrvSE.exe  2,232 K 8,752 K 12784   
winlogon.exe  2,272 K 8,024 K 632   
wininit.exe  1,516 K 5,996 K 740   
taskhostw.exe  16,732 K 25,976 K 8008 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  12,272 K 27,152 K 76 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  46,788 K 47,564 K 1888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  14,532 K 22,608 K 3100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,776 K 5,956 K 2740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,576 K 12,704 K 2428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,608 K 9,280 K 4792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  7,020 K 15,204 K 3176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  10,320 K 20,972 K 9436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,224 K 12,900 K 3412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,176 K 8,728 K 1852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  18,900 K 17,296 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,600 K 8,960 K 2196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  6,752 K 15,496 K 2628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,960 K 8,108 K 624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,988 K 7,620 K 2712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  9,632 K 16,904 K 1148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  9,160 K 39,088 K 9380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  6,016 K 8,836 K 1680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,084 K 15,084 K 10120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,564 K 4,700 K 5484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,128 K 8,168 K 3440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,132 K 7,256 K 1736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,340 K 17,920 K 10484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,364 K 9,812 K 3704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  13,052 K 19,376 K 2452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,004 K 12,408 K 224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,884 K 7,000 K 2556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,232 K 11,212 K 1508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,324 K 5,500 K 1936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,392 K 8,052 K 1916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,664 K 10,260 K 3432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,772 K 5,004 K 4928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  6,808 K 15,376 K 3136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,172 K 8,216 K 3144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,176 K 4,884 K 4080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,288 K 7,856 K 1924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,344 K 3,540 K 3588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,316 K 5,348 K 3420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,432 K 5,840 K 3108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,356 K 11,268 K 3124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,760 K 10,092 K 360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,684 K 12,704 K 2988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  10,712 K 24,040 K 6244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,936 K 2,304 K 6376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,544 K 1,572 K 8388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,108 K 6,480 K 2152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,928 K 7,380 K 2140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,888 K 7,888 K 660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  33,924 K 23,676 K 6644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,260 K 17,300 K 1784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,812 K 10,956 K 1892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,004 K 7,796 K 7668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,680 K 5,592 K 1368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,160 K 4,288 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  980 K 3,724 K 1000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,632 K 7,548 K 6488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,388 K 5,580 K 9156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,584 K 6,404 K 8516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,584 K 6,076 K 1216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  2,332 K 9,488 K 7048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,736 K 7,364 K 1248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sqlwriter.exe  1,652 K 7,060 K 3344 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
sqlbrowser.exe  1,452 K 4,016 K 3336 SQL Browser Service EXE Microsoft Corporation (Verified) Microsoft Corporation
sprtcmd.exe  15,500 K 2,480 K 12276 Dell Support Center Updates SupportSoft, Inc. (Verified) Dell Inc.
spoolsv.exe  11,636 K 14,340 K 3052 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe  10,288 K 5,676 K 5064 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
SMSvcHost.exe  15,680 K 4,328 K 3324 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
smss.exe  508 K 976 K 400   
sihost.exe  6,612 K 27,224 K 5624 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShwiconXP9106.exe  1,800 K 9,036 K 3936 IconUtility ShwiconXP Application Alcor Micro Corp. (No signature was present in the subject) Alcor Micro Corp.
ShellExperienceHost.exe Suspended 34,700 K 78,980 K 8280 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe  2,492 K 4,576 K 4424 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe  5,260 K 9,512 K 864   
SecurityHealthService.exe  4,476 K 9,316 K 3540 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 65,268 K 68,308 K 11448 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe  1,908 K 7,536 K 1136 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe  36,460 K 22,148 K 1636 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe  1,348 K 6,100 K 4504   
saUI.exe  9,880 K 3,336 K 7772   
RuntimeBroker.exe  4,544 K 25,500 K 12776 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  7,296 K 26,716 K 6776 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  4,768 K 15,080 K 8648 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  5,612 K 22,108 K 9628 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe  1,956 K 8,556 K 10576 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe  2,008 K 9,280 K 4340 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
Registry  1,996 K 44,880 K 96   
RAVCpl64.exe  4,444 K 13,076 K 4100 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
ProtectedModuleHost.exe  5,352 K 296 K 5224   
procexp.exe  2,944 K 10,144 K 4132 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PEFService.exe  1,664 K 0 K 3360 McAfee PEF Service McAfee, Inc. (Verified) McAfee
PDVDDXSrv.exe  2,592 K 11,320 K 12304 CyberLink PowerDVD Resident Program CyberLink Corp. (Verified) CyberLink
OneDrive.exe  27,384 K 70,756 K 9612 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
nvxdsync.exe  6,156 K 18,268 K 2372   
nvvsvc.exe  2,416 K 8,996 K 1764 NVIDIA Driver Helper Service, Version 342.01 NVIDIA Corporation (Verified) NVIDIA Corporation
nvtray.exe  3,260 K 12,252 K 9584 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
msdtc.exe  2,972 K 4,852 K 5548 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
MSASCuiL.exe  1,936 K 9,176 K 7888 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
mqsvc.exe  4,624 K 6,696 K 3688 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
ModuleCoreService.exe  37,912 K 8,848 K 3396 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
ModuleCoreService.exe  10,400 K 5,008 K 7576 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
MMSSHOST.exe  33,940 K 21,424 K 4440   
MicrosoftEdgeCP.exe  5,568 K 24,044 K 6520 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe  5,880 K 25,096 K 1488 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe  6,024 K 25,316 K 4852 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
mfevtps.exe  6,964 K 11,768 K 6800   
mfevtps.exe  2,520 K 6,884 K 6796 McAfee Process Validation Service McAfee, LLC (Verified) McAfee
mfemms.exe  2,480 K 4,576 K 6560 McAfee Management Service McAfee, LLC (Verified) McAfee
mfefire.exe  2,588 K 8,300 K 956   
Memory Compression  572 K 64,252 K 1180   
McUICnt.exe  10,724 K 3,888 K 10616 McAfee McAfee, Inc. (Verified) McAfee
mcshield.exe  53,856 K 31,532 K 712   
mcsacore.exe  18,592 K 5,728 K 5360 McAfee WebAdvisor McAfee, Inc. (Verified) McAfee
McCSPServiceHost.exe  9,008 K 3,012 K 7784 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
lsass.exe  8,488 K 17,212 K 884 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
jusched.exe  2,256 K 12,776 K 9740 Java Update Scheduler Oracle Corporation (Verified) Oracle America
jucheck.exe  3,128 K 13,596 K 7136 Java Update Checker Oracle Corporation (Verified) Oracle America
HPSupportSolutionsFrameworkService.exe  26,884 K 21,288 K 2332 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
GoogleCrashHandler64.exe  1,660 K 156 K 6784   
GoogleCrashHandler.exe  1,632 K 208 K 7064   
fontdrvhost.exe  2,424 K 5,268 K 13228   
fontdrvhost.exe  1,960 K 2,832 K 372   
Facebook Gameroom Browser.exe  25,372 K 30,720 K 12300 Facebook Gameroom Browser The CefSharp Authors (Verified) Facebook
dllhost.exe  1,824 K 11,196 K 12964 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe  3,416 K 10,692 K 11208 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe  3,372 K 8,876 K 3644   
ctfmon.exe  3,956 K 14,596 K 9340   
conhost.exe  1,428 K 5,624 K 11536 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
browser_broker.exe  4,804 K 27,756 K 10248 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
BcmSqlStartupSvc.exe  1,336 K 6,100 K 3312 BCM SQL Startup Service Microsoft Corporation (Verified) Microsoft Corporation
armsvc.exe  1,372 K 6,156 K 3352 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ApplicationFrameHost.exe  12,296 K 29,020 K 124 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
 
