Solved removing slimcleaner plus from PC

trixiebell · Mar 3, 2017

Hi There.

I am not very tech savvy (at all) I have this programme in my computer - dont know how i got it. been there a few months. I started googling yesterday to try get rid of it and found your site. hope you can help, very happy to donate beer money as would greatly appreciate any help. Thanks. it said it was a microsoft partner and looks very professional but something about it worried me. I have uploaded the files- ! amazing that I was able to do that!

Trixie

TwinHeadedEagle · Mar 3, 2017

Hello,

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

Press the

+ R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

DriverUpdate
SlimCleaner Plus

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Accept the Terms of use.
Wait until the database is updated.
Click Scan.
When finished, please click Clean.
Your PC should reboot now.
After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

trixiebell · Mar 3, 2017

Hello TwinheadedEagle

many thanks for your help!having prooven to myslef I can do some 'techy' stuff - under instruction, i will launch myself at my sons computter and try sort out all his advert popups. this is great! see blow as requested:

Code:

# AdwCleaner v6.044 - Logfile created 03/03/2017 at 10:50:58
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : peter.mchugh - PETERMCHUGH
# Running from : C:\Users\peter.mchugh\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : [URL="https://www.malwarebytes.com/support"]Customer Support & Help Center[/URL]



***** [ Services ] *****

[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\Users\peter.mchugh\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\peter.mchugh\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\drivers\swdumon.sys
[-] File deleted: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
[-] File deleted: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: SlimCleaner Plus (Scheduled Scan - peter.mchugh)


***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc


***** [ Web browsers ] *****

[-] [C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2194 Bytes] - [03/03/2017 10:50:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [2302 Bytes] - [03/03/2017 10:49:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2340 Bytes] ##########

TwinHeadedEagle said:
Hello,

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).

Press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

Press the

+ R on your keyboard at the same time. Type appwiz.cpl and click OK.

Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

DriverUpdate

SlimCleaner Plus

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

Right-click on

icon and select

Run as Administrator to start the tool.

Accept the Terms of use.

Wait until the database is updated.

Click Scan.

When finished, please click Clean.

Your PC should reboot now.

After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

TwinHeadedEagle · Mar 3, 2017

Have you followed all three steps? If you did, please attach fixlog.txt report.

trixiebell · Mar 6, 2017

TwinHeadedEagle said:
Have you followed all three steps? If you did, please attach fixlog.txt report.

Hi - yes I did thanks, I got so excited that I was able to to do it that I must have forgotten to upload it, I bought you a beer (fionagretatoconnor@gmail.com) to say thanks....I dont know how to find the fix log now .....

trixiebell · Mar 7, 2017

trixiebell said:
Hi - yes I did thanks, I got so excited that I was able to to do it that I must have forgotten to upload it, I bought you a beer (fionagretatoconnor@gmail.com) to say thanks....I dont know how to find the fix log now .....

TwinHeadedEagle · Mar 7, 2017

If you run FRST from the Desktop where fixlist was located too, then Fixlog should be there.

trixiebell · Mar 7, 2017

trixiebell said:

Hello TwinheadedEagle

many thanks for your help!having prooven to myslef I can do some 'techy' stuff - under instruction, i will launch myself at my sons computter and try sort out all his advert popups. this is great! see blow as requested:

Code:

# AdwCleaner v6.044 - Logfile created 03/03/2017 at 10:50:58
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : peter.mchugh - PETERMCHUGH
# Running from : C:\Users\peter.mchugh\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : [URL="https://www.malwarebytes.com/support"]Customer Support & Help Center[/URL]



***** [ Services ] *****

[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\Users\peter.mchugh\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\peter.mchugh\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\drivers\swdumon.sys
[-] File deleted: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
[-] File deleted: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: SlimCleaner Plus (Scheduled Scan - peter.mchugh)


***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc


***** [ Web browsers ] *****

[-] [C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2194 Bytes] - [03/03/2017 10:50:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [2302 Bytes] - [03/03/2017 10:49:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2340 Bytes] ##########

TwinHeadedEagle · Mar 8, 2017

This was third step. Have you done first two steps?

trixiebell · Mar 8, 2017

TwinHeadedEagle said:
This was third step. Have you done first two steps?

yes, I did...I think...

