Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan-PoweLike!lnk.a


  • This topic is locked This topic is locked
19 replies to this topic

#1 acaciaroses

acaciaroses

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 08 November 2016 - 12:58 PM

I have Mcafee Security Center through AT&T. I have one computer with 2 users plus admin and guest.  Earlier in October, I opened a Flash download popup, as the user Acacia, and since then, I am getting popups from Mcafee that say it has quarantined an infected file.  I have deleted the quarantined files, but it keeps regenerating the popup and the infected file.  I am currently in admin, and this is where I downloaded the FRST and the FRST.txt and Addition.txt.   

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-11-2016
Ran by Acacia (administrator) on ACACIA-PC (08-11-2016 09:43:51)
Running from C:\Users\Acacia\Desktop
Loaded Profiles: Acacia (Available Profiles: Acacia & Jason & Acacia_2 & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2016\QBW32.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\secd.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.9.829.0\McCSPServiceHost.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Security) C:\Program Files\Common Files\Mcafee\ClientAnalytics\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfAlert.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [762032 2016-09-23] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-11-01] (Apple Inc.)
HKU\S-1-5-21-808292782-3668494104-3534392872-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-808292782-3668494104-3534392872-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-808292782-3668494104-3534392872-1000\...\Run: [iCloudPhotos] => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-10-05] (Apple Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk [2016-10-18]
ShortcutTarget: c732181.lnk ->  (No File)
Startup: C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicy\User: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{065F1C90-A13B-4F1A-A673-F798CE712F78}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-808292782-3668494104-3534392872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-808292782-3668494104-3534392872-1000 -> Default = (value not set)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-808292782-3668494104-3534392872-1000 -> {B3FD7DAC-1A00-4CDE-A02A-6B5040109D11} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-808292782-3668494104-3534392872-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2016-06-14] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2016-09-23] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-10-06]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default [2016-11-04]
CHR Extension: (Google Slides) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Docs) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-25]
CHR Extension: (YouTube) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-25]
CHR Extension: (Google Search) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-25]
CHR Extension: (Google Sheets) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (SiteAdvisor) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-04]
CHR Extension: (Gmail) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-23]
CHR Extension: (Chrome Media Router) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-04-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [142600 2016-10-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [870688 2016-09-23] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1405264 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [630704 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196848 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [343304 2016-06-23] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [265968 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1130272 2016-06-17] (McAfee, Inc.)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [361472 2012-03-13] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342016 2012-07-05] (Alcatel-Lucent) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [858864 2016-05-25] (Intel Security, Inc.)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-06-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-02-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-02-11] (Intuit Inc.) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [257024 2011-08-01] (WDC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [71968 2016-04-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [168800 2016-08-02] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-01-13] ()
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [321312 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [271144 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [379680 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648480 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [408360 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [83752 2016-08-01] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [41600 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [199464 2016-04-27] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-03-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-03-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 mfehidk01; \Device\mfehidk01.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-08 09:43 - 2016-11-08 09:44 - 00019450 _____ C:\Users\Acacia\Desktop\FRST.txt
2016-11-08 09:43 - 2016-11-08 09:43 - 00000000 ____D C:\FRST
2016-11-08 09:42 - 2016-11-08 09:42 - 01759744 _____ (Farbar) C:\Users\Acacia\Desktop\FRST.exe
2016-11-04 12:34 - 2016-11-08 09:22 - 00000000 ___RD C:\Users\Acacia\iCloudDrive
2016-11-04 12:34 - 2016-11-04 12:34 - 00000000 ____D C:\Users\Acacia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-11-04 12:34 - 2016-11-04 12:34 - 00000000 ____D C:\Users\Acacia\AppData\Local\Apple Inc
2016-11-03 16:00 - 2016-11-03 16:00 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-03 16:00 - 2016-11-03 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-03 15:59 - 2016-11-03 16:00 - 00000000 ____D C:\Program Files\iTunes
2016-11-03 15:59 - 2016-11-03 15:59 - 00000000 ____D C:\Program Files\iPod
2016-11-03 15:48 - 2016-11-03 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-11-03 14:39 - 2016-11-03 14:40 - 00000000 ____D C:\Users\Acacia_2\Desktop\CA Mechanics Lien
2016-11-03 14:32 - 2016-11-03 14:32 - 00000611 _____ C:\IMG_20160902_0001.lnk5z657
2016-10-27 18:31 - 2016-10-27 18:31 - 00000738 _____ C:\9-28 to 10-4 NS.lnkpf931
2016-10-27 18:21 - 2016-10-27 18:21 - 00000931 _____ C:\2016-09-26 11.53.38.lnkht927
2016-10-27 18:20 - 2016-10-27 18:20 - 00000931 _____ C:\2016-09-09 12.36.52.lnkyk742
2016-10-27 18:19 - 2016-10-27 18:19 - 00000931 _____ C:\2016-08-29 08.16.32.lnkui710
2016-10-27 18:19 - 2016-10-27 18:19 - 00000931 _____ C:\2016-08-22 19.11.26.lnkhs705
