Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
removing slimcleaner plus from PC
Message
<blockquote data-quote="trixiebell" data-source="post: 606778" data-attributes="member: 59841"><p>Here is text from addition.txt:</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017</p><p>Ran by peter.mchugh (08-03-2017 16:40:08)</p><p>Running from C:\Users\peter.mchugh\Downloads</p><p>Windows 10 Pro Version 1607 (X64) (2016-09-30 12:36:17)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-3456993172-4159185848-1155247961-500 - Administrator - Disabled)</p><p>DefaultAccount (S-1-5-21-3456993172-4159185848-1155247961-503 - Limited - Disabled)</p><p>Guest (S-1-5-21-3456993172-4159185848-1155247961-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-3456993172-4159185848-1155247961-1003 - Limited - Enabled)</p><p>peter.mchugh (S-1-5-21-3456993172-4159185848-1155247961-1001 - Administrator - Enabled) => C:\Users\peter.mchugh</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)</p><p>Cisco WebEx Meetings (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)</p><p>Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)</p><p>Dell System Detect (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell)</p><p>Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.113 - ALPS ELECTRIC CO., LTD.)</p><p>FM PDF To Word Converter Pro 3.05 (HKLM-x32\...\FM PDF To Word Converter Pro_is1) (Version: 3.05 - )</p><p>Free PDF To Word Converter 2.25 (HKLM-x32\...\Free PDF To Word Converter_is1) (Version: 2.25 - )</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden</p><p>GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline)</p><p>Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)</p><p>Intel Security True Key (HKLM\...\TrueKey) (Version: 4.12.108.1 - Intel Security)</p><p>Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden</p><p>Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10002.14 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)</p><p>Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)</p><p>Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)</p><p>Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{B97FB671-9141-4DB9-B407-1BECE65CF91C}) (Version: 17.1.1451.0413 - Intel Corporation)</p><p>Intel® PROSet/Wireless Software (HKLM-x32\...\{645065ef-124b-4017-ae38-6b625817f144}) (Version: 17.15.0 - Intel Corporation)</p><p>Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)</p><p>Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden</p><p>McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)</p><p>Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)</p><p>Microsoft OneDrive (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)</p><p>Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden</p><p>Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.)</p><p>Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)</p><p>ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0055 - ST Microelectronics)</p><p>Zoom (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5102\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {12A00C87-217C-4E20-B03E-F765FEC57470} - System32\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001 => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Task: {19C9A184-6D29-4132-93DE-5CD6DDEBDBD7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION</p><p>Task: {23F4C938-64D4-4D67-A623-FA1CAE6A15CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)</p><p>Task: {2CE132E9-7FFD-4C45-87CD-733D9CB634ED} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)</p><p>Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe </p><p>Task: {363048E1-45BD-4BB0-B995-3C6C549C53CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)</p><p>Task: {4CBD2F36-D72D-43BA-BE97-D0FA8A3C306E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)</p><p>Task: {61CD0B7B-3E8C-49E7-9809-E1AA108BD0B7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION</p><p>Task: {61D8C03A-CFDA-457D-927F-E8B58C169CED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)</p><p>Task: {64E11C7D-1499-4060-AC01-FB04450F4C05} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION</p><p>Task: {6B8FED00-1B25-454E-B229-C6A6A8F08069} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION</p><p>Task: {6C525133-CC22-487A-BCE6-65CBE5A9F25A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION</p><p>Task: {6C6EC647-D6C9-421C-861C-1B919D3B0E66} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\peter.mchugh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe </p><p>Task: {7C034B1C-81E4-40E9-AC86-656DDEE41394} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)</p><p>Task: {82247A39-30A3-4474-AB9B-E6AEFF13312A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION</p><p>Task: {883AC4EB-039D-41A2-90D7-3565F495A7F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation)</p><p>Task: {96707CD3-19A0-4D1B-A001-57F026F587A2} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-07-29] (Realtek Semiconductor)</p><p>Task: {A6AC81AA-2827-4DF9-8D54-BE1B3880B403} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)</p><p>Task: {B33D815F-E0C9-4707-9A38-60D0DC11C5A0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)</p><p>Task: {B7771CBE-AF6A-4876-844B-F20039BB1C7C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION</p><p>Task: {C238DBC7-68AE-4794-AB16-8B083D7B095D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION</p><p>Task: {E2D21E3B-EF5C-4D30-B6BD-B495D49EE9F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION</p><p>Task: {E8A401BE-1659-4E7E-8905-4B98F8011044} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION</p><p>Task: {EC22E999-9B90-49A9-81E9-F5FBBCA047BA} - System32\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001 => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Task: {F1659426-A5C2-45E2-8E3F-72258B98B7A1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519\g2mupdate.exe C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519 PETERMCHUGH\peter.mch</p><p>Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519\g2mupload.exe C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519 PETERMCHUGH\peter.mch</p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>ShortcutWithArgument: C:\Users\peter.mchugh\Desktop\Covalent CPM (Laptop Build Site).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://<a href="http://www.covalentcpm.com/laptopJNLP/365.jnlp" target="_blank">www.covalentcpm.com/laptopJNLP/365.jnlp</a> "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3f107dab-30912176"</p><p>ShortcutWithArgument: C:\Users\peter.mchugh\Desktop\Covalent CPM (Sales Demo).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://<a href="http://www.covalentcpm.com/liveJNLP/151.jnlp" target="_blank">www.covalentcpm.com/liveJNLP/151.jnlp</a> "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6c1afef2-6157f89f"</p><p>ShortcutWithArgument: C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Covalent\Covalent CPM (Laptop Build Site).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://<a href="http://www.covalentcpm.com/laptopJNLP/365.jnlp" target="_blank">www.covalentcpm.com/laptopJNLP/365.jnlp</a> "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3f107dab-30912176"</p><p>ShortcutWithArgument: C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Covalent\Covalent CPM (Sales Demo).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://<a href="http://www.covalentcpm.com/liveJNLP/151.jnlp" target="_blank">www.covalentcpm.com/liveJNLP/151.jnlp</a> "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6c1afef2-6157f89f"</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll</p><p>2016-12-19 12:04 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll</p><p>2016-12-19 12:04 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll</p><p>2016-06-28 12:00 - 2017-01-29 13:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll</p><p>2016-09-30 21:23 - 2016-09-30 21:23 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll</p><p>2017-01-11 12:02 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll</p><p>2017-01-11 12:02 - 2016-12-21 07:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll</p><p>2017-01-11 12:01 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll</p><p>2017-01-11 12:01 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll</p><p>2017-01-11 12:01 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll</p><p>2017-01-11 12:01 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll</p><p>2017-01-11 12:01 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll</p><p>2017-01-11 12:01 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll</p><p>2017-02-22 09:49 - 2017-02-22 09:49 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe</p><p>2017-02-22 09:49 - 2017-02-22 09:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll</p><p>2017-02-22 09:49 - 2017-02-22 09:49 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll</p><p>2017-02-06 09:45 - 2017-02-06 09:45 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll</p><p>2017-01-10 15:48 - 2017-01-10 15:48 - 65784544 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll</p><p>2017-02-23 09:25 - 2017-02-23 09:26 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe</p><p>2017-02-23 09:25 - 2017-02-23 09:26 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll</p><p>2017-02-23 09:25 - 2017-02-23 09:26 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll</p><p>2016-06-03 07:49 - 2016-06-03 07:49 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll</p><p>2017-02-23 09:25 - 2017-02-23 09:26 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll</p><p>2017-02-23 09:25 - 2017-02-23 09:26 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll</p><p>2016-03-11 08:14 - 2016-03-14 09:19 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll</p><p>2016-06-28 12:01 - 2017-01-29 09:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll</p><p>2017-02-08 09:21 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll</p><p>2017-02-08 09:21 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll</p><p>2014-11-10 17:12 - 2014-11-10 17:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll</p><p>2016-06-28 11:35 - 2016-06-28 11:46 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll</p><p>2016-06-28 11:34 - 2017-01-29 09:49 - 01010368 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll</p><p>2016-06-28 12:02 - 2017-01-29 09:47 - 00512712 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p>AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:1494 [0]</p><p>AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:156 [0]</p><p>AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:1658 [0]</p><p>AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:200 [0]</p><p>AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:298 [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\Fiona OConnor passport.