TwinHeadedEagle · Mar 8, 2017

Okay.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition.txt option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

trixiebell · Mar 8, 2017

here is copy of FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by peter.mchugh (administrator) on PETERMCHUGH (08-03-2017 16:39:30)
Running from C:\Users\peter.mchugh\Downloads
Loaded Profiles: peter.mchugh (Available Profiles: peter.mchugh)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTFAD7.tmp
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Screenleap, Inc.) C:\Users\peter.mchugh\AppData\Local\ScreenShare\ScreenShare.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\peter.mchugh\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2016-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-10] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [ScreenShare] => C:\Users\peter.mchugh\AppData\Local\ScreenShare\ScreenShare.exe [3444776 2016-09-09] (Screenleap, Inc.)
HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-03-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{88cda5b4-02a8-4cf5-9ad1-9f3e037b9846}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-04] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-04] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3456993172-4159185848-1155247961-1001: @citrixonline.com/appdetectorplugin -> C:\Users\peter.mchugh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-3456993172-4159185848-1155247961-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\peter.mchugh\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\peter.mchugh\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-26] (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default [2017-03-08]
CHR Extension: (Google Slides) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-07]
CHR Extension: (Google Docs) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-07]
CHR Extension: (Google Drive) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Google Search) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-07]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Cisco WebEx Extension) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-02-02]
CHR Extension: (FromDocToPDF) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
CHR Extension: (Gmail) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-07]
CHR Extension: (Chrome Media Router) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0297651488807208mcinstcleanup; C:\WINDOWS\TEMP\029765~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-17] (Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [953352 2014-06-10] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [318712 2016-07-29] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-30] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [41824 2014-06-10] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [35136 2014-06-10] (Intel Corporation)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [547840 2015-09-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [192624 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2686200 2016-07-29] (Realtek Semiconductor Corp.)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [77992 2014-04-30] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2w8x64.sys [210616 2014-05-14] (BayHubTech/O2Micro )
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [93872 2014-04-21] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 16:39 - 2017-03-08 16:39 - 02423808 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST64 (1).exe
2017-03-08 12:54 - 2017-03-08 12:54 - 01087427 _____ C:\Users\peter.mchugh\Downloads\MScHRMD_Salford.pdf
2017-03-08 12:41 - 2017-03-08 12:41 - 03237451 _____ C:\Users\peter.mchugh\Downloads\salford.pdf
2017-03-07 13:52 - 2017-03-07 13:52 - 06786932 _____ C:\Users\peter.mchugh\Downloads\efire_ac_w1_21feb17.pptx
2017-03-07 12:35 - 2017-03-07 12:35 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher (2).exe
2017-03-07 12:22 - 2017-03-07 12:22 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher (1).exe
2017-03-03 10:53 - 2017-03-03 10:53 - 04031440 _____ C:\Users\peter.mchugh\Downloads\AdwCleaner (1).exe
2017-03-03 10:52 - 2017-03-03 10:52 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2017-03-03 10:48 - 2017-03-03 10:53 - 00000000 ____D C:\AdwCleaner
2017-03-03 10:48 - 2017-03-03 10:48 - 04031440 _____ C:\Users\peter.mchugh\Downloads\AdwCleaner.exe
2017-03-03 10:39 - 2017-03-03 10:39 - 00032398 _____ C:\Users\peter.mchugh\Desktop\Addition.txt
2017-03-03 10:38 - 2017-03-03 10:38 - 00036479 _____ C:\Users\peter.mchugh\Desktop\FRST.txt
2017-03-03 10:37 - 2017-03-03 10:37 - 00001842 _____ C:\Users\peter.mchugh\Downloads\fixlist.txt
2017-03-03 10:37 - 2017-03-03 10:37 - 00001842 _____ C:\Users\peter.mchugh\Desktop\fixlist.txt
2017-03-03 10:33 - 2017-03-03 10:33 - 00343659 _____ C:\Users\peter.mchugh\Downloads\ClaimRemittance-126244-0004598655.pdf
2017-03-03 10:00 - 2017-03-03 10:01 - 00032395 _____ C:\Users\peter.mchugh\Downloads\Addition.txt
2017-03-03 09:59 - 2017-03-08 16:39 - 00021192 _____ C:\Users\peter.mchugh\Downloads\FRST.txt
2017-03-03 09:59 - 2017-03-08 16:39 - 00000000 ____D C:\FRST
2017-03-03 09:59 - 2017-03-03 09:59 - 02423808 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST64.exe
2017-03-03 09:58 - 2017-03-03 09:58 - 01765888 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST (1).exe
2017-03-02 21:28 - 2017-03-02 21:28 - 01765888 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST.exe
2017-03-02 14:53 - 2017-03-02 14:53 - 00004919 _____ C:\Users\peter.mchugh\Downloads\Creating an immersive assessment experience for candidates.ics
2017-03-02 14:44 - 2017-03-02 14:44 - 00465563 _____ C:\Users\peter.mchugh\Downloads\HBR - Understanding emotions as a key leadership skill.PDF
2017-03-02 14:43 - 2017-03-02 14:43 - 01859626 _____ C:\Users\peter.mchugh\Downloads\Emotional_Intelligence_from_a_Different_Perspective_handouts.pdf
2017-03-02 14:43 - 2017-03-02 14:43 - 00188021 _____ C:\Users\peter.mchugh\Downloads\Emotional Intelligence.pdf
2017-03-02 14:37 - 2017-03-02 14:37 - 00045321 _____ C:\Users\peter.mchugh\Downloads\06_Dev_FIRST_Strategies (1).pdf
2017-03-02 14:31 - 2017-03-02 14:31 - 00106193 _____ C:\Users\peter.mchugh\Downloads\First model - DEVGUIDE-Exec.pdf
2017-03-02 14:27 - 2017-03-02 14:27 - 00045321 _____ C:\Users\peter.mchugh\Downloads\06_Dev_FIRST_Strategies.pdf
2017-03-01 17:18 - 2017-03-01 17:20 - 80923931 _____ C:\Users\peter.mchugh\Downloads\Download 33 Sample Maps.zip
2017-03-01 16:54 - 2017-03-01 16:54 - 00006992 _____ C:\Users\peter.mchugh\Downloads\The Five Question Leader_ Work Less Hard, Have More Impact.ics
2017-03-01 13:14 - 2017-03-01 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-03-01 13:14 - 2017-03-01 13:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-03-01 12:53 - 2017-03-06 13:37 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\tkdata
2017-03-01 12:53 - 2017-03-06 13:33 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-03-01 12:53 - 2017-03-01 12:53 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk
2017-03-01 12:53 - 2017-03-01 12:53 - 00000000 ____D C:\ProgramData\TrueKey
2017-03-01 12:52 - 2017-03-06 13:33 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Intel Security
2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-01 12:45 - 2017-03-01 12:45 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\peter.mchugh\Downloads\readerdc_en_ka_install.exe
2017-03-01 12:44 - 2017-03-06 13:33 - 00000000 ____D C:\ProgramData\McAfee
2017-03-01 12:44 - 2017-03-01 13:14 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-03-01 12:44 - 2017-03-01 12:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-03-01 12:43 - 2017-03-06 13:33 - 00000000 ____D C:\Program Files\TrueKey
2017-03-01 12:22 - 2017-03-01 12:22 - 00397683 _____ C:\Users\peter.mchugh\Downloads\H02KP0-PDF-ENG.PDF
2017-03-01 12:19 - 2017-03-01 12:19 - 00541166 _____ C:\Users\peter.mchugh\Downloads\R1110E-PDF-ENG.PDF
2017-02-23 19:26 - 2017-02-23 19:26 - 00281545 _____ C:\Users\peter.mchugh\Desktop\lucy passport.pdf
2017-02-23 14:55 - 2017-02-23 14:55 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-22 17:47 - 2017-02-22 17:47 - 00241405 _____ C:\Users\peter.mchugh\Downloads\Questions about Meta-Programs 2011.pdf
2017-02-22 17:40 - 2017-02-22 17:40 - 02808548 _____ C:\Users\peter.mchugh\Documents\mind map excuses.pdf
2017-02-22 13:58 - 2017-02-22 13:57 - 00346403 _____ C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg
2017-02-22 13:55 - 2017-02-22 13:55 - 00330586 _____ C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg
2017-02-22 10:26 - 2017-02-22 10:26 - 00465563 _____ C:\Users\peter.mchugh\Downloads\H038KF-PDF-ENG.PDF
2017-02-21 14:47 - 2017-02-21 14:47 - 00449406 _____ C:\Users\peter.mchugh\Downloads\H012J9-PDF-ENG.PDF
2017-02-21 14:47 - 2017-02-21 14:47 - 00051360 _____ C:\Users\peter.mchugh\Downloads\F1401C-PDF-ENG (1).PDF
2017-02-21 14:32 - 2017-02-21 14:32 - 00051358 _____ C:\Users\peter.mchugh\Downloads\F1401C-PDF-ENG.PDF
2017-02-21 13:02 - 2017-02-21 13:02 - 00000000 ____D C:\Users\peter.mchugh\Documents\Zoom
2017-02-21 09:45 - 2017-02-21 09:45 - 00460471 _____ C:\Users\peter.mchugh\Downloads\Pat_Doyle_-_MultiView (1).pdf
2017-02-21 09:45 - 2017-02-21 09:45 - 00456491 _____ C:\Users\peter.mchugh\Downloads\Diarmuid_Doran_-_MultiView (1).pdf
2017-02-21 09:45 - 2017-02-21 09:45 - 00455047 _____ C:\Users\peter.mchugh\Downloads\Dave_Delaney_-_MultiView (1).pdf