 

Image Name                     PID Services                                   
========================= ======== ============================================
System Idle Process              0 N/A                                        
System                           4 N/A                                        
Registry                        96 N/A                                        
smss.exe                       400 N/A                                        
csrss.exe                      620 N/A                                        
wininit.exe                    740 N/A                                        
services.exe                   864 N/A                                        
lsass.exe                      884 KeyIso, SamSs, VaultSvc                    
svchost.exe                   1000 PlugPlay                                   
svchost.exe                     76 BrokerInfrastructure, DcomLaunch, Power,   
                                   SystemEventsBroker                         
fontdrvhost.exe                372 N/A                                        
svchost.exe                    560 RpcEptMapper, RpcSs                        
svchost.exe                    624 LSM                                        
svchost.exe                   1080 DeviceInstall                              
svchost.exe                   1148 BFE, CoreMessagingRegistrar, mpssvc        
svchost.exe                   1368 hidserv                                    
svchost.exe                   1508 TimeBrokerSvc                              
svchost.exe                   1556 EventLog                                   
WUDFHost.exe                  1624 N/A                                        
svchost.exe                   1680 nsi                                        
svchost.exe                   1736 Dhcp                                       
nvvsvc.exe                    1764 nvsvc                                      
svchost.exe                   1784 lfsvc                                      
svchost.exe                   1844 NlaSvc                                     
svchost.exe                   1892 ProfSvc                                    
svchost.exe                   1888 SysMain                                    
svchost.exe                   1916 EventSystem                                
svchost.exe                   1924 Dnscache                                   
svchost.exe                   1936 Themes                                     
svchost.exe                    660 SENS                                       
Memory Compression            1180 N/A                                        
svchost.exe                   1852 netprofm                                   
svchost.exe                   2140 AudioEndpointBuilder                       
svchost.exe                   2152 FontCache                                  
svchost.exe                   2196 UserManager                                
svchost.exe                   2428 Audiosrv                                   
svchost.exe                   2452 Winmgmt                                    
svchost.exe                   2556 WinHttpAutoProxySvc                        
svchost.exe                   2628 StateRepository                            
svchost.exe                   2728 Wcmsvc                                     
svchost.exe                   2740 DusmSvc                                    
svchost.exe                   2988 ShellHWDetection                           
spoolsv.exe                   3052 Spooler                                    
svchost.exe                    360 LanmanServer                               
svchost.exe                   3100 DPS                                        
svchost.exe                   3108 DeviceAssociationService                   
svchost.exe                   3124 iphlpsvc                                   
svchost.exe                   3136 CryptSvc                                   
svchost.exe                   3144 AppHostSvc                                 
RtlService.exe                3304 Realtek8723AU                              
BcmSqlStartupSvc.exe          3312 BcmSqlStartupSvc                           
SMSvcHost.exe                 3324 NetPipeActivator, NetTcpActivator,         
                                   NetTcpPortSharing                          
sqlbrowser.exe                3336 SQLBrowser                                 
sqlwriter.exe                 3344 SQLWriter                                  
armsvc.exe                    3352 AdobeARMservice                            
PEFService.exe                3360 PEFService                                 
officeclicktorun.exe          3372 ClickToRunSvc                              
ModuleCoreService.exe         3396 ModuleCoreService                          
svchost.exe                   3412 stisvc                                     
svchost.exe                   3420 TrkWks                                     
svchost.exe                   3432 osrss                                      
svchost.exe                   3440 W3SVC, WAS                                 
SecurityHealthService.exe     3540 SecurityHealthService                      
svchost.exe                   3588 WdiServiceHost                             
dasHost.exe                   3644 N/A                                        
mqsvc.exe                     3688 MSMQ                                       
svchost.exe                   4080 SSDPSRV                                    
svchost.exe                   4928 PolicyAgent                                
SMSvcHost.exe                 5064 NetMsmqActivator                           
mcsacore.exe                  5360 McAfee SiteAdvisor Service                 
svchost.exe                   5484 IKEEXT                                     
msdtc.exe                     5548 MSDTC                                      
HPSupportSolutionsFramewo     2332 HPSupportSolutionsFrameworkService         
GoogleCrashHandler.exe        7064 N/A                                        
GoogleCrashHandler64.exe      6784 N/A                                        
mfemms.exe                    6560 mfemms                                     
mfevtps.exe                   6800 N/A                                        
SgrmBroker.exe                4424 SgrmBroker                                 
svchost.exe                   6644 UsoSvc, wuauserv                           
mfevtps.exe                   6796 mfevtp                                     
mcshield.exe                   712 N/A                                        
mfefire.exe                    956 N/A                                        
MMSSHOST.exe                  4440 N/A                                        
mcapexe.exe                   6380 McAPExe                                    
MfeAVSvc.exe                  5512 N/A                                        
ProtectedModuleHost.exe       5224 N/A                                        
svchost.exe                   1612 WlanSvc                                    
svchost.exe                   1216 SstpSvc                                    
svchost.exe                   4540 RasMan                                     
svchost.exe                   6488 PcaSvc                                     
svchost.exe                   3704 Netman                                     
svchost.exe                   7048 NcbService                                 
SearchIndexer.exe             1636 WSearch                                    
svchost.exe                   3176 Schedule                                   
svchost.exe                   2712 LanmanWorkstation                          
svchost.exe                   4792 wscsvc                                     
svchost.exe                   6396 CDPSvc                                     
svchost.exe                   6472 WpnService                                 
svchost.exe                   6244 DiagTrack                                  
svchost.exe                   1248 TabletInputService                         
svchost.exe                    224 TokenBroker                                
McCSPServiceHost.exe          7784 mccspsvc                                   
svchost.exe                  10484 LicenseManager                             
svchost.exe                   9436 BITS                                       
svchost.exe                   8388 SDRSVC                                     
svchost.exe                   7668 StorSvc                                    
svchost.exe                  11832 wlidsvc                                    
svchost.exe                   5920 DoSvc                                      
svchost.exe                   6376 SensorService                              
svchost.exe                   8516 lmhosts                                    
csrss.exe                     9348 N/A                                        
winlogon.exe                   632 N/A                                        
fontdrvhost.exe              13228 N/A                                        
dwm.exe                       8644 N/A                                        
nvxdsync.exe                  2372 N/A                                        
nvvsvc.exe                   11908 N/A                                        
WmiPrvSE.exe                 12784 N/A                                        
svchost.exe                   9156 WdiSystemHost                              
McUICnt.exe                  10616 N/A                                        
saUI.exe                      7772 N/A                                        
sihost.exe                    5624 N/A                                        
svchost.exe                  10120 CDPUserSvc_1399d47                         
svchost.exe                   9380 WpnUserService_1399d47                     
taskhostw.exe                 8008 N/A                                        
explorer.exe                 12420 N/A                                        
McPvTray.exe                  6608 N/A                                        
A6100.EXE                     1308 N/A                                        
svchost.exe                   8568 OneSyncSvc_1399d47,                        
                                   PimIndexMaintenanceSvc_1399d47,            
                                   UnistoreSvc_1399d47, UserDataSvc_1399d47   
dllhost.exe                  12964 N/A                                        
ShellExperienceHost.exe       8280 N/A                                        
SearchUI.exe                 11448 N/A                                        
RuntimeBroker.exe             9628 N/A                                        
RuntimeBroker.exe             8648 N/A                                        
ApplicationFrameHost.exe       124 N/A                                        
smartscreen.exe               9000 N/A                                        
MicrosoftEdge.exe            10944 N/A                                        
RuntimeBroker.exe            12776 N/A                                        
browser_broker.exe           10248 N/A                                        
dllhost.exe                  11208 N/A                                        
RuntimeBroker.exe             6776 N/A                                        
MicrosoftEdgeCP.exe           5124 N/A                                        
MicrosoftEdgeCP.exe           6520 N/A                                        
ctfmon.exe                    9340 N/A                                        
nvtray.exe                    9584 N/A                                        
NvBackend.exe                11792 N/A                                        
MSASCuiL.exe                  7888 N/A                                        
RAVCpl64.exe                  4100 N/A                                        
rundll32.exe                 10576 N/A                                        
rundll32.exe                  4340 N/A                                        
OneDrive.exe                  9612 N/A                                        
ScanToPCActivationApp.exe     5196 N/A                                        
McAfee Safe Connect.exe       9812 N/A                                        
FacebookGameroom.exe          8076 N/A                                        
ShwiconXP9106.exe             3936 N/A                                        
PDVDDXSrv.exe                12304 N/A                                        
sprtcmd.exe                  12276 N/A                                        
jusched.exe                   9740 N/A                                        
HPNetworkCommunicatorCom.     4184 N/A                                        
ModuleCoreService.exe         7576 N/A                                        
conhost.exe                  11536 N/A                                        
Facebook Gameroom Browser    12300 N/A                                        
MicrosoftEdgeCP.exe           4852 N/A                                        
WmiPrvSE.exe                  7424 N/A                                        
MicrosoftEdgeCP.exe           1488 N/A                                        
procexp.exe                   4132 N/A                                        
procexp64.exe                 3716 N/A                                        
jucheck.exe                   7136 N/A                                        
SearchProtocolHost.exe        1136 N/A                                        
svchost.exe                  11852 ClipSVC                                    
RuntimeBroker.exe             4076 N/A                                        
svchost.exe                  11472 AppXSvc                                    
svchost.exe                   7012 camsvc                                     
MicrosoftEdgeCP.exe           9196 N/A                                        
SearchFilterHost.exe          8536 N/A                                        
svchost.exe                  11960 Appinfo                                    
audiodg.exe                  10176 N/A                                        
cmd.exe                      10160 N/A                                        
conhost.exe                   3624 N/A                                        
tasklist.exe                  9316 N/A                                        
 

