Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Startupchecklibrary.dll Winscomrssrv.dll cant find on start up [Solved

Started by Bowza69 , Nov 01 2019 08:14 AM

  • This topic is locked This topic is locked

#1
Bowza69
Posted 01 November 2019 - 08:14 AM

Bowza69

    Member

  • Member
  • PipPip
  • 10 posts

Hi PC acting strange for a few days after trying Pixio software from a friend

 

both files in topic are reporting not found on start up

 

I get two windows chimes on boot up

 

also windows will not update.

 

I have ran Mcaffee antivirus from BT, this was missing when i first started checking, and has always been installed before, dont know when this stopped, so re downloaded and installed.

 

also bought and installed Total AV this found a few files it did not like.

 WinIPAC.CAB Heur/apc

mediaplayercodac pack plus v4.5.1.s  PUA/AD.installCore.B

pryAltSlave.exe  HEUR/ZPC

 

 

******************************************************

******************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2019
Ran by Dave (administrator) on DESKTOP-B2C17BD (01-11-2019 13:57:15)
Running from D:\FRST
Loaded Profiles: Dave (Available Profiles: Dave)
Platform: Windows 10 Pro Version 1809 17763.615 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(BRITISH TELECOMMUNICATIONS PLC -> BT) C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe
(Cole Williams Software Limited -> ) C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Facebook Inc) C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_19_7\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_5.1904.8017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [winlogui] => C:\WINDOWS\system32\winlogui.exe [5120 2019-07-17] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2019-10-09] (Discord Inc. -> Discord Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27146448 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [912776 2019-08-01] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [SynchronossPC] => C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe [2874208 2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> BT)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [Discord] => C:\Users\Dave\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2018-11-11]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-02-15]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-04-13]
ShortcutTarget: Twitch.lnk -> C:\Users\Dave\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1430BBB9-C4D1-4D89-BCBC-0D830830DA39} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {2A515AFE-3B1B-4E98-ACD6-15D8C9A0A1B6} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {3037E774-0498-4FCA-AEB0-D13850D30A31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {30473C45-E59F-4F5C-8A93-0DE0F9140DD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {36437FDC-7426-4FC6-968E-4A01615EFB90} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {49B280B4-3087-499B-A2AD-47E7BB2ABFE7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-08-01] (Nota Inc. -> Nota Inc.)
Task: {5BA57DAA-BE19-4C8F-8773-520DE6E7825F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F95F785-814D-45FF-9251-26A3B5E84A70} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-08-01] (Nota Inc. -> Nota Inc.)
Task: {77FC5F34-BCE0-4385-B31C-8EA167F2E868} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {87A1399E-0C06-4379-AC6C-E86986D577A3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {997E448F-020A-4A9C-89FC-2CE1E92F3AA5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4546112 2019-07-08] (McAfee, LLC -> McAfee, LLC.)
Task: {9E10BC46-4DD1-4539-85FD-462432ABECF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {A0A16883-3483-4CBA-B193-8C9F9CC8CCB3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0B2FF28-DEC7-4C0A-8B20-F0710A380288} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A1551FF9-0D9E-4123-958F-B82A509B3433} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ABCD32AB-0067-4D6D-85A4-3A9139A32E14} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {ABFDB273-AA0B-4424-AC99-842E2D3559E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ADB50EB6-839C-4B24-97EB-1E62D330900D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AEA77805-2D1A-418F-9DAE-800145B30B48} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B9F1DD05-21A9-4E77-B749-ADFA55A20E10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2018-10-01] (Apple Inc. -> Apple Inc.)
Task: {BD315901-C2CE-400B-9CF4-3ACD14C934F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D88068E8-647D-406C-9445-FFC976FA2E81} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2019-07-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DB18667D-BEE6-4469-958E-A03B10992F6E} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {DD2A64AD-8F2A-4C73-8096-7812D5FA85A8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EDB52BAC-9635-496F-BBBB-4125F9EE71B0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FCF6DA57-8F5C-4BCD-A7EC-59A70DF2E41C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.101\DADUpdater.exe [4134976 2019-10-17] (McAfee, Inc. -> McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4e8a697d-e1a8-4d22-97b2-990cdc3b26c0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6c2173d6-8f91-426e-9780-843ae995e8bf}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2019-07-25] (Adobe Systems Incorporated -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2019-07-25] (Adobe Systems Incorporated -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://kcnahncmjobdbpabldpbldbfcieeoloj/ntp.html"
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR Notifications: Default -> hxxps://mintguide.org; hxxps://techzillo.com; hxxps://www.devonlive.com; hxxps://www.digitalcameraworld.com; hxxps://www.duolingo.com; hxxps://www.jdsports.co.uk; hxxps://www.pinterest.co.uk; hxxps://www.plymouthherald.co.uk; hxxps://www.selectfashion.co.uk; hxxps://www.tomtom.com; hxxps://www.tui.co.uk; hxxps://www.tuifly.be
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2019-11-01]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-21]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-10-01]
CHR Extension: (Maps & Directions by MyMapsExpress) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnahncmjobdbpabldpbldbfcieeoloj [2019-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-29]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-26]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-566713143-4107614601-1362537991-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc. -> Apple Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-04-03] (ASUSTeK Computer Inc. -> ) [File not signed]
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [34512 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [785024 2018-09-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_7\McApExe.exe [747384 2019-08-23] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1720032 2019-08-09] (McAfee, LLC -> McAfee, LLC.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA Corporation -> NVIDIA)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1362400 2019-08-09] (McAfee, LLC. -> McAfee, Inc.)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [5189808 2019-10-22] (Protected Antivirus Limited -> TotalAV)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA Corporation -> NVIDIA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [195504 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [195816 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75696 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 cpuz146; C:\WINDOWS\temp\cpuz146\cpuz146_x64.sys [52824 2019-11-01] (CPUID -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [564584 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108904 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdi.inf_amd64_083e361abca28d10\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvoclk64; C:\WINDOWS\system32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corporation -> NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [19456 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [79048 2019-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-01 13:38 - 2019-11-01 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-11-01 06:39 - 2019-11-01 13:57 - 000000000 ____D C:\FRST
2019-11-01 06:38 - 2019-11-01 06:38 - 001619456 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2019-11-01 06:29 - 2019-11-01 06:29 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-11-01 06:10 - 2019-07-01 14:04 - 000195816 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2019-11-01 06:10 - 2019-07-01 14:04 - 000195504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2019-11-01 06:10 - 2019-07-01 14:04 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2019-11-01 06:01 - 2019-11-01 06:01 - 000001085 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2019-11-01 06:01 - 2019-11-01 06:01 - 000001060 _____ C:\Users\Public\Desktop\TotalAV.lnk
2019-11-01 06:01 - 2019-11-01 06:01 - 000001060 _____ C:\ProgramData\Desktop\TotalAV.lnk
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\Users\Dave\Documents\TotalAV
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\Users\Dave\AppData\Roaming\TotalAV
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-11-01 06:01 - 2019-10-15 16:51 - 000079048 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\webshieldfilter.sys
2019-11-01 06:00 - 2019-11-01 09:44 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-11-01 06:00 - 2019-11-01 06:00 - 013112192 _____ C:\Users\Dave\Downloads\TotalAV_Setup.exe
2019-10-31 08:16 - 2019-10-31 08:16 - 000000000 ____D C:\Users\Dave\Desktop\Tor Browser
2019-10-31 08:15 - 2019-10-31 08:16 - 066777040 _____ C:\Users\Dave\Downloads\torbrowser-install-win64-9.0_en-US.exe
2019-10-30 09:51 - 2019-10-30 20:36 - 000000000 ____D C:\Users\Dave\AppData\Roaming\tor
2019-10-28 19:08 - 2019-10-29 12:56 - 000000000 ____D C:\Program Files\McAfee
2019-10-28 19:08 - 2019-10-28 19:08 - 000000000 ____D C:\Program Files\Common Files\AV
2019-10-28 18:44 - 2019-10-28 18:45 - 000000000 ___HD C:\$WINDOWS.~BT
2019-10-27 07:45 - 2019-10-27 07:45 - 000053981 _____ C:\Users\Dave\Downloads\MonthlyStatement 29_06_2019 (3).pdf
2019-10-23 19:50 - 2019-10-23 19:50 - 000000000 ____D C:\ProgramData\Avanquest Software
2019-10-23 19:49 - 2019-10-28 18:30 - 000000000 ____D C:\Users\Dave\AppData\Local\Avanquest
2019-10-23 19:49 - 2019-10-28 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio
2019-10-23 19:49 - 2019-10-23 19:49 - 000000000 ____D C:\Users\Public\Documents\Avanquest Software
2019-10-23 19:49 - 2019-10-23 19:49 - 000000000 ____D C:\ProgramData\Documents\Avanquest Software
2019-10-23 19:46 - 2019-10-28 18:30 - 000000000 ____D C:\ProgramData\Configuration
2019-10-20 18:11 - 2019-10-20 18:11 - 000094097 _____ C:\Users\Dave\Downloads\jekyll-knowledge-organiser.pptx
2019-10-16 20:03 - 2019-10-31 08:20 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\uTorrent
2019-10-13 14:30 - 2019-10-29 12:32 - 000000000 ____D C:\Program Files (x86)\Origin
2019-10-13 14:30 - 2019-10-28 22:32 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Origin
2019-10-13 14:29 - 2019-10-13 14:31 - 000000000 ____D C:\Users\Dave\AppData\Local\Origin
2019-10-11 17:42 - 2019-10-29 12:32 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Discord
2019-10-11 17:42 - 2019-10-29 12:32 - 000000000 ____D C:\Users\Dave\AppData\Local\Discord
2019-10-11 17:42 - 2019-10-11 17:42 - 000002273 _____ C:\Users\Dave\Desktop\Discord.lnk
2019-10-10 13:10 - 2019-10-10 13:10 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2019-10-09 18:50 - 2019-10-10 06:45 - 000041529 _____ C:\Users\Dave\Documents\Viking facts by alice.pptx
2019-10-09 16:18 - 2019-10-09 16:20 - 061370712 _____ (Discord Inc.) C:\Users\Dave\Downloads\DiscordSetup.exe
2019-10-09 16:17 - 2019-10-09 16:17 - 000000000 ____D C:\Users\Dave\AppData\Local\Deployment
2019-10-09 11:21 - 2019-10-09 12:08 - 000000000 ____D C:\WINDOWS\pss
2019-10-08 13:00 - 2019-10-08 13:00 - 000002801 _____ C:\Users\Dave\Documents\CV 2019 general.txt
2019-10-08 12:55 - 2019-10-08 13:23 - 000022700 _____ C:\Users\Dave\Documents\CV 2019 general.odt
2019-10-08 07:08 - 2019-10-08 07:08 - 000051443 _____ C:\Users\Dave\Desktop\timetable_export20191008-1-3non4p (1).pdf
2019-10-08 07:07 - 2019-10-08 07:07 - 000051443 _____ C:\Users\Dave\Documents\timetable_export20191008-1-3non4p.pdf
2019-10-03 18:32 - 2019-10-30 13:32 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2019-10-03 18:32 - 2019-10-29 12:21 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-10-03 18:32 - 2019-10-29 12:21 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-01 13:31 - 2019-05-12 20:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-01 12:59 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-01 12:25 - 2017-11-18 16:14 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-01 09:48 - 2019-05-12 20:17 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-01 09:48 - 2018-09-15 07:31 - 000000000 ____D C:\WINDOWS\INF
2019-11-01 09:44 - 2019-05-12 20:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-01 09:43 - 2018-09-15 06:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-01 09:42 - 2019-02-16 16:04 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
2019-11-01 06:58 - 2019-05-12 20:07 - 000442304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-01 06:54 - 2019-07-25 13:09 - 000000000 ____D C:\Users\Dave\AppData\Roaming\pacificpoker
2019-11-01 06:30 - 2019-04-02 09:15 - 000000000 ____D C:\Program Files (x86)\Star Stable Online
2019-11-01 06:28 - 2017-11-19 10:29 - 000000000 ____D C:\ProgramData\Nero
2019-11-01 06:26 - 2019-05-08 15:14 - 000000000 ____D C:\Users\Dave\AppData\Roaming\IrfanView
2019-11-01 06:26 - 2019-05-08 15:14 - 000000000 ____D C:\Program Files\IrfanView
2019-11-01 05:56 - 2018-03-05 09:38 - 000000000 ___HD C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2019-11-01 05:52 - 2019-05-12 20:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2019-11-01 05:52 - 2018-05-14 15:26 - 000000000 ___RD C:\Users\Dave\iCloudDrive
2019-10-31 22:22 - 2019-05-12 20:14 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{907F8551-7A3F-4E95-BC93-A5BEB3AED07B}
2019-10-31 08:18 - 2019-05-20 20:59 - 000000000 ____D C:\Users\Dave\AppData\Local\BitTorrentHelper
2019-10-31 08:15 - 2018-02-11 17:02 - 000000000 ___HD C:\Users\Dave\AppData\Local\CrashDumps
2019-10-30 20:59 - 2017-11-18 17:12 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-10-30 18:16 - 2018-12-08 16:11 - 000000000 ____D C:\Users\Dave\Desktop\New folder pics(2)
2019-10-30 09:58 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-29 14:55 - 2018-08-19 16:33 - 000000000 ___HD C:\Users\Dave\AppData\Local\D3DSCache
2019-10-29 13:53 - 2019-05-12 20:14 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2019-10-29 12:56 - 2017-11-20 15:19 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-29 12:56 - 2017-11-18 17:10 - 000000000 ____D C:\Program Files\Common Files\McAfee
2019-10-29 12:55 - 2019-05-12 20:14 - 000003332 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2019-10-29 12:52 - 2019-07-17 06:27 - 000000000 ____D C:\ProgramData\McAfee
2019-10-29 12:52 - 2018-09-15 07:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-29 12:32 - 2019-07-22 15:28 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Stellarium
2019-10-29 12:32 - 2019-05-12 20:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2019-10-29 12:32 - 2018-06-26 11:45 - 000000000 ___HD C:\Users\Dave\AppData\Local\gtk-2.0
2019-10-29 12:32 - 2018-05-14 15:32 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-10-29 12:32 - 2018-05-14 15:26 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2019-10-29 12:32 - 2017-11-20 17:03 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-10-29 12:31 - 2018-09-15 07:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-29 12:31 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\registration
2019-10-29 12:16 - 2018-01-28 12:08 - 000000000 ____D C:\ProgramData\Origin
2019-10-29 11:33 - 2019-05-12 20:09 - 000000000 ____D C:\Users\Dave
2019-10-28 19:10 - 2018-09-15 06:09 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-10-28 18:45 - 2019-05-12 18:44 - 000000000 ___DC C:\WINDOWS\Panther
2019-10-16 21:19 - 2018-06-26 11:41 - 000000000 ___HD C:\Users\Dave\AppData\Local\babl-0.1
2019-10-13 15:08 - 2017-11-20 17:03 - 000000000 ____D C:\Users\Dave\AppData\Local\SquirrelTemp
2019-10-11 17:26 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-10-11 17:25 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-09 16:20 - 2019-07-25 13:09 - 000000000 ____D C:\Users\Dave\Documents\888poker
2019-10-09 15:41 - 2019-06-20 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2019-10-09 12:05 - 2019-07-17 06:26 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-10-09 11:12 - 2018-05-14 15:26 - 000000000 ___HD C:\Users\Dave\AppData\Local\172FC105-D730-4286-9A8E-1AF03EC9789F.aplzod
2019-10-08 12:59 - 2019-06-20 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2019-10-08 12:58 - 2019-07-15 12:40 - 000023525 _____ C:\Users\Dave\Documents\CV 2019 v1.odt
2019-10-07 06:33 - 2018-01-28 12:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-10-03 06:58 - 2018-04-25 20:09 - 000000000 ____D C:\ProgramData\CLink4
2019-10-02 16:58 - 2019-05-12 20:14 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-02 16:58 - 2019-05-12 20:14 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-02 16:58 - 2017-11-20 15:18 - 000000000 ____D C:\Program Files (x86)\Google
 
==================== Files in the root of some directories ========
 
2019-06-20 19:47 - 2019-07-07 16:34 - 000005632 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-06-09 19:17 - 2019-06-09 19:17 - 000000000 _____ () C:\Users\Dave\AppData\Local\oobelibMkey.log
2019-06-03 16:13 - 2019-06-03 16:13 - 000022693 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
************************************************
************************************************
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by Dave (01-11-2019 13:57:50)
Running from D:\FRST
Windows 10 Pro Version 1809 17763.615 (X64) (2019-05-12 20:14:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-566713143-4107614601-1362537991-500 - Administrator - Disabled)
Dave (S-1-5-21-566713143-4107614601-1362537991-1001 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-566713143-4107614601-1362537991-503 - Limited - Disabled)
Guest (S-1-5-21-566713143-4107614601-1362537991-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-566713143-4107614601-1362537991-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: Total AV (Enabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Total AV (Enabled - Up to date) {1755713B-9494-6E81-A820-9E949B4A199E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Bridge CC 2019 (HKLM-x32\...\KBRG_9_0_2) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version:  - )
airnef v1.1 - Wirelessly download images and movies from your Nikon Camera! (HKLM-x32\...\testcams.com airnef) (Version: 1.1 - testcams.com)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.4.1 - ASUSTeK Computer Inc.)
Atari Vault (HKLM-x32\...\Atari Vault_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.21.2018 - BlueStack Systems, Inc.)
BT Cloud (HKLM\...\BT Cloud) (Version: 17.3.0.46 - BT Cloud)
BT Virus Protect (HKLM-x32\...\MSC) (Version: 16.0 R21 - McAfee, LLC.)
calibre (HKLM-x32\...\{AECEA345-D5A9-40DE-92E1-4828CAD0FEA3}) (Version: 3.47.1 - Kovid Goyal)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.10.20.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.2.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.7.0.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.30.1 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.19.10.0 - Canon Inc.)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Cooler Master Portal Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_COOLER_MASTER_PORTAL) (Version: 1.00 - Cooler Master)
Corsair LINK 4 (HKLM-x32\...\{40036d0c-634b-4fc0-be89-13343b4bea96}) (Version: 4.9.7.35 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{D97F4B31-5A7D-4A07-AC85-16D64FAB93E1}) (Version: 4.9.7.35 - Corsair Components, Inc.) Hidden
CPUID HWMonitor 1.40 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.40 - CPUID, Inc.)
Discord (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
EDEngineer (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\ced7325f031a438b) (Version: 1.1.4.1 - Max)
Elite Dangerous Launcher version 0.4.6568.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.6568.0 - Frontier Developments)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EQUtil (HKLM-x32\...\{5365BB9D-6D5D-4A82-A1E4-E8595FDAF25E}) (Version: 1.1.2 - Forsaken Worlds Software)
EverQuest II (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\DG0-EverQuest II) (Version:  - Sony Online Entertainment)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Game Installer (HKLM-x32\...\Game Installer 1.0.0) (Version: 1.0.0 - Intrepid Studios, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Gyazo 4.0.1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HWiNFO64 Version 6.04 (HKLM\...\HWiNFO64_is1) (Version: 6.04 - Martin Malík - REALiX)
iCloud (HKLM\...\{29C6B346-C29C-40CE-89EB-DF7C149E0EB9}) (Version: 7.7.0.27 - Apple Inc.)
Intrepid Studios Launcher (HKLM-x32\...\Launcher 1.0.114) (Version: 1.0.114 - Intrepid Studios, Inc.)
iTunes (HKLM\...\{7DDA6271-F51E-4BE5-AAE9-5A8A4612FA43}) (Version: 12.9.0.167 - Apple Inc.)
Launcher (HKLM-x32\...\{57EBDBA4-CEEE-46D4-9B83-D020605160D4}) (Version: 1.0.114 - Intrepid Studios, Inc.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.78 - McAfee, LLC.)
Media Player Codec Pack 4.5.1 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.5.1 - Media Player Codec Pack)
Microsoft .NET Core Runtime - 2.0.7 (x64) (HKLM-x32\...\{b7cb6538-e06d-4f16-ae77-f9d8b79960f5}) (Version: 2.0.7.26407 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
Stellarium 0.19.1.1 (HKLM\...\Stellarium_is1) (Version: 0.19.1.1 - Stellarium team)
TeamSpeak 3 Client (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.56.52.1020 - Electronic Arts Inc.)
TomTom MyDrive Connect 4.2.5.3754 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.5.3754 - TomTom)
TotalAV (HKLM-x32\...\TotalAV) (Version: 5.2.27 - TotalAV)
Twitch (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
Packages:
=========
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-10-29] (Facebook Inc)
Kodi -> C:\Program Files\WindowsApps\XBMCFoundation.Kodi_18.3.500.0_x64__4n2hpmxwrvr6p [2019-10-29] (XBMC Foundation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Studios) [MS Ad]
MineSweeper (Free) -> C:\Program Files\WindowsApps\50834ZAppsStudio.MineSweeperFree_1.1.22.0_x64__fr8j70y4p4pst [2019-10-29] (Z Apps Studio) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_17.30.3.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation)
Photos Opener For Win10 -> C:\Program Files\WindowsApps\38526MediaLife.PhotosOpenerForWin10_0.0.7.0_x64__1crh1k73ty8mg [2019-10-29] (Media Life)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2019-10-29] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{47d3ca42-2728-48d2-9875-4f46ef602aa9} -> [BT Cloud] => K:\BT Cloud0
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-01] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
ContextMenuHandlers5: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\system32\ff_vfw.dll [141504 2016-12-14] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\WINDOWS\system32\lagarith.dll [163008 2016-09-21] (Cole Williams Software Limited ->  )
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [126656 2016-12-14] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-21] (Cole Williams Software Limited ->  )
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\LameACM.acm [756224 2012-02-28] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [msacm.aacacm] => C:\Windows\SysWOW64\AACACM.acm [294912 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2019-03-27 08:01 - 2019-03-27 08:02 - 262255104 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\App.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000816640 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000087040 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000998400 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000829952 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 006719488 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000453120 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 064193536 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 001305600 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000040448 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000883200 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000368128 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000015872 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 021368832 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 004304384 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 001553408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000013312 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000372736 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000098304 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2018-03-29 16:56 - 2018-03-29 16:56 - 001272832 _____ (CPUID) [File not signed] C:\Program Files (x86)\CorsairLink4\cpuidsdk.dll
2018-12-26 18:55 - 2018-04-30 12:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 001524736 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MFC71.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 000978944 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MSVCP71.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 000520192 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MSVCR71.dll
2018-02-26 12:56 - 2018-02-26 12:56 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\CorsairLink4\SiUSBXp.dll
2019-11-01 06:01 - 2019-10-15 16:51 - 002648576 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll
2019-11-01 06:01 - 2019-10-15 16:51 - 000640512 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libssl-1_1.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [131]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 13:46 - 2018-11-03 17:37 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Nero BackItUp"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{21BE3364-C598-40EA-91D8-7471DE6E0ADA}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{9EE91BAB-0BC8-45A0-BAFB-39C4BFB78443}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{2837D90B-1433-42B9-BB6C-A9B93EE26C50}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{90C1D3DC-EBBB-41B1-9510-A045CE13605B}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{90C7F088-6FDC-45A7-A0FF-BEA2DE2D7B17}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{9CA089E3-96D2-4B82-9BC5-AB0B0669AB4E}] => (Allow) E:\Ashes of Creation Apocalypse\EasyAntiCheat\EasyAntiCheat_Setup.exe No File
FirewallRules: [{142B9F96-4B36-4AD8-9904-09642058449A}] => (Allow) E:\Ashes\updater.exe No File
FirewallRules: [{6C7F5B28-736B-49EE-B6C3-64A5AC1B7809}] => (Allow) E:\Ashes\resources\app.asar.unpacked\externals\patcher\Patcher.exe No File
FirewallRules: [{9B87695E-EBA5-4F4B-A6DB-32AEB729113F}] => (Allow) E:\Ashes\Intrepid Studios Launcher.exe No File
FirewallRules: [{5E2D6354-6FC9-463E-884E-D22FBC1BF992}] => (Allow) D:\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3ACDC24E-BB62-4BA4-861A-AA8427CD7666}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{DD219F6C-C419-486A-8A55-192388FBDC7E}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{05B6C5B2-4022-4ECB-899A-DE5C79335DDB}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{AA4CB73E-8C74-4BD9-9985-739305E9613E}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{5AD5EE8C-90BF-4110-8D1A-21C54D154CBD}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc.) [File not signed]
FirewallRules: [TCP Query User{E7BDDAE8-908F-420A-8583-BC3086D5540E}F:\eq2 october 2016\eq2voiceservice.exe] => (Allow) F:\eq2 october 2016\eq2voiceservice.exe No File
FirewallRules: [UDP Query User{55702FF5-9075-49B4-887A-85F8E62B0044}F:\eq2 october 2016\eq2voiceservice.exe] => (Allow) F:\eq2 october 2016\eq2voiceservice.exe No File
FirewallRules: [{01C04159-B27C-4CD0-B686-F05EAB66CED3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{4D2D5BE8-E7B2-415A-B625-04BB2D28C4B3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{E7711763-FA5C-4AF9-B828-23E2B2D7432C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{06D970DA-D4AD-4046-A68F-39E430B16E50}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe No File
FirewallRules: [{1F3F7222-6877-4156-98B4-1E9A1DF1C64B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe No File
FirewallRules: [{24BDE94D-06E6-4D91-B239-3E424D98F263}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{060F1F97-01B4-4B94-A13D-57CF68991C2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{23BD3B75-A521-45E8-8365-1AAFAC7AB649}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{C066DDBA-6D65-4DB8-8D20-20AA59C6142C}C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{A2150FCA-6A6C-4A03-9441-9FAC413614A6}C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{A8A84F84-3831-42C1-AD08-2B5CD2288EDA}D:\eq2 october 2016\eq2voiceservice.exe] => (Allow) D:\eq2 october 2016\eq2voiceservice.exe (Vivox Inc. -> Vivox Inc.)
FirewallRules: [UDP Query User{5B330DB6-5954-431E-9A4E-0411EE8B116B}D:\eq2 october 2016\eq2voiceservice.exe] => (Allow) D:\eq2 october 2016\eq2voiceservice.exe (Vivox Inc. -> Vivox Inc.)
FirewallRules: [{7A9D951A-AAEB-421F-8018-E6C047E1A24F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ECC2AAB9-2AAB-4DA0-A787-A74D92A667CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5639C9BC-8A9B-47A0-9B87-E3BD5CCF125E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{992DFDF5-CF86-4C75-B94D-4FF5AE480AC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{545FE976-1755-44AD-90D9-8D0171A3E801}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{325BA5DE-0A98-4D69-AB31-580DA81CA11A}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F336DA54-13BF-4BCA-9BED-B1D36C2DDBF1}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3A6E9548-9ADD-437F-B850-1A5695EA71BD}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{839ABFC4-367C-4468-98E1-D0587B286DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
21-10-2019 16:54:48 Scheduled Checkpoint
28-10-2019 18:29:09 Removed Apple Software Update
01-11-2019 06:26:43 Removed Nero 2018.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/01/2019 09:51:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2fcc
 
Start Time: 01d5909902c5dc8d
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: f1d6d269-480d-41e5-80c3-05883cd14ea4
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Cross-process
 
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (11/01/2019 06:01:50 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
 
System errors:
=============
Error: (11/01/2019 01:55:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/01/2019 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/01/2019 11:39:56 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/01/2019 11:35:30 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (11/01/2019 11:33:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (11/01/2019 10:29:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (11/01/2019 10:27:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (11/01/2019 10:18:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2019-05-12 21:15:02.507
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
 
CodeIntegrity:
===================================
 
Date: 2019-11-01 09:44:09.289
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-01 09:44:09.221
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-01 09:44:09.152
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-01 09:44:09.089
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-01 09:44:08.173
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-01 09:44:08.096
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-01 09:44:08.013
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-01 09:44:07.933
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1402 12/11/2015
Motherboard: ASUSTeK COMPUTER INC. Z170-A
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 30%
Total physical RAM: 16304.66 MB
Available physical RAM: 11312.04 MB
Total Virtual: 18736.66 MB
Available Virtual: 12452.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:236.66 GB) (Free:83.99 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:1370.14 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:478.61 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:238.35 GB) (Free:202.51 GB) NTFS
Drive g: (AV DVR) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive i: (Seagate) (Fixed) (Total:931.51 GB) (Free:746.9 GB) NTFS
 
\\?\Volume{137ad416-f156-4ae2-8f33-e35c2c2030c6}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
\\?\Volume{a04d7653-909e-4867-866f-a8336ca3a711}\ () (Fixed) (Total:0.86 GB) (Free:0.46 GB) NTFS
\\?\Volume{dbd54cbb-cc51-4e3b-a98c-7c65250c2320}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{6d874024-395b-47b7-8ac9-019123a2452f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 3 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: 039294DF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
iMacg3
Posted 01 November 2019 - 09:36 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Bowza69, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
Please give me some time to go over your logs and I will get back to you as soon as possible.
  • 0

#3
Bowza69
Posted 02 November 2019 - 04:49 AM

Bowza69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Thanks


  • 0

#4
iMacg3
Posted 02 November 2019 - 09:31 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Bowza69,

---------------------------------------------------
Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:

    TotalAV

  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.
---------------------------------------------------
Uninstall Chrome Extension(s)
  • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
  • Click the trash can icon next to the following extension(s):

    Maps & Directions by MyMapsExpress

  • A confirmation dialog will appear. Click Remove.
---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
CreateRestorePoint:
HKLM\...\Run: [winlogui] => C:\WINDOWS\system32\winlogui.exe [5120 2019-07-17] (Microsoft Corporation) [File not signed]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [AdobeBridge] => [X]
Task: {ABCD32AB-0067-4D6D-85A4-3A9139A32E14} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {DB18667D-BEE6-4469-958E-A03B10992F6E} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
CHR NewTab: Default ->  Not-active:"chrome-extension://kcnahncmjobdbpabldpbldbfcieeoloj/ntp.html"
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-566713143-4107614601-1362537991-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [131]
FirewallRules: [{9CA089E3-96D2-4B82-9BC5-AB0B0669AB4E}] => (Allow) E:\Ashes of Creation Apocalypse\EasyAntiCheat\EasyAntiCheat_Setup.exe No File
FirewallRules: [{142B9F96-4B36-4AD8-9904-09642058449A}] => (Allow) E:\Ashes\updater.exe No File
FirewallRules: [{6C7F5B28-736B-49EE-B6C3-64A5AC1B7809}] => (Allow) E:\Ashes\resources\app.asar.unpacked\externals\patcher\Patcher.exe No File
FirewallRules: [{9B87695E-EBA5-4F4B-A6DB-32AEB729113F}] => (Allow) E:\Ashes\Intrepid Studios Launcher.exe No File
FirewallRules: [TCP Query User{E7BDDAE8-908F-420A-8583-BC3086D5540E}F:\eq2 october 2016\eq2voiceservice.exe] => (Allow) F:\eq2 october 2016\eq2voiceservice.exe No File
FirewallRules: [UDP Query User{55702FF5-9075-49B4-887A-85F8E62B0044}F:\eq2 october 2016\eq2voiceservice.exe] => (Allow) F:\eq2 october 2016\eq2voiceservice.exe No File
FirewallRules: [{06D970DA-D4AD-4046-A68F-39E430B16E50}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe No File
FirewallRules: [{1F3F7222-6877-4156-98B4-1E9A1DF1C64B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe No File
VirusTotal: C:\Windows\SysWOW64\Codecs\TrayMenu.exe;C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe
Folder: C:\WINDOWS\system32\appmgmt
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
Farbar Recovery Scan Tool - Search
  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search: box:
     StartupCheckLibrary.dll;winscomrssrv.dll
  • Press the Search Files button.
  • When complete, FRST will generate a log in the same location it was run from (Search.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • Search.txt
  • Let me know how the computer is doing.

  • 0

#5
Bowza69
Posted 03 November 2019 - 02:31 AM

Bowza69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi iMacg3

 

thanks for your assistance , the two files are no longer appearing as missing. 

 

windows update is required, Am I ok to run this now?

 

 

 

 

*********************

Fix log txt 

*********************

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by Dave (03-11-2019 08:21:29) Run:1
Running from D:\FRST
Loaded Profiles: Dave (Available Profiles: Dave)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [winlogui] => C:\WINDOWS\system32\winlogui.exe [5120 2019-07-17] (Microsoft Corporation) [File not signed]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [AdobeBridge] => [X]
Task: {ABCD32AB-0067-4D6D-85A4-3A9139A32E14} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {DB18667D-BEE6-4469-958E-A03B10992F6E} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
CHR NewTab: Default ->  Not-active:"chrome-extension://kcnahncmjobdbpabldpbldbfcieeoloj/ntp.html"
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-566713143-4107614601-1362537991-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [131]
FirewallRules: [{9CA089E3-96D2-4B82-9BC5-AB0B0669AB4E}] => (Allow) E:\Ashes of Creation Apocalypse\EasyAntiCheat\EasyAntiCheat_Setup.exe No File
FirewallRules: [{142B9F96-4B36-4AD8-9904-09642058449A}] => (Allow) E:\Ashes\updater.exe No File
FirewallRules: [{6C7F5B28-736B-49EE-B6C3-64A5AC1B7809}] => (Allow) E:\Ashes\resources\app.asar.unpacked\externals\patcher\Patcher.exe No File
FirewallRules: [{9B87695E-EBA5-4F4B-A6DB-32AEB729113F}] => (Allow) E:\Ashes\Intrepid Studios Launcher.exe No File
FirewallRules: [TCP Query User{E7BDDAE8-908F-420A-8583-BC3086D5540E}F:\eq2 october 2016\eq2voiceservice.exe] => (Allow) F:\eq2 october 2016\eq2voiceservice.exe No File
FirewallRules: [UDP Query User{55702FF5-9075-49B4-887A-85F8E62B0044}F:\eq2 october 2016\eq2voiceservice.exe] => (Allow) F:\eq2 october 2016\eq2voiceservice.exe No File
FirewallRules: [{06D970DA-D4AD-4046-A68F-39E430B16E50}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe No File
FirewallRules: [{1F3F7222-6877-4156-98B4-1E9A1DF1C64B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe No File
VirusTotal: C:\Windows\SysWOW64\Codecs\TrayMenu.exe;C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe
Folder: C:\WINDOWS\system32\appmgmt
 
*****************
 
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\winlogui" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-566713143-4107614601-1362537991-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABCD32AB-0067-4D6D-85A4-3A9139A32E14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABCD32AB-0067-4D6D-85A4-3A9139A32E14}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB18667D-BEE6-4469-958E-A03B10992F6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB18667D-BEE6-4469-958E-A03B10992F6E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\pdpcpceofkopegffcdnffeenbfdldock => removed successfully
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\SOFTWARE\Google\Chrome\Extensions\pdpcpceofkopegffcdnffeenbfdldock => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pdpcpceofkopegffcdnffeenbfdldock => removed successfully
HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
C:\ProgramData\TEMP => ":9E00596C" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CA089E3-96D2-4B82-9BC5-AB0B0669AB4E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{142B9F96-4B36-4AD8-9904-09642058449A}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C7F5B28-736B-49EE-B6C3-64A5AC1B7809}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B87695E-EBA5-4F4B-A6DB-32AEB729113F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E7BDDAE8-908F-420A-8583-BC3086D5540E}F:\eq2 october 2016\eq2voiceservice.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{55702FF5-9075-49B4-887A-85F8E62B0044}F:\eq2 october 2016\eq2voiceservice.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06D970DA-D4AD-4046-A68F-39E430B16E50}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F3F7222-6877-4156-98B4-1E9A1DF1C64B}" => removed successfully
VirusTotal: C:\Windows\SysWOW64\Codecs\TrayMenu.exe => https://www.virustot...sis/1572756344/
VirusTotal: C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe => https://www.virustot...sis/1553527973/
 
========================= Folder: C:\WINDOWS\system32\appmgmt ========================
 
2019-11-01 06:29 - 2019-11-01 06:29 - 000000000 ___SD [00000000000000000000000000000000] () C:\WINDOWS\system32\appmgmt\MACHINE
2019-11-01 06:29 - 2019-11-01 06:29 - 000000000 ___SD [00000000000000000000000000000000] () C:\WINDOWS\system32\appmgmt\S-1-5-18
 
====== End of Folder: ======
 
 
==== End of Fixlog 08:21:41 ====
 
 
****************************************
Search txt
****************************************
 
Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by Dave (03-11-2019 08:24:42)
Running from D:\FRST
Boot Mode: Normal
 
================== Search Files: "StartupCheckLibrary.dll;winscomrssrv.dll" =============
 
 
====== End of Search ======

  • 0

#6
iMacg3
Posted 03 November 2019 - 10:23 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Bowza69,

Yes, you can run the Windows Update.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
C:\WINDOWS\system32\winlogui.exe
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • eset.txt

  • 0

#7
Bowza69
Posted 03 November 2019 - 11:49 AM

Bowza69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi

 

Windows updates did not run 

 

There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80080005)

 

ESTT

 

03/11/2019 17:42:23
Files scanned: 795269
Infected files: 2
Cleaned threats: 2
Total scan time 00:47:08
Scan status: Finished
 
 
C:\Users\Dave\AppData\Local\Temp\WebInstallerSD.exe a variant of Win32/CasinoRandLogic.A potentially unwanted application cleaned by deleting
C:\Users\Dave\Downloads\wzdu46.exe a variant of Win64/DriverReviver.A potentially unwanted application cleaned by deleting
 
 
*****************
 
Fixlog
 
*****************
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by Dave (03-11-2019 16:48:36) Run:2
Running from D:\FRST
Loaded Profiles: Dave (Available Profiles: Dave)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\WINDOWS\system32\winlogui.exe
 
*****************
 
C:\WINDOWS\system32\winlogui.exe => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 16:48:36 ====

  • 0

#8
iMacg3
Posted 03 November 2019 - 01:04 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Bowza69,

Let's try to resolve the Windows Updates issue.


---------------------------------------------------
Farbar Service Scanner

Download Farbar Service Scanner and save it to your desktop.
  • Right-click FSS.exe and select Run as Administrator.
  • Check the following boxes:
    Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
---------------------------------------------------
FRST scan
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FSS.txt
  • FRST.txt
  • Addition.txt

  • 0

#9
Bowza69
Posted 03 November 2019 - 01:46 PM

Bowza69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Thanks again

 

*************

FSS file

 

*************

Farbar Service Scanner Version: 27-01-2016
Ran by Dave (administrator) on 03-11-2019 at 19:39:39
Running from "C:\Users\Dave\Desktop"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "C:\WINDOWS\system32\svchost.exe -k netsvcs -p".
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
********************
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2019
Ran by Dave (administrator) on DESKTOP-B2C17BD (03-11-2019 19:42:05)
Running from C:\Users\Dave\Desktop\FRST
Loaded Profiles: Dave (Available Profiles: Dave)
Platform: Windows 10 Pro Version 1809 17763.615 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(BRITISH TELECOMMUNICATIONS PLC -> BT) C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe
(Cole Williams Software Limited -> ) C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Facebook Inc) C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_19_7\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_5.1904.8017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2019-10-09] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27146448 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [912776 2019-08-01] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [SynchronossPC] => C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe [2874208 2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> BT)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [Discord] => C:\Users\Dave\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2018-11-11]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-02-15]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-04-13]
ShortcutTarget: Twitch.lnk -> C:\Users\Dave\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1430BBB9-C4D1-4D89-BCBC-0D830830DA39} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {2A515AFE-3B1B-4E98-ACD6-15D8C9A0A1B6} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {3037E774-0498-4FCA-AEB0-D13850D30A31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {30473C45-E59F-4F5C-8A93-0DE0F9140DD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {36437FDC-7426-4FC6-968E-4A01615EFB90} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {49B280B4-3087-499B-A2AD-47E7BB2ABFE7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-08-01] (Nota Inc. -> Nota Inc.)
Task: {59CE5809-B532-45E8-B3E4-6284883EF6CD} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.7.382\mcdatrep.exe [1752728 2019-10-29] (McAfee, Inc. -> McAfee, LLC.)
Task: {5BA57DAA-BE19-4C8F-8773-520DE6E7825F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F95F785-814D-45FF-9251-26A3B5E84A70} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-08-01] (Nota Inc. -> Nota Inc.)
Task: {77FC5F34-BCE0-4385-B31C-8EA167F2E868} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {87A1399E-0C06-4379-AC6C-E86986D577A3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {997E448F-020A-4A9C-89FC-2CE1E92F3AA5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4546112 2019-07-08] (McAfee, LLC -> McAfee, LLC.)
Task: {9D85619E-7A4C-4347-B764-FD741AA71D87} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dave\Desktop\esetonlinescanner_enu.exe [8149816 2019-11-03] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {9E10BC46-4DD1-4539-85FD-462432ABECF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {A0A16883-3483-4CBA-B193-8C9F9CC8CCB3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0B2FF28-DEC7-4C0A-8B20-F0710A380288} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A1551FF9-0D9E-4123-958F-B82A509B3433} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ABFDB273-AA0B-4424-AC99-842E2D3559E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ADB50EB6-839C-4B24-97EB-1E62D330900D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AEA77805-2D1A-418F-9DAE-800145B30B48} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B9F1DD05-21A9-4E77-B749-ADFA55A20E10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2018-10-01] (Apple Inc. -> Apple Inc.)
Task: {BD315901-C2CE-400B-9CF4-3ACD14C934F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D88068E8-647D-406C-9445-FFC976FA2E81} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2019-07-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DD2A64AD-8F2A-4C73-8096-7812D5FA85A8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E115288A-C035-48D6-8842-57DCE2D4BB75} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dave\Desktop\esetonlinescanner_enu.exe [8149816 2019-11-03] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {EDB52BAC-9635-496F-BBBB-4125F9EE71B0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FCF6DA57-8F5C-4BCD-A7EC-59A70DF2E41C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.101\DADUpdater.exe [4134976 2019-10-17] (McAfee, Inc. -> McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4e8a697d-e1a8-4d22-97b2-990cdc3b26c0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6c2173d6-8f91-426e-9780-843ae995e8bf}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2019-07-25] (Adobe Systems Incorporated -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2019-07-25] (Adobe Systems Incorporated -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Notifications: Default -> hxxps://mintguide.org; hxxps://techzillo.com; hxxps://www.devonlive.com; hxxps://www.digitalcameraworld.com; hxxps://www.duolingo.com; hxxps://www.jdsports.co.uk; hxxps://www.pinterest.co.uk; hxxps://www.plymouthherald.co.uk; hxxps://www.selectfashion.co.uk; hxxps://www.tomtom.com; hxxps://www.tui.co.uk; hxxps://www.tuifly.be
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2019-11-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-03]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-03]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-26]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc. -> Apple Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-04-03] (ASUSTeK Computer Inc. -> ) [File not signed]
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [34512 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [785024 2018-09-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_7\McApExe.exe [747384 2019-08-23] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1720032 2019-08-09] (McAfee, LLC -> McAfee, LLC.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA Corporation -> NVIDIA)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1362400 2019-08-09] (McAfee, LLC. -> McAfee, Inc.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA Corporation -> NVIDIA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
S2 wuauserv; C:\WINDOWS\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75696 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 cpuz146; C:\WINDOWS\temp\cpuz146\cpuz146_x64.sys [52824 2019-11-03] (CPUID -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [564584 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108904 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdi.inf_amd64_083e361abca28d10\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvoclk64; C:\WINDOWS\system32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corporation -> NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [19456 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-03 19:41 - 2019-11-03 19:41 - 000000000 ____D C:\Users\Dave\Desktop\FRST
2019-11-03 19:39 - 2019-11-03 19:39 - 000003001 _____ C:\Users\Dave\Desktop\FSS.txt
2019-11-03 19:38 - 2019-11-03 19:38 - 000899584 _____ (Farbar) C:\Users\Dave\Desktop\FSS.exe
2019-11-03 18:02 - 2019-11-03 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-11-03 17:42 - 2019-11-03 17:42 - 000003804 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2019-11-03 17:42 - 2019-11-03 17:42 - 000003362 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2019-11-03 17:42 - 2019-11-03 17:42 - 000000806 _____ C:\Users\Dave\Desktop\eset.txt
2019-11-03 16:51 - 2019-11-03 16:51 - 000000807 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-11-03 16:51 - 2019-11-03 16:51 - 000000690 _____ C:\Users\Dave\Desktop\ESET Online Scanner.lnk
2019-11-03 16:51 - 2019-11-03 16:51 - 000000000 ____D C:\Users\Dave\AppData\Local\ESET
2019-11-03 16:50 - 2019-11-03 16:50 - 008149816 _____ (ESET spol. s r.o.) C:\Users\Dave\Desktop\esetonlinescanner_enu.exe
2019-11-01 20:45 - 2019-11-01 20:45 - 000996167 _____ C:\Users\Dave\Downloads\Policy Insurance Product Information Document.PDF
2019-11-01 20:45 - 2019-11-01 20:45 - 000036527 _____ C:\Users\Dave\Downloads\diaryemail.html
2019-11-01 20:34 - 2019-11-01 20:34 - 000098855 _____ C:\Users\Dave\Downloads\Transactions--601555-79181961--1-11-2019-1-11-2019.pdf
2019-11-01 06:39 - 2019-11-03 19:42 - 000000000 ____D C:\FRST
2019-11-01 06:38 - 2019-11-01 06:38 - 001619456 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2019-11-01 06:29 - 2019-11-01 06:29 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\Users\Dave\Documents\TotalAV
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-11-01 06:00 - 2019-11-01 06:00 - 013112192 _____ C:\Users\Dave\Downloads\TotalAV_Setup.exe
2019-10-31 08:16 - 2019-10-31 08:16 - 000000000 ____D C:\Users\Dave\Desktop\Tor Browser
2019-10-31 08:15 - 2019-10-31 08:16 - 066777040 _____ C:\Users\Dave\Downloads\torbrowser-install-win64-9.0_en-US.exe
2019-10-30 09:51 - 2019-10-30 20:36 - 000000000 ____D C:\Users\Dave\AppData\Roaming\tor
2019-10-28 19:08 - 2019-10-29 12:56 - 000000000 ____D C:\Program Files\McAfee
2019-10-28 19:08 - 2019-10-28 19:08 - 000000000 ____D C:\Program Files\Common Files\AV
2019-10-28 18:44 - 2019-10-28 18:45 - 000000000 ___HD C:\$WINDOWS.~BT
2019-10-23 19:50 - 2019-10-23 19:50 - 000000000 ____D C:\ProgramData\Avanquest Software
2019-10-23 19:49 - 2019-10-28 18:30 - 000000000 ____D C:\Users\Dave\AppData\Local\Avanquest
2019-10-23 19:49 - 2019-10-28 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio
2019-10-23 19:49 - 2019-10-23 19:49 - 000000000 ____D C:\Users\Public\Documents\Avanquest Software
2019-10-23 19:49 - 2019-10-23 19:49 - 000000000 ____D C:\ProgramData\Documents\Avanquest Software
2019-10-23 19:46 - 2019-10-28 18:30 - 000000000 ____D C:\ProgramData\Configuration
2019-10-16 20:03 - 2019-10-31 08:20 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\uTorrent
2019-10-13 14:30 - 2019-10-29 12:32 - 000000000 ____D C:\Program Files (x86)\Origin
2019-10-13 14:30 - 2019-10-28 22:32 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Origin
2019-10-13 14:29 - 2019-10-13 14:31 - 000000000 ____D C:\Users\Dave\AppData\Local\Origin
2019-10-11 17:42 - 2019-10-29 12:32 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Discord
2019-10-11 17:42 - 2019-10-29 12:32 - 000000000 ____D C:\Users\Dave\AppData\Local\Discord
2019-10-11 17:42 - 2019-10-11 17:42 - 000002273 _____ C:\Users\Dave\Desktop\Discord.lnk
2019-10-10 13:10 - 2019-10-10 13:10 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2019-10-09 16:18 - 2019-10-09 16:20 - 061370712 _____ (Discord Inc.) C:\Users\Dave\Downloads\DiscordSetup.exe
2019-10-09 16:17 - 2019-10-09 16:17 - 000000000 ____D C:\Users\Dave\AppData\Local\Deployment
2019-10-09 11:21 - 2019-10-09 12:08 - 000000000 ____D C:\WINDOWS\pss
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-03 19:33 - 2019-05-12 20:14 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{907F8551-7A3F-4E95-BC93-A5BEB3AED07B}
2019-11-03 19:18 - 2019-05-12 20:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-03 18:07 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-03 18:01 - 2019-05-12 20:17 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-03 18:01 - 2018-09-15 07:31 - 000000000 ____D C:\WINDOWS\INF
2019-11-03 17:59 - 2017-11-18 16:14 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-03 17:57 - 2019-05-12 20:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-03 17:56 - 2018-09-15 06:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-03 16:49 - 2018-09-15 06:09 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-11-03 16:44 - 2019-02-16 16:04 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
2019-11-03 16:05 - 2019-05-12 20:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2019-11-03 13:12 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-11-03 13:12 - 2018-03-05 09:38 - 000000000 ___HD C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2019-11-03 08:09 - 2019-07-25 13:09 - 000000000 ____D C:\Users\Dave\Documents\888poker
2019-11-02 19:44 - 2018-08-19 16:33 - 000000000 ___HD C:\Users\Dave\AppData\Local\D3DSCache
2019-11-02 11:42 - 2019-07-28 16:16 - 000001162 _____ C:\Users\Dave\Desktop\BT Cloud.lnk
2019-11-02 10:39 - 2018-06-26 10:21 - 000000000 ____D C:\ProgramData\Adobe
2019-11-02 10:39 - 2017-11-18 16:13 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Adobe
2019-11-02 06:50 - 2019-10-03 18:32 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-02 06:50 - 2019-10-03 18:32 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-01 06:58 - 2019-05-12 20:07 - 000442304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-01 06:54 - 2019-07-25 13:09 - 000000000 ____D C:\Users\Dave\AppData\Roaming\pacificpoker
2019-11-01 06:30 - 2019-04-02 09:15 - 000000000 ____D C:\Program Files (x86)\Star Stable Online
2019-11-01 06:28 - 2017-11-19 10:29 - 000000000 ____D C:\ProgramData\Nero
2019-11-01 06:26 - 2019-05-08 15:14 - 000000000 ____D C:\Users\Dave\AppData\Roaming\IrfanView
2019-11-01 06:26 - 2019-05-08 15:14 - 000000000 ____D C:\Program Files\IrfanView
2019-11-01 05:52 - 2018-05-14 15:26 - 000000000 ___RD C:\Users\Dave\iCloudDrive
2019-10-31 08:18 - 2019-05-20 20:59 - 000000000 ____D C:\Users\Dave\AppData\Local\BitTorrentHelper
2019-10-31 08:15 - 2018-02-11 17:02 - 000000000 ___HD C:\Users\Dave\AppData\Local\CrashDumps
2019-10-30 20:59 - 2017-11-18 17:12 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-10-30 13:32 - 2019-10-03 18:32 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2019-10-30 09:58 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-29 13:53 - 2019-05-12 20:14 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2019-10-29 12:56 - 2017-11-20 15:19 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-29 12:56 - 2017-11-18 17:10 - 000000000 ____D C:\Program Files\Common Files\McAfee
2019-10-29 12:55 - 2019-05-12 20:14 - 000003332 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2019-10-29 12:52 - 2019-07-17 06:27 - 000000000 ____D C:\ProgramData\McAfee
2019-10-29 12:52 - 2018-09-15 07:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-29 12:32 - 2019-07-22 15:28 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Stellarium
2019-10-29 12:32 - 2019-05-12 20:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2019-10-29 12:32 - 2018-06-26 11:45 - 000000000 ___HD C:\Users\Dave\AppData\Local\gtk-2.0
2019-10-29 12:32 - 2018-05-14 15:32 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-10-29 12:32 - 2018-05-14 15:26 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2019-10-29 12:32 - 2017-11-20 17:03 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-10-29 12:31 - 2018-09-15 07:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-29 12:31 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\registration
2019-10-29 12:16 - 2018-01-28 12:08 - 000000000 ____D C:\ProgramData\Origin
2019-10-29 11:33 - 2019-05-12 20:09 - 000000000 ____D C:\Users\Dave
2019-10-28 18:45 - 2019-05-12 18:44 - 000000000 ___DC C:\WINDOWS\Panther
2019-10-16 21:19 - 2018-06-26 11:41 - 000000000 ___HD C:\Users\Dave\AppData\Local\babl-0.1
2019-10-13 15:08 - 2017-11-20 17:03 - 000000000 ____D C:\Users\Dave\AppData\Local\SquirrelTemp
2019-10-11 17:26 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-10-11 17:25 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-09 15:41 - 2019-06-20 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2019-10-09 12:05 - 2019-07-17 06:26 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-10-09 11:12 - 2018-05-14 15:26 - 000000000 ___HD C:\Users\Dave\AppData\Local\172FC105-D730-4286-9A8E-1AF03EC9789F.aplzod
2019-10-08 12:59 - 2019-06-20 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2019-10-07 06:33 - 2018-01-28 12:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
 
==================== Files in the root of some directories ========
 
2019-06-20 19:47 - 2019-07-07 16:34 - 000005632 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-06-09 19:17 - 2019-06-09 19:17 - 000000000 _____ () C:\Users\Dave\AppData\Local\oobelibMkey.log
2019-06-03 16:13 - 2019-06-03 16:13 - 000022693 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by Dave (03-11-2019 19:42:41)
Running from C:\Users\Dave\Desktop\FRST
Windows 10 Pro Version 1809 17763.615 (X64) (2019-05-12 20:14:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-566713143-4107614601-1362537991-500 - Administrator - Disabled)
Dave (S-1-5-21-566713143-4107614601-1362537991-1001 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-566713143-4107614601-1362537991-503 - Limited - Disabled)
Guest (S-1-5-21-566713143-4107614601-1362537991-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-566713143-4107614601-1362537991-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version:  - )
airnef v1.1 - Wirelessly download images and movies from your Nikon Camera! (HKLM-x32\...\testcams.com airnef) (Version: 1.1 - testcams.com)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.4.1 - ASUSTeK Computer Inc.)
Atari Vault (HKLM-x32\...\Atari Vault_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.21.2018 - BlueStack Systems, Inc.)
BT Cloud (HKLM\...\BT Cloud) (Version: 17.3.0.46 - BT Cloud)
BT Virus Protect (HKLM-x32\...\MSC) (Version: 16.0 R21 - McAfee, LLC.)
calibre (HKLM-x32\...\{AECEA345-D5A9-40DE-92E1-4828CAD0FEA3}) (Version: 3.47.1 - Kovid Goyal)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.10.20.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.2.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.7.0.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.30.1 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.19.10.0 - Canon Inc.)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Cooler Master Portal Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_COOLER_MASTER_PORTAL) (Version: 1.00 - Cooler Master)
Corsair LINK 4 (HKLM-x32\...\{40036d0c-634b-4fc0-be89-13343b4bea96}) (Version: 4.9.7.35 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{D97F4B31-5A7D-4A07-AC85-16D64FAB93E1}) (Version: 4.9.7.35 - Corsair Components, Inc.) Hidden
CPUID HWMonitor 1.40 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.40 - CPUID, Inc.)
Discord (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
EDEngineer (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\ced7325f031a438b) (Version: 1.1.4.1 - Max)
Elite Dangerous Launcher version 0.4.6568.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.6568.0 - Frontier Developments)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EQUtil (HKLM-x32\...\{5365BB9D-6D5D-4A82-A1E4-E8595FDAF25E}) (Version: 1.1.2 - Forsaken Worlds Software)
EverQuest II (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\DG0-EverQuest II) (Version:  - Sony Online Entertainment)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Game Installer (HKLM-x32\...\Game Installer 1.0.0) (Version: 1.0.0 - Intrepid Studios, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Gyazo 4.0.1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HWiNFO64 Version 6.04 (HKLM\...\HWiNFO64_is1) (Version: 6.04 - Martin Malík - REALiX)
iCloud (HKLM\...\{29C6B346-C29C-40CE-89EB-DF7C149E0EB9}) (Version: 7.7.0.27 - Apple Inc.)
iTunes (HKLM\...\{7DDA6271-F51E-4BE5-AAE9-5A8A4612FA43}) (Version: 12.9.0.167 - Apple Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.78 - McAfee, LLC.)
Media Player Codec Pack 4.5.1 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.5.1 - Media Player Codec Pack)
Microsoft .NET Core Runtime - 2.0.7 (x64) (HKLM-x32\...\{b7cb6538-e06d-4f16-ae77-f9d8b79960f5}) (Version: 2.0.7.26407 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
Stellarium 0.19.1.1 (HKLM\...\Stellarium_is1) (Version: 0.19.1.1 - Stellarium team)
TeamSpeak 3 Client (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.56.52.1020 - Electronic Arts Inc.)
TomTom MyDrive Connect 4.2.5.3754 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.5.3754 - TomTom)
Twitch (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
Packages:
=========
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-10-29] (Facebook Inc)
Kodi -> C:\Program Files\WindowsApps\XBMCFoundation.Kodi_18.3.500.0_x64__4n2hpmxwrvr6p [2019-10-29] (XBMC Foundation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Studios) [MS Ad]
MineSweeper (Free) -> C:\Program Files\WindowsApps\50834ZAppsStudio.MineSweeperFree_1.1.22.0_x64__fr8j70y4p4pst [2019-10-29] (Z Apps Studio) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_17.30.3.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation)
Photos Opener For Win10 -> C:\Program Files\WindowsApps\38526MediaLife.PhotosOpenerForWin10_0.0.7.0_x64__1crh1k73ty8mg [2019-10-29] (Media Life)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2019-10-29] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{47d3ca42-2728-48d2-9875-4f46ef602aa9} -> [BT Cloud] => K:\BT Cloud0
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-01] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
ContextMenuHandlers5: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\system32\ff_vfw.dll [141504 2016-12-14] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\WINDOWS\system32\lagarith.dll [163008 2016-09-21] (Cole Williams Software Limited ->  )
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [126656 2016-12-14] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-21] (Cole Williams Software Limited ->  )
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\LameACM.acm [756224 2012-02-28] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [msacm.aacacm] => C:\Windows\SysWOW64\AACACM.acm [294912 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2019-03-27 08:01 - 2019-03-27 08:02 - 262255104 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\App.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000816640 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000087040 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000998400 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000829952 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 006719488 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000453120 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 064193536 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 001305600 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000040448 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000883200 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000368128 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000015872 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 021368832 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 004304384 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 001553408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000013312 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000372736 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000098304 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2018-03-29 16:56 - 2018-03-29 16:56 - 001272832 _____ (CPUID) [File not signed] C:\Program Files (x86)\CorsairLink4\cpuidsdk.dll
2018-12-26 18:55 - 2018-04-30 12:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 001524736 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MFC71.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 000978944 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MSVCP71.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 000520192 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MSVCR71.dll
2018-02-26 12:56 - 2018-02-26 12:56 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\CorsairLink4\SiUSBXp.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 13:46 - 2018-11-03 17:37 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Nero BackItUp"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{21BE3364-C598-40EA-91D8-7471DE6E0ADA}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{9EE91BAB-0BC8-45A0-BAFB-39C4BFB78443}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{2837D90B-1433-42B9-BB6C-A9B93EE26C50}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{90C1D3DC-EBBB-41B1-9510-A045CE13605B}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{90C7F088-6FDC-45A7-A0FF-BEA2DE2D7B17}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{5E2D6354-6FC9-463E-884E-D22FBC1BF992}] => (Allow) D:\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3ACDC24E-BB62-4BA4-861A-AA8427CD7666}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{DD219F6C-C419-486A-8A55-192388FBDC7E}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{05B6C5B2-4022-4ECB-899A-DE5C79335DDB}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{AA4CB73E-8C74-4BD9-9985-739305E9613E}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{5AD5EE8C-90BF-4110-8D1A-21C54D154CBD}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc.) [File not signed]
FirewallRules: [{01C04159-B27C-4CD0-B686-F05EAB66CED3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{4D2D5BE8-E7B2-415A-B625-04BB2D28C4B3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{E7711763-FA5C-4AF9-B828-23E2B2D7432C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{24BDE94D-06E6-4D91-B239-3E424D98F263}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{060F1F97-01B4-4B94-A13D-57CF68991C2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{23BD3B75-A521-45E8-8365-1AAFAC7AB649}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{C066DDBA-6D65-4DB8-8D20-20AA59C6142C}C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{A2150FCA-6A6C-4A03-9441-9FAC413614A6}C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{A8A84F84-3831-42C1-AD08-2B5CD2288EDA}D:\eq2 october 2016\eq2voiceservice.exe] => (Allow) D:\eq2 october 2016\eq2voiceservice.exe (Vivox Inc. -> Vivox Inc.)
FirewallRules: [UDP Query User{5B330DB6-5954-431E-9A4E-0411EE8B116B}D:\eq2 october 2016\eq2voiceservice.exe] => (Allow) D:\eq2 october 2016\eq2voiceservice.exe (Vivox Inc. -> Vivox Inc.)
FirewallRules: [{7A9D951A-AAEB-421F-8018-E6C047E1A24F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ECC2AAB9-2AAB-4DA0-A787-A74D92A667CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5639C9BC-8A9B-47A0-9B87-E3BD5CCF125E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{992DFDF5-CF86-4C75-B94D-4FF5AE480AC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{545FE976-1755-44AD-90D9-8D0171A3E801}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{325BA5DE-0A98-4D69-AB31-580DA81CA11A}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F336DA54-13BF-4BCA-9BED-B1D36C2DDBF1}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3A6E9548-9ADD-437F-B850-1A5695EA71BD}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{839ABFC4-367C-4468-98E1-D0587B286DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
01-11-2019 06:26:43 Removed Nero 2018.
02-11-2019 10:41:11 Removed Launcher
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/03/2019 08:28:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: a18
 
Start Time: 01d5921ffa501412
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: 9d2b90e2-b001-4e62-9e26-8246ad16df44
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Cross-process
 
Error: (11/03/2019 08:21:36 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (11/03/2019 08:21:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c85adfb5-b9ba-4981-b9c3-407d9f176d2b}
 
Error: (11/02/2019 10:45:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1e20
 
Start Time: 01d5916a98b773e0
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: aefea99c-cd74-4b7b-af5b-b808604a69da
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Cross-process
 
Error: (11/01/2019 04:05:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MFEAvSvc.exe, version: 22.6.156.0, time stamp: 0x5d540267
Faulting module name: MFEAvSvc.exe, version: 22.6.156.0, time stamp: 0x5d540267
Exception code: 0xc0000005
Fault offset: 0x000000000000f684
Faulting process ID: 0x291c
Faulting application start time: 0x01d5909903b78606
Faulting application path: C:\Program Files\McAfee\MfeAV\MFEAvSvc.exe
Faulting module path: C:\Program Files\McAfee\MfeAV\MFEAvSvc.exe
Report ID: fedc1ec7-2e8d-404c-82ca-6de4d79bb0b4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/01/2019 09:51:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2fcc
 
Start Time: 01d5909902c5dc8d
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: f1d6d269-480d-41e5-80c3-05883cd14ea4
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Cross-process
 
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
 
System errors:
=============
Error: (11/03/2019 07:37:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/03/2019 07:37:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (11/03/2019 07:35:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (11/03/2019 07:18:38 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/03/2019 06:44:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (11/03/2019 06:42:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/03/2019 06:42:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (11/03/2019 06:29:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2019-05-12 21:15:02.507
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
 
CodeIntegrity:
===================================
 
Date: 2019-11-03 07:59:53.919
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-03 07:59:53.849
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-03 07:59:53.746
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-03 07:59:53.689
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-03 07:59:46.587
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-03 07:59:46.525
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-03 07:59:46.361
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-11-03 07:59:46.302
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1402 12/11/2015
Motherboard: ASUSTeK COMPUTER INC. Z170-A
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 25%
Total physical RAM: 16304.66 MB
Available physical RAM: 12194.78 MB
Total Virtual: 18736.66 MB
Available Virtual: 13378.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:236.66 GB) (Free:116.15 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:1352.6 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:498.34 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:238.35 GB) (Free:204.95 GB) NTFS
Drive g: (AV DVR) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
 
\\?\Volume{137ad416-f156-4ae2-8f33-e35c2c2030c6}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
\\?\Volume{a04d7653-909e-4867-866f-a8336ca3a711}\ () (Fixed) (Total:0.86 GB) (Free:0.46 GB) NTFS
\\?\Volume{dbd54cbb-cc51-4e3b-a98c-7c65250c2320}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{6d874024-395b-47b7-8ac9-019123a2452f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 3 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#10
iMacg3
Posted 04 November 2019 - 09:53 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Bowza69,

---------------------------------------------------
Registry Script

Download wuauserv.reg and WinDefend.reg. Save both files to your desktop.
  • Double-click wuauserv.reg
  • Allow the information to be merged into the registry if prompted. (click Yes)
  • Restart the computer.
  • Repeat the process for WinDefend.reg.
Once complete, re-run Farbar Service Scanner (FSS.exe) and post the FSS.txt log.
  • 0

Advertisements

#11
Bowza69
Posted 05 November 2019 - 02:11 AM

Bowza69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi 

 

Done the above 

 

File 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2019
Ran by Dave (administrator) on DESKTOP-B2C17BD (05-11-2019 08:08:03)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave)
Platform: Windows 10 Pro Version 1809 17763.615 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(BRITISH TELECOMMUNICATIONS PLC -> BT) C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe
(Cole Williams Software Limited -> ) C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_19_7\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_5.1904.8017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [302904 2019-10-25] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2019-10-09] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27146448 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [912776 2019-08-01] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [SynchronossPC] => C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe [2874208 2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> BT)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [Discord] => C:\Users\Dave\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-10-25] (Apple Inc. -> Apple Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2018-11-11]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-02-15]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-04-13]
ShortcutTarget: Twitch.lnk -> C:\Users\Dave\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1430BBB9-C4D1-4D89-BCBC-0D830830DA39} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {2A515AFE-3B1B-4E98-ACD6-15D8C9A0A1B6} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {30473C45-E59F-4F5C-8A93-0DE0F9140DD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {36437FDC-7426-4FC6-968E-4A01615EFB90} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {49B280B4-3087-499B-A2AD-47E7BB2ABFE7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-08-01] (Nota Inc. -> Nota Inc.)
Task: {5BA57DAA-BE19-4C8F-8773-520DE6E7825F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F95F785-814D-45FF-9251-26A3B5E84A70} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-08-01] (Nota Inc. -> Nota Inc.)
Task: {77FC5F34-BCE0-4385-B31C-8EA167F2E868} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {87A1399E-0C06-4379-AC6C-E86986D577A3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {997E448F-020A-4A9C-89FC-2CE1E92F3AA5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4546112 2019-07-08] (McAfee, LLC -> McAfee, LLC.)
Task: {9D85619E-7A4C-4347-B764-FD741AA71D87} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dave\Desktop\esetonlinescanner_enu.exe [8149816 2019-11-03] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {9E10BC46-4DD1-4539-85FD-462432ABECF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {A0A16883-3483-4CBA-B193-8C9F9CC8CCB3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0B2FF28-DEC7-4C0A-8B20-F0710A380288} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A1551FF9-0D9E-4123-958F-B82A509B3433} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ABFDB273-AA0B-4424-AC99-842E2D3559E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ADB50EB6-839C-4B24-97EB-1E62D330900D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AEA77805-2D1A-418F-9DAE-800145B30B48} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B9F1DD05-21A9-4E77-B749-ADFA55A20E10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2019-10-25] (Apple Inc. -> Apple Inc.)
Task: {BD315901-C2CE-400B-9CF4-3ACD14C934F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4FAFCE3-3940-49DF-87D6-446DF1F9F7F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {D88068E8-647D-406C-9445-FFC976FA2E81} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2019-07-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DD2A64AD-8F2A-4C73-8096-7812D5FA85A8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E115288A-C035-48D6-8842-57DCE2D4BB75} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dave\Desktop\esetonlinescanner_enu.exe [8149816 2019-11-03] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {EDB52BAC-9635-496F-BBBB-4125F9EE71B0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FCF6DA57-8F5C-4BCD-A7EC-59A70DF2E41C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.101\DADUpdater.exe [4134976 2019-10-17] (McAfee, Inc. -> McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4e8a697d-e1a8-4d22-97b2-990cdc3b26c0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6c2173d6-8f91-426e-9780-843ae995e8bf}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2019-07-25] (Adobe Systems Incorporated -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2019-07-25] (Adobe Systems Incorporated -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Notifications: Default -> hxxps://mintguide.org; hxxps://techzillo.com; hxxps://www.devonlive.com; hxxps://www.digitalcameraworld.com; hxxps://www.duolingo.com; hxxps://www.jdsports.co.uk; hxxps://www.pinterest.co.uk; hxxps://www.plymouthherald.co.uk; hxxps://www.selectfashion.co.uk; hxxps://www.tomtom.com; hxxps://www.tui.co.uk; hxxps://www.tuifly.be
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2019-11-05]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-03]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-03]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-26]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-10-07] (Apple Inc. -> Apple Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-04-03] (ASUSTeK Computer Inc. -> ) [File not signed]
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [34512 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [785024 2018-09-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_7\McApExe.exe [747384 2019-08-23] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1720032 2019-08-09] (McAfee, LLC -> McAfee, LLC.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA Corporation -> NVIDIA)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1362400 2019-08-09] (McAfee, LLC. -> McAfee, Inc.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA Corporation -> NVIDIA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75696 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 cpuz146; C:\WINDOWS\temp\cpuz146\cpuz146_x64.sys [52824 2019-11-05] (CPUID -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [564584 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108904 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdi.inf_amd64_083e361abca28d10\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvoclk64; C:\WINDOWS\system32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corporation -> NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [19456 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-05 08:08 - 2019-11-05 08:08 - 000027329 _____ C:\Users\Dave\Desktop\FRST.txt
2019-11-05 08:04 - 2019-11-05 08:04 - 000007238 _____ C:\Users\Dave\Desktop\WinDefend.reg
2019-11-05 08:04 - 2019-11-05 08:04 - 000007020 _____ C:\Users\Dave\Desktop\wuauserv.reg
2019-11-05 08:01 - 2019-11-05 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-11-04 08:12 - 2019-11-04 08:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-11-04 08:11 - 2019-11-04 08:11 - 000001481 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-11-04 08:11 - 2019-11-04 08:11 - 000001481 _____ C:\ProgramData\Desktop\iTunes.lnk
2019-11-04 08:11 - 2019-11-04 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-11-04 08:11 - 2019-11-04 08:11 - 000000000 ____D C:\Program Files\iPod
2019-11-04 08:09 - 2019-11-04 08:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2019-11-04 08:09 - 2019-11-04 08:09 - 000000000 ____D C:\Program Files\Bonjour
2019-11-04 08:09 - 2019-11-04 08:09 - 000000000 ____D C:\Program Files (x86)\Bonjour
2019-11-04 08:09 - 2019-11-04 08:09 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-11-03 21:17 - 2019-11-03 21:17 - 000158448 _____ C:\Users\Dave\Downloads\Watchmen_S01E01_REAL_PROPER_1080p_WEB_h264_TBS.torrent
2019-11-03 19:41 - 2019-11-05 08:07 - 000000000 ____D C:\Users\Dave\Desktop\FRST
2019-11-03 19:41 - 2019-11-03 08:20 - 001619456 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2019-11-03 19:39 - 2019-11-03 19:39 - 000003001 _____ C:\Users\Dave\Desktop\FSS.txt
2019-11-03 19:38 - 2019-11-03 19:38 - 000899584 _____ (Farbar) C:\Users\Dave\Desktop\FSS.exe
2019-11-03 17:42 - 2019-11-03 17:42 - 000003804 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2019-11-03 17:42 - 2019-11-03 17:42 - 000003362 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2019-11-03 17:42 - 2019-11-03 17:42 - 000000806 _____ C:\Users\Dave\Desktop\eset.txt
2019-11-03 16:51 - 2019-11-03 16:51 - 000000807 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-11-03 16:51 - 2019-11-03 16:51 - 000000690 _____ C:\Users\Dave\Desktop\ESET Online Scanner.lnk
2019-11-03 16:51 - 2019-11-03 16:51 - 000000000 ____D C:\Users\Dave\AppData\Local\ESET
2019-11-03 16:50 - 2019-11-03 16:50 - 008149816 _____ (ESET spol. s r.o.) C:\Users\Dave\Desktop\esetonlinescanner_enu.exe
2019-11-01 20:45 - 2019-11-01 20:45 - 000996167 _____ C:\Users\Dave\Downloads\Policy Insurance Product Information Document.PDF
2019-11-01 20:45 - 2019-11-01 20:45 - 000036527 _____ C:\Users\Dave\Downloads\diaryemail.html
2019-11-01 20:34 - 2019-11-01 20:34 - 000098855 _____ C:\Users\Dave\Downloads\Transactions--601555-79181961--1-11-2019-1-11-2019.pdf
2019-11-01 06:39 - 2019-11-05 08:08 - 000000000 ____D C:\FRST
2019-11-01 06:38 - 2019-11-01 06:38 - 001619456 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2019-11-01 06:29 - 2019-11-01 06:29 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\Users\Dave\Documents\TotalAV
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-11-01 06:00 - 2019-11-01 06:00 - 013112192 _____ C:\Users\Dave\Downloads\TotalAV_Setup.exe
2019-10-31 08:16 - 2019-10-31 08:16 - 000000000 ____D C:\Users\Dave\Desktop\Tor Browser
2019-10-31 08:15 - 2019-10-31 08:16 - 066777040 _____ C:\Users\Dave\Downloads\torbrowser-install-win64-9.0_en-US.exe
2019-10-30 09:51 - 2019-10-30 20:36 - 000000000 ____D C:\Users\Dave\AppData\Roaming\tor
2019-10-28 19:08 - 2019-10-29 12:56 - 000000000 ____D C:\Program Files\McAfee
2019-10-28 19:08 - 2019-10-28 19:08 - 000000000 ____D C:\Program Files\Common Files\AV
2019-10-28 18:44 - 2019-10-28 18:45 - 000000000 ___HD C:\$WINDOWS.~BT
2019-10-23 19:50 - 2019-10-23 19:50 - 000000000 ____D C:\ProgramData\Avanquest Software
2019-10-23 19:49 - 2019-10-28 18:30 - 000000000 ____D C:\Users\Dave\AppData\Local\Avanquest
2019-10-23 19:49 - 2019-10-28 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio
2019-10-23 19:49 - 2019-10-23 19:49 - 000000000 ____D C:\Users\Public\Documents\Avanquest Software
2019-10-23 19:49 - 2019-10-23 19:49 - 000000000 ____D C:\ProgramData\Documents\Avanquest Software
2019-10-23 19:46 - 2019-10-28 18:30 - 000000000 ____D C:\ProgramData\Configuration
2019-10-16 20:03 - 2019-10-31 08:20 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\uTorrent
2019-10-13 14:30 - 2019-10-29 12:32 - 000000000 ____D C:\Program Files (x86)\Origin
2019-10-13 14:30 - 2019-10-28 22:32 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Origin
2019-10-13 14:29 - 2019-10-13 14:31 - 000000000 ____D C:\Users\Dave\AppData\Local\Origin
2019-10-11 17:42 - 2019-10-29 12:32 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Discord
2019-10-11 17:42 - 2019-10-29 12:32 - 000000000 ____D C:\Users\Dave\AppData\Local\Discord
2019-10-11 17:42 - 2019-10-11 17:42 - 000002273 _____ C:\Users\Dave\Desktop\Discord.lnk
2019-10-10 13:10 - 2019-10-10 13:10 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2019-10-09 16:18 - 2019-10-09 16:20 - 061370712 _____ (Discord Inc.) C:\Users\Dave\Downloads\DiscordSetup.exe
2019-10-09 16:17 - 2019-10-09 16:17 - 000000000 ____D C:\Users\Dave\AppData\Local\Deployment
2019-10-09 11:21 - 2019-10-09 12:08 - 000000000 ____D C:\WINDOWS\pss
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-05 08:08 - 2017-11-18 16:14 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-05 08:06 - 2019-05-12 20:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-05 08:06 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-05 08:05 - 2018-09-15 06:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-05 08:02 - 2019-05-12 20:17 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-05 08:02 - 2018-09-15 07:31 - 000000000 ____D C:\WINDOWS\INF
2019-11-05 07:59 - 2019-05-12 20:14 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{907F8551-7A3F-4E95-BC93-A5BEB3AED07B}
2019-11-05 07:56 - 2019-05-12 20:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2019-11-05 07:56 - 2018-09-15 06:09 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-11-04 22:07 - 2019-05-12 20:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-04 16:14 - 2019-02-16 16:04 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
2019-11-04 08:24 - 2019-05-12 20:09 - 000000000 ____D C:\Users\Dave
2019-11-04 08:24 - 2018-05-14 15:26 - 000000000 ___HD C:\Users\Dave\AppData\Local\Apple Inc
2019-11-04 08:24 - 2018-05-14 15:26 - 000000000 ___HD C:\Users\Dave\AppData\Local\172FC105-D730-4286-9A8E-1AF03EC9789F.aplzod
2019-11-04 08:09 - 2017-12-25 20:32 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2019-11-03 13:12 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-11-03 13:12 - 2018-03-05 09:38 - 000000000 ___HD C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2019-11-03 08:09 - 2019-07-25 13:09 - 000000000 ____D C:\Users\Dave\Documents\888poker
2019-11-02 19:44 - 2018-08-19 16:33 - 000000000 ___HD C:\Users\Dave\AppData\Local\D3DSCache
2019-11-02 11:42 - 2019-07-28 16:16 - 000001162 _____ C:\Users\Dave\Desktop\BT Cloud.lnk
2019-11-02 10:39 - 2018-06-26 10:21 - 000000000 ____D C:\ProgramData\Adobe
2019-11-02 10:39 - 2017-11-18 16:13 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Adobe
2019-11-02 06:50 - 2019-10-03 18:32 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-02 06:50 - 2019-10-03 18:32 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-01 06:58 - 2019-05-12 20:07 - 000442304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-01 06:54 - 2019-07-25 13:09 - 000000000 ____D C:\Users\Dave\AppData\Roaming\pacificpoker
2019-11-01 06:30 - 2019-04-02 09:15 - 000000000 ____D C:\Program Files (x86)\Star Stable Online
2019-11-01 06:28 - 2017-11-19 10:29 - 000000000 ____D C:\ProgramData\Nero
2019-11-01 06:26 - 2019-05-08 15:14 - 000000000 ____D C:\Users\Dave\AppData\Roaming\IrfanView
2019-11-01 06:26 - 2019-05-08 15:14 - 000000000 ____D C:\Program Files\IrfanView
2019-10-31 08:18 - 2019-05-20 20:59 - 000000000 ____D C:\Users\Dave\AppData\Local\BitTorrentHelper
2019-10-31 08:15 - 2018-02-11 17:02 - 000000000 ___HD C:\Users\Dave\AppData\Local\CrashDumps
2019-10-30 20:59 - 2017-11-18 17:12 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-10-30 13:32 - 2019-10-03 18:32 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2019-10-30 09:58 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-29 13:53 - 2019-05-12 20:14 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2019-10-29 12:56 - 2017-11-20 15:19 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-29 12:56 - 2017-11-18 17:10 - 000000000 ____D C:\Program Files\Common Files\McAfee
2019-10-29 12:55 - 2019-05-12 20:14 - 000003332 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2019-10-29 12:52 - 2019-07-17 06:27 - 000000000 ____D C:\ProgramData\McAfee
2019-10-29 12:52 - 2018-09-15 07:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-29 12:32 - 2019-07-22 15:28 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Stellarium
2019-10-29 12:32 - 2018-06-26 11:45 - 000000000 ___HD C:\Users\Dave\AppData\Local\gtk-2.0
2019-10-29 12:32 - 2017-11-20 17:03 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-10-29 12:31 - 2018-09-15 07:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-29 12:31 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\registration
2019-10-29 12:16 - 2018-01-28 12:08 - 000000000 ____D C:\ProgramData\Origin
2019-10-28 18:45 - 2019-05-12 18:44 - 000000000 ___DC C:\WINDOWS\Panther
2019-10-16 21:19 - 2018-06-26 11:41 - 000000000 ___HD C:\Users\Dave\AppData\Local\babl-0.1
2019-10-13 15:08 - 2017-11-20 17:03 - 000000000 ____D C:\Users\Dave\AppData\Local\SquirrelTemp
2019-10-11 17:26 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-10-11 17:25 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-09 15:41 - 2019-06-20 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2019-10-09 12:05 - 2019-07-17 06:26 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-10-08 12:59 - 2019-06-20 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2019-10-07 06:33 - 2018-01-28 12:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
 
==================== Files in the root of some directories ========
 
2019-06-20 19:47 - 2019-07-07 16:34 - 000005632 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-06-09 19:17 - 2019-06-09 19:17 - 000000000 _____ () C:\Users\Dave\AppData\Local\oobelibMkey.log
2019-06-03 16:13 - 2019-06-03 16:13 - 000022693 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#12
Bowza69
Posted 05 November 2019 - 04:53 AM

Bowza69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi Windows updates have now worked thanks.

 

I will monitor how things are and report back 6/11/2019


  • 0

#13
iMacg3
Posted 05 November 2019 - 08:27 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Bowza69,

It looks like you ran FRST, instead of Farbar Service Scanner (FSS), which will check the state of Windows services. Please re-run FSS (FSS.exe) and copy/paste the report to your reply.
  • 0

#14
Bowza69
Posted 06 November 2019 - 01:23 AM

Bowza69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

OOps Sorry yes mis read it,

 

Farbar Service Scanner Version: 27-01-2016
Ran by Dave (administrator) on 06-11-2019 at 07:21:50
Running from "C:\Users\Dave\Desktop"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#15
iMacg3
Posted 07 November 2019 - 05:05 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi Bowza69,

How is the computer doing?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP