Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019 Ran by Veron (26-06-2019 21:57:45) Running from C:\Users\Veron\Downloads Windows 10 Home Version 1803 17134.829 (X64) (2018-10-17 14:39:31) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-961780696-1817382186-845450316-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-961780696-1817382186-845450316-503 - Limited - Disabled) Guest (S-1-5-21-961780696-1817382186-845450316-501 - Limited - Disabled) Veron (S-1-5-21-961780696-1817382186-845450316-1001 - Administrator - Enabled) => C:\Users\Veron WDAGUtilityAccount (S-1-5-21-961780696-1817382186-845450316-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe) Alcor Micro USB Card Reader Driver (HKLM-x32\...\{9D569A6E-C9DF-490E-93E0-7AFD28D1F9BB}) (Version: 20.23.401.14519 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{9D569A6E-C9DF-490E-93E0-7AFD28D1F9BB}) (Version: 20.23.401.14519 - Alcor Micro Corp.) ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.) ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.2.1.0 - ASUSTeK COMPUTER INC.) ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.1.0 - ASUSTeK COMPUTER INC.) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.) ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.18 - ASUS) ASUS ZenAnywhere (HKLM\...\{EE18BAB5-35F1-44B4-A6DE-C9D4B434322F}) (Version: 4.6.0 - Orbweb Inc.) Hidden ASUS ZenAnywhere (HKLM-x32\...\ASUS ZenAnywhere 4.6.0) (Version: 4.6.0 - Orbweb Inc.) ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0060 - ASUSTeK COMPUTER INC.) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.5.34 - ICEpower a/s) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.0.1 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) Canon TS8000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS8000_series) (Version: 1.02 - Canon Inc.) Canon TS8000 series On-screen Manual (HKLM-x32\...\Canon TS8000 series On-screen Manual) (Version: 1.1.0 - Canon Inc.) Canon TS8000 series User Registration (HKLM-x32\...\Canon TS8000 series User Registration) (Version: - ‭Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10205.4743 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000030-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.30.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{d5c53162-d8b4-4547-8a40-917a25c0172e}) (Version: 20.60.0 - Intel Corporation) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R18 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.36 - McAfee, Inc.) Microsoft OneDrive (HKU\S-1-5-21-961780696-1817382186-845450316-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8248 - Realtek Semiconductor Corp.) Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.10.713.2016 - Realtek) UCMcxRTK (HKLM-x32\...\{2441B0B9-F24A-4DD3-97FC-5AC3495162DD}) (Version: 10.0.15063.101 - Realtek Semiconductor Corp.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Windows Driver Package - ASUS (AsusPTPDrv) HIDClass (04/21/2017 11.0.0.16) (HKLM\...\7517F958DC823EE4C12050C16EFF05886960ABEF) (Version: 04/21/2017 11.0.0.16 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.7 - ASUSTeK COMPUTER INC.) Zoom (HKU\S-1-5-21-961780696-1817382186-845450316-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.) Packages: ========= ASUS Battery Health Charging -> C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy [2018-10-17] (ASUSTeK COMPUTER INC.) ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.7.0_x64__qmba6cd70vzyy [2019-04-26] (ASUSTeK COMPUTER INC.) ASUS Product Registration Program -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgram_3.0.3.0_x86__qmba6cd70vzyy [2019-01-01] (ASUSTeK COMPUTER INC.) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1530.2.0_x86__kgqvnymyfvs32 [2019-06-13] (king.com) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-12] (Dolby Laboratories) eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2018-10-17] (ASUSTeK COMPUTER INC.) Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-01-15] (Fitbit) LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-01-01] (LinkedIn) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad] McAfee Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_1.4.3.0_x64__wafk5atnkzcwy [2019-01-01] (McAfee Inc.) Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.11629.20246.0_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad] Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.11629.20246.0_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad] Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.11629.20246.0_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11629.20246.0_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.11629.20246.0_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.11629.20246.0_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad] Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.11629.20246.0_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2019-01-01] (ASUSTeK COMPUTER INC.) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-20] (Netflix, Inc.) Splendid -> C:\Program Files\WindowsApps\B9ECED6F.Splendid_1.0.14.0_x64__qmba6cd70vzyy [2019-04-16] (ASUSTeK COMPUTER INC.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_c9081e50bcffa972\igfxDTCM.dll [2018-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2019-02-16 22:12 - 2015-09-15 17:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll 2019-02-16 22:17 - 2017-07-05 14:43 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll 2019-02-16 22:12 - 2015-09-01 19:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll 2019-02-16 22:12 - 2015-06-17 17:03 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL 2019-02-16 22:12 - 2015-06-17 17:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll 2019-02-16 22:12 - 2015-05-26 10:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll 2019-02-16 22:17 - 2017-07-05 14:49 - 000593920 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Aegon:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Atingo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Byt Kamenicka:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Cafetalk:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\channel crossings:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Custom Office Templates:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\CVs, websites:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Dwellworks:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\English classes:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Espanol:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\final:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Foundations:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\français:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\ICL classes:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\ICL extras:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\important documents:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\language stories FB:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\leboncoin:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Modèles Office personnalisés:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\originaly:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\PE:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\pracovne:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\SK:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\Slovak classes:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\Veron\OneDrive\Documents\website:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ HKU\S-1-5-21-961780696-1817382186-845450316-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Veron\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\dsc_9458.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ASLDRService => 2 MSCONFIG\Services: ClientAnalyticsService => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: cplspcon => 2 MSCONFIG\Services: esifsvc => 2 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: GiftBox.Service => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: ibtsiva => 2 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: IJPLMSVC => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: McAfee WebAdvisor => 2 MSCONFIG\Services: mccspsvc => 2 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\Services: RegSrvc => 2 MSCONFIG\Services: ZenAnywhere => 3 MSCONFIG\Services: ZenAnywhere Updater => 3 MSCONFIG\Services: ZenAnywhereNetworkService => 3 MSCONFIG\Services: ZeroConfigService => 2 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{492AA964-E348-4F1A-8DDD-E01E10CC1CB8}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.) FirewallRules: [{C53709EE-2BB4-46ED-868B-623D226AA713}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.) FirewallRules: [{181194EF-F7CF-4964-99A3-22014A1CCAE5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.) FirewallRules: [{96918CD1-E9D9-484B-8C3E-553F84BF8331}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{69C5AE8F-4028-4C14-8862-C677DFEF6A2A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11629.20246.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{695F8F5D-F916-4BA3-8BFC-7E7B827B6015}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 12-06-2019 17:57:25 Windows Update 15-06-2019 19:23:46 Windows Update 15-06-2019 19:24:31 Windows Update 21-06-2019 19:30:36 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/26/2019 09:07:22 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-AHR82KAC) Description: httphttp-2147467263 Error: (06/26/2019 09:07:21 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-AHR82KAC) Description: httphttp-2147467263 Error: (06/26/2019 09:04:55 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-AHR82KAC) Description: httphttp-2147467263 Error: (06/26/2019 09:04:55 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-AHR82KAC) Description: httphttp-2147467263 Error: (06/26/2019 09:02:42 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: ) Description: Event-ID 2011 Error: (06/26/2019 02:41:34 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-AHR82KAC) Description: httphttp-2147467263 Error: (06/26/2019 02:41:34 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-AHR82KAC) Description: httphttp-2147467263 Error: (06/26/2019 02:39:24 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-AHR82KAC) Description: httphttp-2147467263 System errors: ============= Error: (06/26/2019 09:54:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/26/2019 09:21:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/26/2019 09:16:30 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-AHR82KAC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user LAPTOP-AHR82KAC\Veron SID (S-1-5-21-961780696-1817382186-845450316-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/26/2019 09:16:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/26/2019 09:16:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/26/2019 09:16:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/26/2019 09:16:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/26/2019 09:16:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2019-06-24 16:28:26.527 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {279E29A0-A25D-44C4-9977-3E0AD9C019E2} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-05-28 17:51:36.572 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {27F5183A-8D42-46BC-AC6F-FE5DEE46D54D} Scan Type: Antimalware Scan Parameters: Quick Scan CodeIntegrity: =================================== Date: 2019-01-15 10:32:18.219 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-01-15 10:32:18.214 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-01-15 10:32:18.209 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-01-15 10:32:18.128 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-01-15 10:32:18.119 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-01-15 10:32:18.004 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfehida.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. UX430UAR.308 04/17/2019 Motherboard: ASUSTeK COMPUTER INC. UX430UAR Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz Percentage of memory in use: 51% Total physical RAM: 8052.77 MB Available physical RAM: 3937 MB Total Virtual: 9332.77 MB Available Virtual: 4786.13 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:237.42 GB) (Free:180.57 GB) NTFS \\?\Volume{b99f332a-a3ba-4e8f-a22e-b52af21a37b0}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.39 GB) NTFS \\?\Volume{db9d7a81-0647-472a-8f09-f3474e95c55a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: A54BF2EE) Partition: GPT. ==================== End of Addition.txt ============================