Edited by Washetoo, 21 September 2018 - 07:59 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

Did the update solve your problem?


  • 0

#5
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

It is running better now and I was able to shut down the computer normally so if you do not see anything suspicious in those logs then there may not be anything wrong. 

 

When this problem started several months ago I was getting a lot of strange activity with Malwarebytes where the protection options were suddenly shut off and I could not switch them back on. Since then I heard about conflicts between Malwarebytes and McAfee that could be causing this so when I started to use this computer again I was still having the same issues with Malwarebytes and I removed it.  I updated McAfee and now I'm being prompted by them to buy their own version of malware and internet protection software.  So I am further inclined to believe that there are conflicts there that McAfee created.


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

I consider McAfee a virus.  Can't stand the program.  It's usually the lowest rated among the major anti-viruses and is nearly impossible to get rid of.  After you uninstall it you have to run a separate McAfee Removal Utility.  

 

https://service.mcaf...tate=jk61i8q0_9

 

I use the free Avast which works well with MBAM.

 

Since the issue seems to be resolved I'll give you my usual cleanup blurb:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.

You can run it any time that Chrome/Firefox seems slow starting.

If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.


If you use Facebook you need FB Purity: http://www.fbpurity.com/

To prevent a relatively new phishing attack:  In Firefox, type:

https://www.xn--80ak6aa92e.com/

If the URL changes to https://www.apple.cominstead of the correct value
type:
about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.


 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.


If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not latest.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP