Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mcafee Snoozed, Not loading, unable to Restore to previiors Error(0x80070091)


  • This topic is locked This topic is locked
92 replies to this topic

#1 midas1968

midas1968

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 26 February 2017 - 07:20 PM

Hi,  Sorry I couldn't download the Farbar, it wouldn't let me for Windows 10!!!

I noticed when I clicked on  my Mcafee the Real Time Scanning would keep acting like it was starting but the starting dot never finished.   I did the MVT(Virtual Tool for it) and it says Real Time Scanning is off and then after I click on it, says it fixed it,  which then I click on the Mcafee and it tries to do a update and at 75% it stalls and then after a little time it comes back with Warning that  "Your computer is at risk, real time scanning is off.

 

On my  Security and Maintenance page it says  Mcafee is in "SNOOZED" status, which there is hardly any real info on the net about this(people mention it but the only answer is 'They never heard of it"

 

I tried this several times and I Tried Restoring to earlier time but it refused and came back with this

AppxStaging   dest %ProgramFiles%\WindowsApps Error(0x80070091)

 

Since it wouldnt let me restore, I figured it was more than just mcafee so I tried malwarebites and it didn't find anything,  windows defender didn't find anything. i downloaded malewarebytes rootkit cleaner(beta)  and it found 6 malwares and I deleted those, though I'm not sure they were positive because I'm not sure how old the program is(older then windows 10?)

 

 

 

One of the things I deleted was

HKLM\Software\microsoftNT\currentversion\imagefileexecutionOptions\MRT.exe

 

And something  WOW6432node

and

msmpEng.exe

 

After i did research,Those appear to be Names of Windows 10 files (Possibly legit?)

 

Yesterday my firefox stopped allowing me to do anything but x out and I pulled up windows edge and after I clicked on any link, it would take me to a blank page

 

 

I tried everything a couple more times today and I figure I better get a expert since it started to affect me going on web browsers(after i did the Malwarebytes Root Kit clean I was able to get back on)

 

Thanks in Advance



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:00 AM

Posted 27 February 2017 - 10:14 PM

Greetings midas1968 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 midas1968

midas1968
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 28 February 2017 - 02:43 AM

Hi Gary,  Thanks for replying. I am Robert.

First I have to say I'm sorry!!! yesterday I was in touch with McaFee's tech support and they ported in and ended up doing the ole, Delete and Reinstall.  Which  so far looks like it has worked perfectly.

Now if you suggest this is fine and come back if I notice any problems, then that's what i'll do.

If you think I should check out if the damage is corrected or not then I'm ready to do that.

I am concerned that about not being able to system restore to another day and that my browser stopped letting me go to a 2nd page,  This was fixed after I did the Malewarebytes Rootkit fix,  And I'm concerned maybe it deleted some false postitives as they did identify as Windows programs(But the browser did work the next time?)

 

So if you think I should check things and want to help, That would certainly be good.

 

By the way, I didn't see any links to any program to scan my files and place a log on here, So I'll need a link or info on that if we proceed.

 

Thanks!!!!!!!!!



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:00 AM

Posted 28 February 2017 - 10:24 AM

Greetings Robert.

Let's take a look at things. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 midas1968

midas1968
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 28 February 2017 - 04:54 PM

Here is the first one

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by MyNewPC (administrator) on DESKTOP-FKISIUL (28-02-2017 15:47:25)
Running from C:\Users\MyNewPC\Downloads
Loaded Profiles: MyNewPC (Available Profiles: MyNewPC)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\MyNewPC\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKU\S-1-5-21-4144131933-962302157-3095954797-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{42deb1c0-f6b2-4d4e-b9cd-3f6a4c17c070}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 46lm3x8r.default
FF ProfilePath: C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default [2017-02-28]
FF Extension: (Min Vid) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\@min-vid.xpi [2017-01-27]
FF Extension: (Test Pilot) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\@testpilot-addon.xpi [2017-02-16]
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\ALone-live@ya.ru.xpi [2017-01-09]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-09-23]
FF Extension: (Simple YouTube to MP3/MP4 Converter and Downloader) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2017-01-24]
FF Extension: (NoScript) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-18]
FF Extension: (WOT) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-09-03]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
FF Extension: (Adblock Plus) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-02-08]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\features\{3f9e902b-d960-40a9-8d6a-1a124bcae4e9}\disableSHA1rollout@mozilla.org.xpi [2017-02-25]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0192811488232039mcinstcleanup; C:\WINDOWS\TEMP\019281~1.EXE [1027864 2016-11-28] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 15:47 - 2017-02-28 15:48 - 00018036 _____ C:\Users\MyNewPC\Downloads\FRST.txt
2017-02-28 15:46 - 2017-02-28 15:47 - 00000000 ____D C:\FRST
2017-02-28 15:45 - 2017-02-28 15:45 - 02423296 _____ (Farbar) C:\Users\MyNewPC\Downloads\FRST64(1).exe
2017-02-27 17:49 - 2017-02-28 15:41 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-27 17:49 - 2017-02-27 17:49 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-27 16:44 - 2017-02-27 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-26 20:12 - 2017-02-26 20:12 - 00002121 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2017-02-26 20:11 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2017-02-26 20:10 - 2017-02-26 20:10 - 00003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-02-26 20:10 - 2017-02-26 20:10 - 00000000 ____D C:\ProgramData\Intel Security
2017-02-26 20:09 - 2017-02-26 20:12 - 00000000 ____D C:\Program Files\McAfee
2017-02-26 20:09 - 2017-02-26 20:09 - 00000000 ____D C:\Program Files\McAfee.com
2017-02-26 20:09 - 2017-02-26 20:09 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-02-26 20:09 - 2017-02-26 20:09 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-26 20:06 - 2016-11-14 17:41 - 00342768 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2017-02-26 20:05 - 2017-02-27 23:59 - 00000000 ____D C:\ProgramData\McAfee
2017-02-26 20:05 - 2017-02-26 20:05 - 09447368 _____ (McAfee, Inc.) C:\Users\MyNewPC\Downloads\Setup_serial_gV_kAcORfic6gkcYyQezYQ2_key.exe
2017-02-26 19:56 - 2017-02-26 19:56 - 08486056 _____ (McAfee, Inc.) C:\Users\MyNewPC\Downloads\MCPR.exe
2017-02-26 19:51 - 2017-02-26 19:51 - 01853992 _____ (LogMeIn, Inc.) C:\Users\MyNewPC\Downloads\Support-LogMeInRescue.exe
2017-02-26 17:49 - 2017-02-26 17:53 - 02423296 _____ (Farbar) C:\Users\MyNewPC\Downloads\FRST64.exe
2017-02-26 00:30 - 2017-02-26 00:30 - 00000000 ___HD C:\$SysReset
2017-02-25 21:09 - 2017-02-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-25 21:07 - 2017-02-26 17:05 - 00000000 ____D C:\Users\MyNewPC\Desktop\mbar
2017-02-25 21:06 - 2017-02-25 21:07 - 16563352 _____ (Malwarebytes Corp.) C:\Users\MyNewPC\Downloads\mbar-1.09.3.1001.exe
2017-02-25 21:05 - 2017-02-25 21:05 - 00010570 _____ C:\Users\MyNewPC\Documents\cc_20170225_210511.reg
2017-02-25 19:24 - 2017-02-25 19:24 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\McAfee
2017-02-25 19:23 - 2017-02-25 19:23 - 00211312 _____ (McAfee, Inc.) C:\Users\MyNewPC\Downloads\mvt.exe
2017-02-25 19:15 - 2017-02-26 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-24 02:55 - 2017-02-24 02:55 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-24 02:55 - 2017-02-24 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-24 02:55 - 2017-02-24 02:55 - 00000000 ____D C:\Program Files\iTunes
2017-02-24 02:55 - 2017-02-24 02:55 - 00000000 ____D C:\Program Files\iPod
2017-02-21 12:49 - 2017-02-21 12:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 12:49 - 2017-02-21 12:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-20 18:22 - 2017-02-20 23:39 - 00000000 ____D C:\Users\MyNewPC\Downloads\season 1
2017-02-13 18:43 - 2017-02-13 18:45 - 00000000 ____D C:\Users\MyNewPC\Downloads\Paul Finch - Don't Read Alone
2017-02-13 18:37 - 2017-02-13 18:38 - 00000000 ____D C:\Users\MyNewPC\Downloads\Kim Newman - Anno Dracula 1899 And Other Stories (Unabridged)
2017-02-12 20:35 - 2017-02-13 03:40 - 00000000 ____D C:\Users\MyNewPC\Downloads\Terry Pratchett - The Witch's Vacuum Cleaner and Other Stories (Rhind-Tutt) 64k 03.52.40 {111mb}
2017-02-12 20:35 - 2017-02-12 20:53 - 00000000 ____D C:\Users\MyNewPC\Downloads\Tremblay, Paul - Disappearance at Devil's Rock - Bennett (Ch)
2017-02-12 20:27 - 2017-02-12 20:29 - 00000000 ____D C:\Users\MyNewPC\Downloads\Kit Power - GodBomb! (Unabridged)
2017-02-12 20:26 - 2017-02-12 20:31 - 00000000 ____D C:\Users\MyNewPC\Downloads\Little Heaven
2017-02-12 20:25 - 2017-02-12 20:26 - 00000000 ____D C:\Users\MyNewPC\Downloads\1996 - Lethal Kisses [Datlow] (Harris) 56k 15.43.58 {379mb}
2017-02-09 02:33 - 2017-02-09 02:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 02:33 - 2017-02-09 02:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 17:06 - 2017-02-06 17:13 - 00000000 ____D C:\Users\MyNewPC\Downloads\Kingdom of Heaven (2005) Directors Cut
2017-02-06 16:29 - 2017-02-06 16:31 - 00000000 ____D C:\Users\MyNewPC\Desktop\Medical History
2017-01-31 21:57 - 2017-01-31 21:58 - 08813488 _____ (Piriform Ltd) C:\Users\MyNewPC\Downloads\ccsetup526.exe
2017-01-31 21:57 - 2017-01-31 21:57 - 08813488 _____ (Piriform Ltd) C:\Users\MyNewPC\Downloads\ccsetup526(1).exe
2017-01-29 20:49 - 2017-01-29 20:57 - 00000000 ____D C:\Users\MyNewPC\Downloads\Ralph Compton - Trail Drive; 3 The Chisholm Trail

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 15:43 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-28 15:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-28 15:39 - 2016-11-20 05:04 - 00000000 ____D C:\Users\MyNewPC\AppData\LocalLow\Mozilla
2017-02-28 15:39 - 2016-09-07 02:05 - 00000000 ___RD C:\Users\MyNewPC\Dropbox
2017-02-28 15:38 - 2016-07-22 12:00 - 00000000 __SHD C:\Users\MyNewPC\IntelGraphicsProfiles
2017-02-28 01:19 - 2016-09-09 01:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 00:34 - 2016-09-22 15:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-27 21:30 - 2016-09-04 15:52 - 00000000 ____D C:\Users\MyNewPC\AppData\Local\Spotify
2017-02-27 19:00 - 2016-09-05 17:22 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\vlc
2017-02-27 18:58 - 2016-09-21 19:33 - 00000000 ____D C:\Users\MyNewPC\Desktop\Matt's Books
2017-02-27 18:36 - 2016-09-04 15:51 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\Spotify
2017-02-27 16:45 - 2016-09-07 02:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 15:46 - 2016-09-03 16:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-27 04:14 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-26 20:27 - 2016-09-22 15:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-26 20:27 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-26 20:11 - 2016-09-03 16:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-26 20:10 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-26 20:04 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-26 19:59 - 2016-09-22 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-26 17:06 - 2016-09-22 15:35 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-02-26 16:44 - 2016-09-09 01:14 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-26 16:21 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-26 00:39 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-25 20:56 - 2016-09-02 21:08 - 00000000 ____D C:\Users\MyNewPC\AppData\Local\ElevatedDiagnostics
2017-02-25 16:58 - 2016-09-22 15:41 - 00000000 ____D C:\Users\MyNewPC
2017-02-25 16:32 - 2016-09-21 17:49 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\uTorrent
2017-02-24 02:58 - 2016-11-19 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-24 02:58 - 2016-09-03 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-24 02:55 - 2016-09-03 18:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-24 02:52 - 2016-05-02 08:49 - 00000000 ____D C:\Users\MyNewPC\Desktop\Fantasy and Fear Magazine #1
2017-02-23 17:37 - 2016-09-03 16:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 17:35 - 2016-09-03 16:58 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 22:40 - 2016-10-23 23:49 - 00000000 ____D C:\Users\MyNewPC\Desktop\Movies
2017-02-22 22:14 - 2016-09-10 23:34 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\DC++
2017-02-22 22:14 - 2016-09-10 23:34 - 00000000 ____D C:\Users\MyNewPC\AppData\Local\DC++
2017-02-22 14:29 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 14:19 - 2016-12-07 17:20 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 14:19 - 2016-09-02 20:57 - 00002369 _____ C:\Users\MyNewPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 14:19 - 2016-07-22 12:03 - 00000000 ___RD C:\Users\MyNewPC\OneDrive
2017-02-16 22:43 - 2016-10-28 17:44 - 00000000 ____D C:\Users\MyNewPC\Desktop\Bobbie's Books
2017-02-06 19:33 - 2016-09-19 18:54 - 00000000 ____D C:\Users\MyNewPC\Desktop\Direct Wav Splits
2017-02-06 13:48 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 18:38 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-31 21:58 - 2016-10-17 18:22 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk

Some files in TEMP:
====================
2017-02-03 22:06 - 2017-02-03 22:06 - 0244264 _____ (McAfee, Inc.) C:\Users\MyNewPC\AppData\Local\Temp\McCSPInstall.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-19 18:59

==================== End of FRST.txt ============================



#6 midas1968

midas1968
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 28 February 2017 - 04:56 PM

Thanks Gary and Here is the Additional

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by MyNewPC (28-02-2017 15:49:02)
Running from C:\Users\MyNewPC\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-22 21:58:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4144131933-962302157-3095954797-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4144131933-962302157-3095954797-503 - Limited - Disabled)
Guest (S-1-5-21-4144131933-962302157-3095954797-501 - Limited - Disabled)
MyNewPC (S-1-5-21-4144131933-962302157-3095954797-1001 - Administrator - Enabled) => C:\Users\MyNewPC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audiobook Cutter Pro Edition (HKLM-x32\...\{FFD5A52E-DFB0-4049-9E36-DFB1A8F3A649}) (Version: 1.8.5 - Audiobook Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Electronic Arts Inc.)
DC++ 0.851 (HKLM-x32\...\DC++) (Version: 0.851 - Jacek Sieka)
Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.0.1013 - Foxit Software Inc.)
Free MP3 Cutter Joiner 10.6 (HKLM-x32\...\{02509E6E-B951-45A8-BF42-ACFAF0D6B4DA}}_is1) (Version: 10.6 - DVDVideoMedia, Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-4144131933-962302157-3095954797-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Spotify (HKU\S-1-5-21-4144131933-962302157-3095954797-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4144131933-962302157-3095954797-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BA0252E-6F3C-40D9-B168-C172D7A8DA30} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {24AF0151-1507-4D1E-84C6-4F7F8B7D818D} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {2F54192C-3709-44C2-8038-BAE6E53A0C3F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\MyNewPC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {31950267-019C-49D0-A230-ACA7B043C5E5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-07] (Dropbox, Inc.)
Task: {453346DD-F66E-483F-9C2A-D566A9D4963D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4C677C0E-308C-4E2C-9379-3EF923298F5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {F684CB3F-C409-4127-825C-B6146DCBA901} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {F735E98E-4715-47DB-8447-C563181A62BF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-07] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-29 11:04 - 2012-09-18 14:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2016-09-29 11:04 - 2012-09-18 14:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 05:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-14 05:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 05:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-22 18:30 - 2016-09-22 18:30 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:24 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:23 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:23 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 18:23 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:23 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:23 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 21:03 - 2017-02-22 21:03 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 21:03 - 2017-02-22 21:03 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 21:03 - 2017-02-22 21:03 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 13:57 - 2017-02-06 13:57 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-27 16:44 - 2017-02-21 12:58 - 00802112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-09-07 02:03 - 2017-01-25 15:03 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-07 02:03 - 2017-01-25 15:03 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-09-07 02:03 - 2017-01-25 15:03 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-09-07 02:03 - 2017-01-25 15:03 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-09-07 02:03 - 2017-01-25 15:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-27 16:44 - 2017-01-25 15:03 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-27 16:44 - 2017-01-25 15:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-27 16:44 - 2017-01-25 15:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-09-07 02:03 - 2017-01-25 15:06 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-27 16:44 - 2017-01-25 15:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-27 16:44 - 2017-01-25 15:06 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-07 02:03 - 2017-01-25 15:05 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-09-07 02:03 - 2017-01-25 15:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 19:05 - 2017-02-21 13:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 19:05 - 2017-02-21 13:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:05 - 2017-02-21 13:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:05 - 2017-02-21 13:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-27 16:44 - 2017-01-25 15:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-27 16:44 - 2017-02-21 13:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-27 16:44 - 2017-01-26 20:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-27 16:44 - 2017-02-21 13:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-27 16:44 - 2017-01-25 15:11 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-27 16:44 - 2017-01-25 15:11 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-27 16:44 - 2017-02-21 13:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MyNewPC\Desktop\Beyond the Aquila Rift - The Best of Alastair Reynolds.mp3:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\MyNewPC\Desktop\Gothic Tales of Terror.mp3:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-09-02 23:40 - 2016-09-02 23:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4144131933-962302157-3095954797-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{536E82F1-C819-49E7-9313-0555CD87A93C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat
FirewallRules: [{D1159A93-1121-403C-B802-2AECDD2C53CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37CA66FE-DD8A-4F45-BDCD-99C4D5C1211A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ABA41203-44F9-438A-83C3-197BD2A9D61F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FAFC996-7665-458E-BE54-2ACAD97C97AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6F1CF90-2220-4A17-BC5A-CCD2966CA142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C612979F-AD11-46DB-96AC-6AF2AAEDC857}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{936548DD-38A2-479A-A861-DE6ED7B5604C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{81449C1F-F7AA-43A7-98ED-8A71B8990B81}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{AB9FE2C8-5472-4AC4-9AE3-8C990B41A2B1}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{AD2EB2E1-BBA0-4713-B857-65AFCC7E84B4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{017B32A7-6DFB-45CD-AAFF-07812EB293F3}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{D25F3A74-1655-4994-A604-4E7C793010FA}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{1555D1E7-13DB-49B7-B3B5-268BF63F44FD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

08-02-2017 16:36:41 Scheduled Checkpoint
16-02-2017 17:27:03 Scheduled Checkpoint
22-02-2017 14:28:34 Windows Update
25-02-2017 23:32:35 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2017 04:44:40 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: (-2145452013) The system could not find the filter specified.

Error: (02/26/2017 08:27:49 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/26/2017 08:15:46 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/26/2017 08:01:25 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/26/2017 07:45:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcupdatemgr.exe, version: 4.0.3031.0, time stamp: 0x584869f0
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x1564
Faulting application start time: 0x01d2909b2b0db4d4
Faulting application path: C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e24a12db-e6d3-4d65-87d3-afbf75c9004e
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2017 07:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcupdatemgr.exe, version: 4.0.3031.0, time stamp: 0x584869f0
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x594
Faulting application start time: 0x01d2909a26ad31e5
Faulting application path: C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: b7161212-c458-497f-a021-31cca889b345
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2017 06:23:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcupdatemgr.exe, version: 4.0.3031.0, time stamp: 0x584869f0
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0xe4c
Faulting application start time: 0x01d2908fc0d99916
Faulting application path: C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9a95db28-259c-4193-87b6-c018437f39fb
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2017 06:08:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcupdatemgr.exe, version: 4.0.3031.0, time stamp: 0x584869f0
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0xb48
Faulting application start time: 0x01d2908d8d6370c7
Faulting application path: C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c696fde8-960e-47ee-b08c-4695a1377a45
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2017 06:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcupdatemgr.exe, version: 4.0.3031.0, time stamp: 0x584869f0
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x1604
Faulting application start time: 0x01d2908d35b5a55e
Faulting application path: C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a99bab8d-51e6-470c-9f18-ade6beb4ef1a
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2017 06:02:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcupdatemgr.exe, version: 4.0.3031.0, time stamp: 0x584869f0
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x136c
Faulting application start time: 0x01d2908cb739b15f
Faulting application path: C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1115f183-02be-4641-a4bd-d7eab8db79ca
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (02/28/2017 03:38:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 02:50:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2017 11:59:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (02/27/2017 11:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/27/2017 11:59:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/27/2017 11:59:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (02/27/2017 11:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/27/2017 11:59:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/27/2017 11:59:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (02/27/2017 11:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 59%
Total physical RAM: 3917.21 MB
Available physical RAM: 1576.29 MB
Total Virtual: 10573.21 MB
Available Virtual: 8174.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.21 GB) (Free:320.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BE1AEDE7)

Partition: GPT.

==================== End of Addition.txt ============================



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:00 AM

Posted 28 February 2017 - 05:29 PM

Hi Robert.

Those logs look fantastic. Have any of the previous issues returned, or are there any new issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 midas1968

midas1968
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 28 February 2017 - 05:48 PM

Hi Gary,  No issues to report.  I guess the only thing I'm concerned about now is that I wasn't able to restore to a previous point.  Course I haven't tried it since then(Tried it twice before and it didn't work)

 

Any suggestions on that?

 

Thanks Again



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:00 AM

Posted 28 February 2017 - 05:52 PM

Let's try to create a Restore Point by doing the following.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 midas1968

midas1968
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 28 February 2017 - 06:09 PM

Hi Gary, here it is.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by MyNewPC (28-02-2017 17:05:26) Run:1
Running from C:\Users\MyNewPC\Downloads\FRST-OlderVersion
Loaded Profiles: MyNewPC (Available Profiles: MyNewPC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
*****************

Restore point was successfully created.

==== End of Fixlog 17:05:52 ====



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:00 AM

Posted 28 February 2017 - 06:10 PM

Excellent. Now try to revert back to the Restore Point we just created.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 midas1968

midas1968
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 28 February 2017 - 06:22 PM

Hi Gary,

 

I went to the restore

and it's giving me a option of undoing a system restore from 2/25 of this year, and when I uncheck that box to click the other  "Choose a different restore point"  the option it gives me is the same date 2/25/2017.

Now there is a show more restore points box below that. I clicked and it only gives options from a older date????

 

I don't see one created for today?

Thanks in Advance!!!!!



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:00 AM

Posted 28 February 2017 - 06:29 PM

OK,

Run the Fixlist again to create a Restore Point. Immediately thereafter, without rebooting, run a new FRST scan. Please post all 3 reports. In addition, do this.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • Please copy and paste the contents of the FSS.txt report in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST log
  • Addition log
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 midas1968

midas1968
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 28 February 2017 - 07:22 PM

Here is the first 3

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by MyNewPC (28-02-2017 18:14:01) Run:2
Running from C:\Users\MyNewPC\Downloads\FRST-OlderVersion
Loaded Profiles: MyNewPC (Available Profiles: MyNewPC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
*****************

Restore point was successfully created.

==== End of Fixlog 18:14:25 ====

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by MyNewPC (28-02-2017 18:16:35)
Running from C:\Users\MyNewPC\Downloads\FRST-OlderVersion
Windows 10 Pro Version 1607 (X64) (2016-09-22 21:58:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4144131933-962302157-3095954797-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4144131933-962302157-3095954797-503 - Limited - Disabled)
Guest (S-1-5-21-4144131933-962302157-3095954797-501 - Limited - Disabled)
MyNewPC (S-1-5-21-4144131933-962302157-3095954797-1001 - Administrator - Enabled) => C:\Users\MyNewPC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audiobook Cutter Pro Edition (HKLM-x32\...\{FFD5A52E-DFB0-4049-9E36-DFB1A8F3A649}) (Version: 1.8.5 - Audiobook Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Electronic Arts Inc.)
DC++ 0.851 (HKLM-x32\...\DC++) (Version: 0.851 - Jacek Sieka)
Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.0.1013 - Foxit Software Inc.)
Free MP3 Cutter Joiner 10.6 (HKLM-x32\...\{02509E6E-B951-45A8-BF42-ACFAF0D6B4DA}}_is1) (Version: 10.6 - DVDVideoMedia, Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-4144131933-962302157-3095954797-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Spotify (HKU\S-1-5-21-4144131933-962302157-3095954797-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4144131933-962302157-3095954797-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BA0252E-6F3C-40D9-B168-C172D7A8DA30} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {2F54192C-3709-44C2-8038-BAE6E53A0C3F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\MyNewPC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {31950267-019C-49D0-A230-ACA7B043C5E5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-07] (Dropbox, Inc.)
Task: {3ABD9B50-8D9A-4DAA-829F-1A00B95354C4} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {453346DD-F66E-483F-9C2A-D566A9D4963D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4C677C0E-308C-4E2C-9379-3EF923298F5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {7843EF17-5F20-496B-8140-87FB15CA632F} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {F735E98E-4715-47DB-8447-C563181A62BF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-07] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 05:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-29 11:04 - 2012-09-18 14:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2016-09-29 11:04 - 2012-09-18 14:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-14 05:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-22 18:30 - 2016-09-22 18:30 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:24 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:23 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:23 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 18:23 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:23 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:23 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 21:03 - 2017-02-22 21:03 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 21:03 - 2017-02-22 21:03 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 21:03 - 2017-02-22 21:03 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 13:57 - 2017-02-06 13:57 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-27 16:44 - 2017-02-21 12:58 - 00802112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-09-07 02:03 - 2017-01-25 15:03 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-07 02:03 - 2017-01-25 15:03 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-09-07 02:03 - 2017-01-25 15:03 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-09-07 02:03 - 2017-01-25 15:03 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-09-07 02:03 - 2017-01-25 15:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-27 16:44 - 2017-01-25 15:03 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-27 16:44 - 2017-01-25 15:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-27 16:44 - 2017-01-25 15:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-09-07 02:03 - 2017-01-25 15:06 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-27 16:44 - 2017-01-25 15:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-27 16:44 - 2017-01-25 15:06 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-07 02:03 - 2017-01-25 15:05 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-09-07 02:03 - 2017-01-25 15:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 19:05 - 2017-02-21 13:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 19:05 - 2017-02-21 13:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:05 - 2017-02-21 13:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:05 - 2017-02-21 13:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-27 16:44 - 2017-01-25 15:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-27 16:44 - 2017-02-21 13:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-27 16:44 - 2017-01-26 20:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-27 16:44 - 2017-02-21 13:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-27 16:44 - 2017-01-25 15:11 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-27 16:44 - 2017-01-25 15:11 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-27 16:44 - 2017-02-21 13:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-07 02:03 - 2017-01-25 15:06 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-09-07 02:03 - 2017-02-21 13:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-27 16:44 - 2017-02-21 13:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MyNewPC\Desktop\Gothic Tales of Terror.mp3:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-09-02 23:40 - 2016-09-02 23:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4144131933-962302157-3095954797-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{536E82F1-C819-49E7-9313-0555CD87A93C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat
FirewallRules: [{D1159A93-1121-403C-B802-2AECDD2C53CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37CA66FE-DD8A-4F45-BDCD-99C4D5C1211A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ABA41203-44F9-438A-83C3-197BD2A9D61F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FAFC996-7665-458E-BE54-2ACAD97C97AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6F1CF90-2220-4A17-BC5A-CCD2966CA142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C612979F-AD11-46DB-96AC-6AF2AAEDC857}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{936548DD-38A2-479A-A861-DE6ED7B5604C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{81449C1F-F7AA-43A7-98ED-8A71B8990B81}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{AB9FE2C8-5472-4AC4-9AE3-8C990B41A2B1}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{AD2EB2E1-BBA0-4713-B857-65AFCC7E84B4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{017B32A7-6DFB-45CD-AAFF-07812EB293F3}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{D25F3A74-1655-4994-A604-4E7C793010FA}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{1555D1E7-13DB-49B7-B3B5-268BF63F44FD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

08-02-2017 16:36:41 Scheduled Checkpoint
16-02-2017 17:27:03 Scheduled Checkpoint
22-02-2017 14:28:34 Windows Update
25-02-2017 23:32:35 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2017 06:14:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/28/2017 06:14:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/28/2017 06:14:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8141c452-e4fb-4c14-a251-1c65ecbbcd56}

Error: (02/28/2017 05:06:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/28/2017 05:05:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/28/2017 05:05:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {34ef96f9-3401-4960-87f4-9ee7d54d550d}

Error: (02/27/2017 04:44:40 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: (-2145452013) The system could not find the filter specified.

Error: (02/26/2017 08:27:49 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/26/2017 08:15:46 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/26/2017 08:01:25 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (02/28/2017 06:04:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 05:58:56 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Storage Service service did not shut down properly after receiving a preshutdown control.

Error: (02/28/2017 05:58:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 03:38:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 02:50:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2017 11:59:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (02/27/2017 11:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/27/2017 11:59:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/27/2017 11:59:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (02/27/2017 11:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 52%
Total physical RAM: 3917.21 MB
Available physical RAM: 1844.96 MB
Total Virtual: 10573.21 MB
Available Virtual: 8451.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.21 GB) (Free:319.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BE1AEDE7)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

 

 

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by MyNewPC (administrator) on DESKTOP-FKISIUL (28-02-2017 18:15:44)
Running from C:\Users\MyNewPC\Downloads\FRST-OlderVersion
Loaded Profiles: MyNewPC (Available Profiles: MyNewPC)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\MyNewPC\Downloads\FRST-OlderVersion\FRST64(1).exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKU\S-1-5-21-4144131933-962302157-3095954797-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{42deb1c0-f6b2-4d4e-b9cd-3f6a4c17c070}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 46lm3x8r.default
FF ProfilePath: C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default [2017-02-28]
FF Extension: (Min Vid) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\@min-vid.xpi [2017-01-27]
FF Extension: (Test Pilot) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\@testpilot-addon.xpi [2017-02-28]
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\ALone-live@ya.ru.xpi [2017-01-09]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-09-23]
FF Extension: (Simple YouTube to MP3/MP4 Converter and Downloader) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2017-01-24]
FF Extension: (NoScript) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-18]
FF Extension: (WOT) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-09-03]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
FF Extension: (Adblock Plus) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-02-08]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\MyNewPC\AppData\Roaming\Mozilla\Firefox\Profiles\46lm3x8r.default\features\{3f9e902b-d960-40a9-8d6a-1a124bcae4e9}\disableSHA1rollout@mozilla.org.xpi [2017-02-25]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 17:12 - 2017-02-28 17:12 - 00000000 ___HD C:\$SysReset
2017-02-28 17:02 - 2017-02-28 18:15 - 00000000 ____D C:\Users\MyNewPC\Downloads\FRST-OlderVersion
2017-02-28 16:59 - 2017-02-28 16:59 - 00000019 _____ C:\Users\MyNewPC\Documents\fixlist.txt
2017-02-28 15:49 - 2017-02-28 15:50 - 00031838 _____ C:\Users\MyNewPC\Downloads\Addition.txt
2017-02-28 15:46 - 2017-02-28 18:15 - 00000000 ____D C:\FRST
2017-02-27 17:49 - 2017-02-28 18:03 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-27 17:49 - 2017-02-28 17:53 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-27 16:44 - 2017-02-27 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-26 20:12 - 2017-02-26 20:12 - 00002121 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2017-02-26 20:11 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2017-02-26 20:10 - 2017-02-26 20:10 - 00003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-02-26 20:10 - 2017-02-26 20:10 - 00000000 ____D C:\ProgramData\Intel Security
2017-02-26 20:09 - 2017-02-26 20:12 - 00000000 ____D C:\Program Files\McAfee
2017-02-26 20:09 - 2017-02-26 20:09 - 00000000 ____D C:\Program Files\McAfee.com
2017-02-26 20:09 - 2017-02-26 20:09 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-02-26 20:09 - 2017-02-26 20:09 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-26 20:06 - 2016-11-14 17:41 - 00342768 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2017-02-26 20:05 - 2017-02-27 23:59 - 00000000 ____D C:\ProgramData\McAfee
2017-02-26 20:05 - 2017-02-26 20:05 - 09447368 _____ (McAfee, Inc.) C:\Users\MyNewPC\Downloads\Setup_serial_gV_kAcORfic6gkcYyQezYQ2_key.exe
2017-02-26 19:56 - 2017-02-26 19:56 - 08486056 _____ (McAfee, Inc.) C:\Users\MyNewPC\Downloads\MCPR.exe
2017-02-26 19:51 - 2017-02-26 19:51 - 01853992 _____ (LogMeIn, Inc.) C:\Users\MyNewPC\Downloads\Support-LogMeInRescue.exe
2017-02-25 21:09 - 2017-02-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-25 21:07 - 2017-02-26 17:05 - 00000000 ____D C:\Users\MyNewPC\Desktop\mbar
2017-02-25 21:06 - 2017-02-25 21:07 - 16563352 _____ (Malwarebytes Corp.) C:\Users\MyNewPC\Downloads\mbar-1.09.3.1001.exe
2017-02-25 21:05 - 2017-02-25 21:05 - 00010570 _____ C:\Users\MyNewPC\Documents\cc_20170225_210511.reg
2017-02-25 19:24 - 2017-02-25 19:24 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\McAfee
2017-02-25 19:23 - 2017-02-25 19:23 - 00211312 _____ (McAfee, Inc.) C:\Users\MyNewPC\Downloads\mvt.exe
2017-02-25 19:15 - 2017-02-26 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-24 02:55 - 2017-02-24 02:55 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-24 02:55 - 2017-02-24 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-24 02:55 - 2017-02-24 02:55 - 00000000 ____D C:\Program Files\iTunes
2017-02-24 02:55 - 2017-02-24 02:55 - 00000000 ____D C:\Program Files\iPod
2017-02-21 12:49 - 2017-02-21 12:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-21 12:49 - 2017-02-21 12:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-20 18:22 - 2017-02-20 23:39 - 00000000 ____D C:\Users\MyNewPC\Downloads\season 1
2017-02-13 18:43 - 2017-02-13 18:45 - 00000000 ____D C:\Users\MyNewPC\Downloads\Paul Finch - Don't Read Alone
2017-02-13 18:37 - 2017-02-13 18:38 - 00000000 ____D C:\Users\MyNewPC\Downloads\Kim Newman - Anno Dracula 1899 And Other Stories (Unabridged)
2017-02-12 20:35 - 2017-02-13 03:40 - 00000000 ____D C:\Users\MyNewPC\Downloads\Terry Pratchett - The Witch's Vacuum Cleaner and Other Stories (Rhind-Tutt) 64k 03.52.40 {111mb}
2017-02-12 20:35 - 2017-02-12 20:53 - 00000000 ____D C:\Users\MyNewPC\Downloads\Tremblay, Paul - Disappearance at Devil's Rock - Bennett (Ch)
2017-02-12 20:27 - 2017-02-12 20:29 - 00000000 ____D C:\Users\MyNewPC\Downloads\Kit Power - GodBomb! (Unabridged)
2017-02-12 20:26 - 2017-02-12 20:31 - 00000000 ____D C:\Users\MyNewPC\Downloads\Little Heaven
2017-02-12 20:25 - 2017-02-12 20:26 - 00000000 ____D C:\Users\MyNewPC\Downloads\1996 - Lethal Kisses [Datlow] (Harris) 56k 15.43.58 {379mb}
2017-02-09 02:33 - 2017-02-09 02:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-09 02:33 - 2017-02-09 02:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 17:06 - 2017-02-06 17:13 - 00000000 ____D C:\Users\MyNewPC\Downloads\Kingdom of Heaven (2005) Directors Cut
2017-02-06 16:29 - 2017-02-06 16:31 - 00000000 ____D C:\Users\MyNewPC\Desktop\Medical History
2017-01-31 21:57 - 2017-01-31 21:58 - 08813488 _____ (Piriform Ltd) C:\Users\MyNewPC\Downloads\ccsetup526.exe
2017-01-31 21:57 - 2017-01-31 21:57 - 08813488 _____ (Piriform Ltd) C:\Users\MyNewPC\Downloads\ccsetup526(1).exe
2017-01-29 20:49 - 2017-01-29 20:57 - 00000000 ____D C:\Users\MyNewPC\Downloads\Ralph Compton - Trail Drive; 3 The Chisholm Trail

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 18:06 - 2016-11-20 05:04 - 00000000 ____D C:\Users\MyNewPC\AppData\LocalLow\Mozilla
2017-02-28 18:05 - 2016-09-07 02:05 - 00000000 ___RD C:\Users\MyNewPC\Dropbox
2017-02-28 18:04 - 2016-07-22 12:00 - 00000000 __SHD C:\Users\MyNewPC\IntelGraphicsProfiles
2017-02-28 17:59 - 2016-09-22 15:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-28 17:59 - 2016-09-03 16:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-28 17:59 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-28 16:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-28 15:43 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-28 01:19 - 2016-09-09 01:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 00:34 - 2016-09-22 15:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-27 21:30 - 2016-09-04 15:52 - 00000000 ____D C:\Users\MyNewPC\AppData\Local\Spotify
2017-02-27 19:00 - 2016-09-05 17:22 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\vlc
2017-02-27 18:58 - 2016-09-21 19:33 - 00000000 ____D C:\Users\MyNewPC\Desktop\Matt's Books
2017-02-27 18:36 - 2016-09-04 15:51 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\Spotify
2017-02-27 16:45 - 2016-09-07 02:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 04:14 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-26 20:11 - 2016-09-03 16:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-26 20:10 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-26 20:04 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-26 19:59 - 2016-09-22 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-26 17:06 - 2016-09-22 15:35 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-02-26 16:44 - 2016-09-09 01:14 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-26 16:21 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-26 00:39 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-25 20:56 - 2016-09-02 21:08 - 00000000 ____D C:\Users\MyNewPC\AppData\Local\ElevatedDiagnostics
2017-02-25 16:58 - 2016-09-22 15:41 - 00000000 ____D C:\Users\MyNewPC
2017-02-25 16:32 - 2016-09-21 17:49 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\uTorrent
2017-02-24 02:58 - 2016-11-19 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-24 02:58 - 2016-09-03 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-24 02:55 - 2016-09-03 18:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-24 02:52 - 2016-05-02 08:49 - 00000000 ____D C:\Users\MyNewPC\Desktop\Fantasy and Fear Magazine #1
2017-02-23 17:37 - 2016-09-03 16:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 17:35 - 2016-09-03 16:58 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 22:40 - 2016-10-23 23:49 - 00000000 ____D C:\Users\MyNewPC\Desktop\Movies
2017-02-22 22:14 - 2016-09-10 23:34 - 00000000 ____D C:\Users\MyNewPC\AppData\Roaming\DC++
2017-02-22 22:14 - 2016-09-10 23:34 - 00000000 ____D C:\Users\MyNewPC\AppData\Local\DC++
2017-02-22 14:29 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 14:19 - 2016-12-07 17:20 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 14:19 - 2016-09-02 20:57 - 00002369 _____ C:\Users\MyNewPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 14:19 - 2016-07-22 12:03 - 00000000 ___RD C:\Users\MyNewPC\OneDrive
2017-02-16 22:43 - 2016-10-28 17:44 - 00000000 ____D C:\Users\MyNewPC\Desktop\Bobbie's Books
2017-02-06 19:33 - 2016-09-19 18:54 - 00000000 ____D C:\Users\MyNewPC\Desktop\Direct Wav Splits
2017-02-06 13:48 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 18:38 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-31 21:58 - 2016-10-17 18:22 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk

Some files in TEMP:
====================
2017-02-03 22:06 - 2017-02-03 22:06 - 0244264 _____ (McAfee, Inc.) C:\Users\MyNewPC\AppData\Local\Temp\McCSPInstall.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-28 16:16

==================== End of FRST.txt ============================

 

 

 

 

 



#15 midas1968

midas1968
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 28 February 2017 - 07:26 PM

Hi Gary,  and here is the

 

Farbar Service Scanner Version: 27-01-2016
Ran by MyNewPC (administrator) on 28-02-2017 at 18:23:27
Running from "C:\Users\MyNewPC\Downloads"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users