2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Zoom
2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-02-21 09:35 - 2017-02-21 09:36 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher.exe
2017-02-21 09:34 - 2017-02-21 09:34 - 00003912 _____ C:\Users\peter.mchugh\Downloads\7 Ways to Increase Your Credibility and Visibility as a Training and Performance Consultant.ics
2017-02-17 13:43 - 2017-02-17 13:43 - 00134077 _____ C:\Users\peter.mchugh\Desktop\INVOICE HRDQ - Training Tools for Developing Great People Skills.pdf
2017-02-14 10:55 - 2017-02-14 10:55 - 00455093 _____ C:\Users\peter.mchugh\Downloads\Dave_Delaney_-_MultiView.pdf
2017-02-14 10:54 - 2017-02-14 10:54 - 00456540 _____ C:\Users\peter.mchugh\Downloads\Diarmuid_Doran_-_MultiView.pdf
2017-02-14 10:52 - 2017-02-14 10:52 - 00460514 _____ C:\Users\peter.mchugh\Downloads\Pat_Doyle_-_MultiView.pdf
2017-02-13 10:00 - 2017-02-13 10:01 - 01035335 _____ C:\Users\peter.mchugh\Downloads\VALUES-Fiona_Mchugh.pdf
2017-02-13 10:00 - 2017-02-13 10:00 - 00756557 _____ C:\Users\peter.mchugh\Downloads\DISC-Fiona_Mchugh.pdf
2017-02-13 09:08 - 2017-02-13 09:08 - 00287117 _____ C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg
2017-02-08 09:46 - 2017-02-08 09:46 - 00361815 _____ C:\Users\peter.mchugh\Downloads\WP-702010-Designing-Learning-Works-2017-ENG.pdf
2017-02-08 09:23 - 2017-02-08 09:23 - 00165355 _____ C:\Users\peter.mchugh\Downloads\Ladies Lunch 2017.pdf
2017-02-06 09:45 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-06 09:45 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 16:36 - 2016-08-18 19:46 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Skype
2017-03-08 16:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 16:18 - 2016-09-30 12:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 10:42 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-07 13:52 - 2015-10-05 11:06 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\Packages
2017-03-07 12:00 - 2016-07-04 18:26 - 00000724 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job
2017-03-07 12:00 - 2016-07-04 18:26 - 00000628 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job
2017-03-03 10:57 - 2015-11-30 11:15 - 01285924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-03 10:52 - 2016-09-30 12:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 10:52 - 2016-09-30 12:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-03 10:52 - 2016-09-08 10:14 - 00000000 ____D C:\ProgramData\ScreenShare
2017-03-03 10:52 - 2015-10-05 11:06 - 00000000 __SHD C:\Users\peter.mchugh\IntelGraphicsProfiles
2017-03-03 10:51 - 2016-09-30 12:28 - 00000000 ____D C:\Users\peter.mchugh
2017-03-03 10:51 - 2016-07-16 06:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-02 17:53 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-02 17:52 - 2016-12-21 20:55 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 17:52 - 2016-10-17 08:35 - 00000000 ____D C:\ProgramData\Skype
2017-03-02 17:52 - 2015-11-30 11:20 - 00002433 _____ C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 17:52 - 2015-11-30 11:20 - 00000000 ___RD C:\Users\peter.mchugh\OneDrive
2017-03-02 17:50 - 2016-09-30 12:27 - 00000000 ____D C:\Program Files\DellTPad
2017-03-02 17:50 - 2015-10-07 08:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-02 13:14 - 2015-10-07 10:29 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\Adobe
2017-03-01 12:53 - 2015-09-07 14:05 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-03-01 12:53 - 2015-09-07 14:04 - 00000000 ____D C:\ProgramData\Intel
2017-03-01 12:52 - 2015-09-07 14:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-23 19:23 - 2015-10-07 10:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 15:07 - 2015-10-08 12:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 15:06 - 2015-10-08 12:48 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 14:55 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 13:57 - 2015-10-20 07:36 - 00000000 ____D C:\Users\peter.mchugh\Documents\Scanned Documents
2017-02-22 13:42 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-08 09:22 - 2015-10-07 10:39 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 09:22 - 2015-10-07 10:39 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 19:48 - 2016-11-09 19:16 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 19:48 - 2016-11-09 19:16 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
2016-10-20 13:36 - 2016-10-20 13:36 - 0737856 _____ (Oracle Corporation) C:\Users\peter.mchugh\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-23 10:22 - 2017-01-23 10:22 - 0739904 _____ (Oracle Corporation) C:\Users\peter.mchugh\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-01 08:49