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\Fiona OConnor passport.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\statement from marys.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\statement from marys.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU application Fiona OConnor.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU application Fiona OConnor.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]</p><p>AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]</p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"</p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p>IE trusted site: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\dell.com -> dell.com</p><p>IE trusted site: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\sharepoint.com -> hxxps://covsw.sharepoint.com</p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2013-08-22 13:25 - 2017-03-01 13:14 - 00000853 ____A C:\WINDOWS\system32\Drivers\etc\hosts</p><p></p><p></p><p>0.0.0.1 mssplus.mcafee.com</p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg</p><p>DNS Servers: 192.168.0.1</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139</p><p>FirewallRules: [{46546CE1-3FD2-4C0E-9E17-19899D59EA7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe</p><p>FirewallRules: [{5E13B4F6-3F0B-4AC5-B0E5-0169CB5AF117}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe</p><p>FirewallRules: [{A3D54406-536A-45C6-AEEC-083E9E062FAA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe</p><p>FirewallRules: [{BA0604CE-BCC9-4830-9BB3-CBAA3558D86F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>FirewallRules: [{3C9F2E1E-A9A9-4C5E-A6C9-51F0EDD1EF69}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe</p><p>FirewallRules: [{B90D8ACF-9DA7-407A-9705-007A94D66069}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe</p><p>FirewallRules: [{47BF8EAB-677A-4BAE-AA68-E078E2389267}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe</p><p>FirewallRules: [{121AA9F1-72F7-49B7-8A47-E90BFAC5D4E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe</p><p>FirewallRules: [{01CA6461-BF41-4A25-A627-3AEA529ED3D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p>ATTENTION: System Restore is disabled</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Broadcom USH</p><p>Description: Broadcom USH</p><p>Class Guid: </p><p>Manufacturer: </p><p>Service: </p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (03/08/2017 10:40:06 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7766.2060, time stamp: 0x58a92a59</p><p>Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x58a80b2f</p><p>Exception code: 0x0074075c</p><p>Fault offset: 0x000f6b03</p><p>Faulting process id: 0x574</p><p>Faulting application start time: 0x01d29683c51cc61c</p><p>Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE</p><p>Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll</p><p>Report Id: 97d1ceb8-03eb-11e7-8283-5ce0c59eafa1</p><p>Faulting package full name: </p><p>Faulting package-relative application ID:</p><p></p><p>Error: (03/07/2017 09:11:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETERMCHUGH)</p><p>Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417848 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (03/06/2017 02:13:08 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: )</p><p>Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.</p><p></p><p>Do you want to start in safe mode?.</p><p>Rejected Safe Mode action : Microsoft Outlook.</p><p></p><p>Error: (03/06/2017 02:12:57 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7766.2060, time stamp: 0x58a92a59</p><p>Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x58a80b2f</p><p>Exception code: 0x0074075c</p><p>Fault offset: 0x000f6b03</p><p>Faulting process id: 0x1898</p><p>Faulting application start time: 0x01d2967ea7322414</p><p>Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE</p><p>Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll</p><p>Report Id: fef7e013-0276-11e7-8283-5ce0c59eafa1</p><p>Faulting package full name: </p><p>Faulting package-relative application ID:</p><p></p><p>Error: (03/02/2017 01:14:59 PM) (Source: SideBySide) (EventID: 35) (User: )</p><p>Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.</p><p>Component identity found in manifest does not match the identity of the component requested.</p><p>Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".</p><p>Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".</p><p>Please use sxstrace.exe for detailed diagnosis.</p><p></p><p>Error: (03/02/2017 12:56:48 PM) (Source: SecurityCenter) (EventID: 16) (User: )</p><p>Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).</p><p></p><p>Error: (03/02/2017 12:56:48 PM) (Source: SecurityCenter) (EventID: 16) (User: )</p><p>Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).</p><p></p><p>Error: (03/02/2017 12:56:46 PM) (Source: SecurityCenter) (EventID: 16) (User: )</p><p>Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).</p><p></p><p>Error: (03/02/2017 12:56:46 PM) (Source: SecurityCenter) (EventID: 16) (User: )</p><p>Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).</p><p></p><p>Error: (03/02/2017 10:07:53 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: AcroRd32.exe, version: 15.23.20070.19033, time stamp: 0x58a745fb</p><p>Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000</p><p>Exception code: 0xc0000008</p><p>Fault offset: 0x4c559d2a</p><p>Faulting process id: 0x3658</p><p>Faulting application start time: 0x01d292a8462f6cc0</p><p>Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe</p><p>Faulting module path: unknown</p><p>Report Id: ff00e55d-2b77-4822-83e8-ef7e4a3e1b29</p><p>Faulting package full name: </p><p>Faulting package-relative application ID:</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (03/08/2017 12:59:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{D63B10C5-BB46-4990-A94F-E40B9D520160}</p><p> and APPID </p><p>{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</p><p> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/07/2017 07:48:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{D63B10C5-BB46-4990-A94F-E40B9D520160}</p><p> and APPID </p><p>{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</p><p> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/06/2017 03:11:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{D63B10C5-BB46-4990-A94F-E40B9D520160}</p><p> and APPID </p><p>{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</p><p> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/06/2017 01:33:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )</p><p>Description: The Interactive Services Detection service terminated with the following error: </p><p>Incorrect function.</p><p></p><p>Error: (03/03/2017 11:35:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{D63B10C5-BB46-4990-A94F-E40B9D520160}</p><p> and APPID </p><p>{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</p><p> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/03/2017 10:52:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}</p><p> and APPID </p><p>{F72671A9-012C-4725-9D2F-2A4D32D65169}</p><p> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID </p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID </p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID </p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID </p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz</p><p>Percentage of memory in use: 59%</p><p>Total physical RAM: 8085.8 MB</p><p>Available physical RAM: 3245.55 MB</p><p>Total Virtual: 9557.8 MB</p><p>Available Virtual: 2290.98 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:111.53 GB) (Free:64.4 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 119.2 GB) (Disk ID: B2305D47)</p><p></p><p>Partition: GPT.</p><p></p><p>==================== End of Addition.txt ============================</p></blockquote><p></p>
[QUOTE="trixiebell, post: 606778, member: 59841"] Here is text from addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017 Ran by peter.mchugh (08-03-2017 16:40:08) Running from C:\Users\peter.mchugh\Downloads Windows 10 Pro Version 1607 (X64) (2016-09-30 12:36:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3456993172-4159185848-1155247961-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3456993172-4159185848-1155247961-503 - Limited - Disabled) Guest (S-1-5-21-3456993172-4159185848-1155247961-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3456993172-4159185848-1155247961-1003 - Limited - Enabled) peter.mchugh (S-1-5-21-3456993172-4159185848-1155247961-1001 - Administrator - Enabled) => C:\Users\peter.mchugh ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Cisco WebEx Meetings (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix) Dell System Detect (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.113 - ALPS ELECTRIC CO., LTD.) FM PDF To Word Converter Pro 3.05 (HKLM-x32\...\FM PDF To Word Converter Pro_is1) (Version: 3.05 - ) Free PDF To Word Converter 2.25 (HKLM-x32\...\Free PDF To Word Converter_is1) (Version: 2.25 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.12.108.1 - Intel Security) Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10002.14 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation) Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{B97FB671-9141-4DB9-B407-1BECE65CF91C}) (Version: 17.1.1451.0413 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{645065ef-124b-4017-ae38-6b625817f144}) (Version: 17.15.0 - Intel Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.) Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.) Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.) ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0055 - ST Microelectronics) Zoom (HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5102\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {12A00C87-217C-4E20-B03E-F765FEC57470} - System32\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001 => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {19C9A184-6D29-4132-93DE-5CD6DDEBDBD7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {23F4C938-64D4-4D67-A623-FA1CAE6A15CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {2CE132E9-7FFD-4C45-87CD-733D9CB634ED} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe Task: {363048E1-45BD-4BB0-B995-3C6C549C53CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {4CBD2F36-D72D-43BA-BE97-D0FA8A3C306E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {61CD0B7B-3E8C-49E7-9809-E1AA108BD0B7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {61D8C03A-CFDA-457D-927F-E8B58C169CED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.) Task: {64E11C7D-1499-4060-AC01-FB04450F4C05} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {6B8FED00-1B25-454E-B229-C6A6A8F08069} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {6C525133-CC22-487A-BCE6-65CBE5A9F25A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {6C6EC647-D6C9-421C-861C-1B919D3B0E66} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\peter.mchugh\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {7C034B1C-81E4-40E9-AC86-656DDEE41394} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.) Task: {82247A39-30A3-4474-AB9B-E6AEFF13312A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {883AC4EB-039D-41A2-90D7-3565F495A7F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation) Task: {96707CD3-19A0-4D1B-A001-57F026F587A2} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-07-29] (Realtek Semiconductor) Task: {A6AC81AA-2827-4DF9-8D54-BE1B3880B403} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation) Task: {B33D815F-E0C9-4707-9A38-60D0DC11C5A0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation) Task: {B7771CBE-AF6A-4876-844B-F20039BB1C7C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C238DBC7-68AE-4794-AB16-8B083D7B095D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {E2D21E3B-EF5C-4D30-B6BD-B495D49EE9F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {E8A401BE-1659-4E7E-8905-4B98F8011044} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {EC22E999-9B90-49A9-81E9-F5FBBCA047BA} - System32\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001 => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {F1659426-A5C2-45E2-8E3F-72258B98B7A1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519\g2mupdate.exe C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519 PETERMCHUGH\peter.mch Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job => C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519\g2mupload.exe C:\Users\peter.mchugh\AppData\Local\Citrix\GoToMeeting\6519 PETERMCHUGH\peter.mch ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\peter.mchugh\Desktop\Covalent CPM (Laptop Build Site).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://[URL="http://www.covalentcpm.com/laptopJNLP/365.jnlp"]www.covalentcpm.com/laptopJNLP/365.jnlp[/URL] "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3f107dab-30912176" ShortcutWithArgument: C:\Users\peter.mchugh\Desktop\Covalent CPM (Sales Demo).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://[URL="http://www.covalentcpm.com/liveJNLP/151.jnlp"]www.covalentcpm.com/liveJNLP/151.jnlp[/URL] "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6c1afef2-6157f89f" ShortcutWithArgument: C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Covalent\Covalent CPM (Laptop Build Site).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://[URL="http://www.covalentcpm.com/laptopJNLP/365.jnlp"]www.covalentcpm.com/laptopJNLP/365.jnlp[/URL] "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3f107dab-30912176" ShortcutWithArgument: C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Covalent\Covalent CPM (Sales Demo).lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://[URL="http://www.covalentcpm.com/liveJNLP/151.jnlp"]www.covalentcpm.com/liveJNLP/151.jnlp[/URL] "C:\Users\peter.mchugh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6c1afef2-6157f89f" ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-19 12:04 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-19 12:04 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-06-28 12:00 - 2017-01-29 13:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-09-30 21:23 - 2016-09-30 21:23 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 12:02 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-11 12:02 - 2016-12-21 07:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2017-01-11 12:01 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-11 12:01 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-11 12:01 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-11 12:01 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-11 12:01 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-11 12:01 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-02-22 09:49 - 2017-02-22 09:49 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 09:49 - 2017-02-22 09:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 09:49 - 2017-02-22 09:49 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-06 09:45 - 2017-02-06 09:45 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2017-01-10 15:48 - 2017-01-10 15:48 - 65784544 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll 2017-02-23 09:25 - 2017-02-23 09:26 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-02-23 09:25 - 2017-02-23 09:26 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-02-23 09:25 - 2017-02-23 09:26 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-06-03 07:49 - 2016-06-03 07:49 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-02-23 09:25 - 2017-02-23 09:26 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-02-23 09:25 - 2017-02-23 09:26 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-03-11 08:14 - 2016-03-14 09:19 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-06-28 12:01 - 2017-01-29 09:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll 2017-02-08 09:21 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-08 09:21 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2014-11-10 17:12 - 2014-11-10 17:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-06-28 11:35 - 2016-06-28 11:46 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll 2016-06-28 11:34 - 2017-01-29 09:49 - 01010368 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll 2016-06-28 12:02 - 2017-01-29 09:47 - 00512712 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:1494 [0] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:156 [0] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:1658 [0] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:200 [0] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:298 [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\Fiona OConnor passport.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\Fiona OConnor passport.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\statement from marys.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\statement from marys.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU application Fiona OConnor.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU application Fiona OConnor.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b [83] AlternateDataStreams: C:\Users\peter.mchugh\Desktop\UNFCU Application page 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\sharepoint.com -> hxxps://covsw.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2017-03-01 13:14 - 00000853 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{46546CE1-3FD2-4C0E-9E17-19899D59EA7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{5E13B4F6-3F0B-4AC5-B0E5-0169CB5AF117}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{A3D54406-536A-45C6-AEEC-083E9E062FAA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{BA0604CE-BCC9-4830-9BB3-CBAA3558D86F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{3C9F2E1E-A9A9-4C5E-A6C9-51F0EDD1EF69}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{B90D8ACF-9DA7-407A-9705-007A94D66069}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{47BF8EAB-677A-4BAE-AA68-E078E2389267}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{121AA9F1-72F7-49B7-8A47-E90BFAC5D4E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{01CA6461-BF41-4A25-A627-3AEA529ED3D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Broadcom USH Description: Broadcom USH Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/08/2017 10:40:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7766.2060, time stamp: 0x58a92a59 Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x58a80b2f Exception code: 0x0074075c Fault offset: 0x000f6b03 Faulting process id: 0x574 Faulting application start time: 0x01d29683c51cc61c Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll Report Id: 97d1ceb8-03eb-11e7-8283-5ce0c59eafa1 Faulting package full name: Faulting package-relative application ID: Error: (03/07/2017 09:11:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETERMCHUGH) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417848 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/06/2017 02:13:08 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: ) Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode. Do you want to start in safe mode?. Rejected Safe Mode action : Microsoft Outlook. Error: (03/06/2017 02:12:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7766.2060, time stamp: 0x58a92a59 Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x58a80b2f Exception code: 0x0074075c Fault offset: 0x000f6b03 Faulting process id: 0x1898 Faulting application start time: 0x01d2967ea7322414 Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll Report Id: fef7e013-0276-11e7-8283-5ce0c59eafa1 Faulting package full name: Faulting package-relative application ID: Error: (03/02/2017 01:14:59 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (03/02/2017 12:56:48 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/02/2017 12:56:48 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/02/2017 12:56:46 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/02/2017 12:56:46 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/02/2017 10:07:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AcroRd32.exe, version: 15.23.20070.19033, time stamp: 0x58a745fb Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000008 Fault offset: 0x4c559d2a Faulting process id: 0x3658 Faulting application start time: 0x01d292a8462f6cc0 Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Faulting module path: unknown Report Id: ff00e55d-2b77-4822-83e8-ef7e4a3e1b29 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (03/08/2017 12:59:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/07/2017 07:48:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/06/2017 03:11:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/06/2017 01:33:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: Incorrect function. Error: (03/03/2017 11:35:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/03/2017 10:52:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/03/2017 10:52:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz Percentage of memory in use: 59% Total physical RAM: 8085.8 MB Available physical RAM: 3245.55 MB Total Virtual: 9557.8 MB Available Virtual: 2290.98 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:111.53 GB) (Free:64.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: B2305D47) Partition: GPT. ==================== End of Addition.txt ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top