==================== End of FRST.txt ============================

trixiebell · Mar 8, 2017

TwinHeadedEagle said:
Okay.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).

Make sure that Addition.txt option is checked.

Press Scan button and wait.

The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

Here is text from addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by peter.mchugh (08-03-2017 16:40:08)
Running from C:\Users\peter.mchugh\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-30 12:36:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3456993172-4159185848-1155247961-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3456993172-4159185848-1155247961-503 - Limited - Disabled)
Guest (S-1-5-21-3456993172-4159185848-1155247961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3456993172-4159185848-1155247961-1003 - Limited - Enabled)
peter.mchugh (S-1-5-21-3456993172-4159185848-1155247961-1001 - Administrator - Enabled) => C:\Users\peter.mchugh

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Cisco WebEx Meetings (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Dell System Detect (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.113 - ALPS ELECTRIC CO., LTD.)
FM PDF To Word Converter Pro 3.05 (HKLM-x32\...\FM PDF To Word Converter Pro_is1) (Version: 3.05 - )
Free PDF To Word Converter 2.25 (HKLM-x32\...\Free PDF To Word Converter_is1) (Version: 2.25 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.12.108.1 - Intel Security)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10002.14 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{B97FB671-9141-4DB9-B407-1BECE65CF91C}) (Version: 17.1.1451.0413 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{645065ef-124b-4017-ae38-6b625817f144}) (Version: 17.15.0 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0055 - ST Microelectronics)
Zoom (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5102\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12A00C87-217C-4E20-B03E-F765FEC57470} - System32\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001 => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {19C9A184-6D29-4132-93DE-5CD6DDEBDBD7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {23F4C938-64D4-4D67-A623-FA1CAE6A15CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {2CE132E9-7FFD-4C45-87CD-733D9CB634ED} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {363048E1-45BD-4BB0-B995-3C6C549C53CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {4CBD2F36-D72D-43BA-BE97-D0FA8A3C306E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {61CD0B7B-3E8C-49E7-9809-E1AA108BD0B7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {61D8C03A-CFDA-457D-927F-E8B58C169CED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
Task: {64E11C7D-1499-4060-AC01-FB04450F4C05} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6B8FED00-1B25-454E-B229-C6A6A8F08069} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6C525133-CC22-487A-BCE6-65CBE5A9F25A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6C6EC647-D6C9-421C-861C-1B919D3B0E66} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\peter.mchugh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {7C034B1C-81E4-40E9-AC86-656DDEE41394} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
Task: {82247A39-30A3-4474-AB9B-E6AEFF13312A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {883AC4EB-039D-41A2-90D7-3565F495A7F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {96707CD3-19A0-4D1B-A001-57F026F587A2} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-07-29] (Realtek Semiconductor)
Task: {A6AC81AA-2827-4DF9-8D54-BE1B3880B403} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {B33D815F-E0C9-4707-9A38-60D0DC11C5A0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {B7771CBE-AF6A-4876-844B-F20039BB1C7C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C238DBC7-68AE-4794-AB16-8B083D7B095D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E2D21E3B-EF5C-4D30-B6BD-B495D49EE9F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E8A401BE-1659-4E7E-8905-4B98F8011044} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EC22E999-9B90-49A9-81E9-F5FBBCA047BA} - System32\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001 => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F1659426-A5C2-45E2-8E3F-72258B98B7A1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519\g2mupdate.exe C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519 PETERMCHUGH\peter.mch
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519\g2mupload.exe C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519 PETERMCHUGH\peter.mch

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\peter.mchugh\Desktop\Covalent CPM (Laptop Build Site).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.covalentcpm.com/laptopJNLP/365.jnlp "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3f107dab-30912176"
ShortcutWithArgument: C:\Users\peter.mchugh\Desktop\Covalent CPM (Sales Demo).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.covalentcpm.com/liveJNLP/151.jnlp "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6c1afef2-6157f89f"
ShortcutWithArgument: C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Covalent\Covalent CPM (Laptop Build Site).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.covalentcpm.com/laptopJNLP/365.jnlp "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3f107dab-30912176"
ShortcutWithArgument: C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Covalent\Covalent CPM (Sales Demo).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.covalentcpm.com/liveJNLP/151.jnlp "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6c1afef2-6157f89f"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-19 12:04 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-19 12:04 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-28 12:00 - 2017-01-29 13:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-30 21:23 - 2016-09-30 21:23 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 12:02 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 12:02 - 2016-12-21 07:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 12:01 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 12:01 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 12:01 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 12:01 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 12:01 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 12:01 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 09:49 - 2017-02-22 09:49 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 09:49 - 2017-02-22 09:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 09:49 - 2017-02-22 09:49 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 09:45 - 2017-02-06 09:45 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-10 15:48 - 2017-01-10 15:48 - 65784544 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll
2017-02-23 09:25 - 2017-02-23 09:26 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-23 09:25 - 2017-02-23 09:26 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-02-23 09:25 - 2017-02-23 09:26 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-03 07:49 - 2016-06-03 07:49 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-23 09:25 - 2017-02-23 09:26 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-02-23 09:25 - 2017-02-23 09:26 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-11 08:14 - 2016-03-14 09:19 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-28 12:01 - 2017-01-29 09:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-02-08 09:21 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-08 09:21 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2014-11-10 17:12 - 2014-11-10 17:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-06-28 11:35 - 2016-06-28 11:46 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2016-06-28 11:34 - 2017-01-29 09:49 - 01010368 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-06-28 12:02 - 2017-01-29 09:47 - 00512712 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:1494 [0]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:156 [0]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:1658 [0]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:200 [0]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:298 [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\Fiona OConnor passport.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\Fiona OConnor passport.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\statement from marys.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\statement from marys.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU application Fiona OConnor.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU application Fiona OConnor.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\sharepoint.com -> hxxps://covsw.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2017-03-01 13:14 - 00000853 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{46546CE1-3FD2-4C0E-9E17-19899D59EA7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5E13B4F6-3F0B-4AC5-B0E5-0169CB5AF117}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A3D54406-536A-45C6-AEEC-083E9E062FAA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{BA0604CE-BCC9-4830-9BB3-CBAA3558D86F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C9F2E1E-A9A9-4C5E-A6C9-51F0EDD1EF69}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B90D8ACF-9DA7-407A-9705-007A94D66069}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{47BF8EAB-677A-4BAE-AA68-E078E2389267}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{121AA9F1-72F7-49B7-8A47-E90BFAC5D4E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{01CA6461-BF41-4A25-A627-3AEA529ED3D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2017 10:40:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7766.2060, time stamp: 0x58a92a59
Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x58a80b2f
Exception code: 0x0074075c
Fault offset: 0x000f6b03
Faulting process id: 0x574
Faulting application start time: 0x01d29683c51cc61c
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll
Report Id: 97d1ceb8-03eb-11e7-8283-5ce0c59eafa1
Faulting package full name:
Faulting package-relative application ID:

Error: (03/07/2017 09:11:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETERMCHUGH)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417848 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/06/2017 02:13:08 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (03/06/2017 02:12:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7766.2060, time stamp: 0x58a92a59
Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x58a80b2f
Exception code: 0x0074075c
Fault offset: 0x000f6b03
Faulting process id: 0x1898
Faulting application start time: 0x01d2967ea7322414
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll
Report Id: fef7e013-0276-11e7-8283-5ce0c59eafa1
Faulting package full name:
Faulting package-relative application ID:

Error: (03/02/2017 01:14:59 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/02/2017 12:56:48 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (03/02/2017 12:56:48 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (03/02/2017 12:56:46 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (03/02/2017 12:56:46 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (03/02/2017 10:07:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 15.23.20070.19033, time stamp: 0x58a745fb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000008
Fault offset: 0x4c559d2a
Faulting process id: 0x3658
Faulting application start time: 0x01d292a8462f6cc0
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Faulting module path: unknown
Report Id: ff00e55d-2b77-4822-83e8-ef7e4a3e1b29
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (03/08/2017 12:59:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2017 07:48:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/06/2017 03:11:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/06/2017 01:33:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (03/03/2017 11:35:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 10:52:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 59%
Total physical RAM: 8085.8 MB
Available physical RAM: 3245.55 MB
Total Virtual: 9557.8 MB
Available Virtual: 2290.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.53 GB) (Free:64.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: B2305D47)

Partition: GPT.

==================== End of Addition.txt ============================

TwinHeadedEagle · Mar 9, 2017

It seems good. How is your PC behaving now?

trixiebell · Mar 9, 2017

TwinHeadedEagle said:
It seems good. How is your PC behaving now?

it seems great - thank you

Search

Solved removing slimcleaner plus from PC

trixiebell

New Member

Attachments

TwinHeadedEagle

Level 41

Attachments

trixiebell

New Member

TwinHeadedEagle

Level 41

trixiebell

New Member

trixiebell

New Member

TwinHeadedEagle

Level 41

trixiebell

New Member

TwinHeadedEagle

Level 41

trixiebell

New Member

TwinHeadedEagle

Level 41

trixiebell

New Member

trixiebell

New Member

TwinHeadedEagle

Level 41

trixiebell

New Member

Similar threads