2016-10-27 18:18 - 2016-10-27 18:18 - 00000931 _____ C:\2016-08-18 19.25.13.lnky4689
2016-10-27 16:48 - 2016-10-27 16:48 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-27 14:40 - 2016-10-27 14:40 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-27 12:42 - 2016-10-27 13:10 - 00024551 _____ C:\Users\Acacia_2\Desktop\CE customers.CSV
2016-10-26 18:37 - 2016-10-26 19:17 - 00075285 _____ C:\Users\Jason\Desktop\14135 Davos Dr. Electrical Proposal.pdf
2016-10-24 16:54 - 2016-10-24 16:54 - 00000000 ____D C:\Users\Acacia\AppData\Local\Eraser 6
2016-10-24 14:42 - 2016-10-24 14:42 - 00000000 ____D C:\Program Files\Common Files\Java
2016-10-24 14:40 - 2016-10-24 14:40 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-10-24 14:40 - 2016-10-24 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-20 22:01 - 2016-10-20 22:01 - 00001527 _____ C:\Contact Electric QBW (Backup Oct 20,2016  10 59 PM).lnkpn937
2016-10-20 21:20 - 2016-10-20 21:20 - 00001081 _____ C:\20161012_1927191 (1).lnkui79
2016-10-20 20:48 - 2016-10-20 20:49 - 00072400 _____ C:\Users\Jason\Desktop\Hyatt Place Electrical Proposal for 2 Charging Stations.pdf
2016-10-19 06:28 - 2016-10-19 07:35 - 00089793 _____ C:\Users\Jason\Desktop\Lot 353 edges job sheet.pdf
2016-10-18 14:05 - 2016-10-18 14:05 - 00076570 _____ C:\Users\Jason\Desktop\Lot 373 Edges Job Sheet.pdf
2016-10-18 11:23 - 2016-10-24 15:28 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\3a27903
2016-10-18 11:23 - 2016-10-18 11:24 - 00000000 ____D C:\Users\Acacia_2\AppData\Local\3a27903
2016-10-18 11:23 - 2016-10-18 11:23 - 00000791 _____ C:\70a2572.lnky4811
2016-10-18 11:23 - 2016-10-18 11:23 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\9f1c1b3
2016-10-18 10:13 - 2016-10-18 10:13 - 00000829 _____ C:\Lot 188 Edges Job Sheet.lnkpn119
2016-10-13 21:31 - 2016-10-13 21:31 - 00001527 _____ C:\Contact Electric QBW (Backup Oct 13,2016  10 29 PM).lnkht105
2016-10-13 12:21 - 2016-10-13 12:18 - 00102127 _____ C:\Users\Jason\Desktop\2016 CA Stmt of Info
2016-10-13 12:21 - 2016-05-12 12:34 - 00026241 _____ C:\Users\Jason\Desktop\2016 GL Insurance.pdf
2016-10-13 12:20 - 2016-10-13 12:20 - 00000677 _____ C:\2015 CA Statement of Information.lnkhs983
2016-10-12 20:58 - 2016-10-12 20:58 - 00000707 _____ C:\American_Express_Stop_Payment_20160126.lnkyk100
2016-10-12 20:56 - 2016-10-12 20:56 - 00000742 _____ C:\Econolight 4E-T4G, E-T6G, E-T6H, E-T4F SERIES.lnkpf110
2016-10-12 20:54 - 2016-10-12 20:54 - 00000702 _____ C:\MC Lot 137 Chaffee Residence Proposal.lnk7q124
2016-10-11 22:38 - 2016-10-11 22:38 - 00000754 _____ C:\Wynter Phoenix Inv_303536_from_CONTACT_ELECTRIC_INC._5120.lnk30130
2016-10-11 21:52 - 2016-10-11 21:52 - 00077300 _____ C:\Users\Jason\Desktop\Rutz Residence Electrical Proposal.pdf
2016-10-11 11:23 - 2016-09-30 11:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-11 11:23 - 2016-09-30 07:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-10-11 11:23 - 2016-09-30 07:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 11:23 - 2016-09-29 21:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 11:23 - 2016-09-29 21:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 11:23 - 2016-09-29 21:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 11:23 - 2016-09-29 21:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 11:23 - 2016-09-29 21:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 11:23 - 2016-09-29 21:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 11:23 - 2016-09-29 20:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 11:23 - 2016-09-29 20:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 11:23 - 2016-09-15 07:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 11:23 - 2016-09-12 12:54 - 00067816 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 11:23 - 2016-09-12 12:53 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-11 11:23 - 2016-09-12 12:53 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-11 11:23 - 2016-09-12 12:49 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 11:23 - 2016-09-12 12:49 - 01017856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 11:23 - 2016-09-12 12:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 11:23 - 2016-09-12 11:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 11:23 - 2016-09-12 11:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 11:23 - 2016-09-10 07:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 11:23 - 2016-09-09 10:01 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-11 11:23 - 2016-09-09 07:53 - 01406976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 11:23 - 2016-09-09 07:53 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 11:23 - 2016-09-09 07:53 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 11:23 - 2016-09-09 07:53 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 11:23 - 2016-09-09 07:53 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 11:23 - 2016-09-09 07:53 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 11:23 - 2016-09-09 07:53 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 11:23 - 2016-09-08 06:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 11:23 - 2016-09-08 06:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 11:23 - 2016-08-16 10:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-11 11:23 - 2016-08-12 08:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 11:23 - 2016-08-12 08:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 11:23 - 2016-08-12 08:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-11 11:23 - 2016-08-06 07:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-11 11:23 - 2016-08-06 07:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-11 11:23 - 2016-08-06 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-11 11:23 - 2016-08-06 07:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-11 11:23 - 2016-08-06 06:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-11 11:23 - 2016-07-22 06:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-11 11:23 - 2016-06-14 07:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-11 11:23 - 2016-06-14 07:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-11 11:23 - 2016-06-14 07:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-11 11:23 - 2016-06-14 07:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-11 11:22 - 2016-09-29 21:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-11 11:22 - 2016-09-29 21:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-11 11:22 - 2016-09-29 21:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-11 11:22 - 2016-09-29 21:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-11 11:22 - 2016-09-29 21:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-11 11:22 - 2016-09-29 21:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-11 11:22 - 2016-09-29 21:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-11 11:22 - 2016-09-29 21:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-11 11:22 - 2016-09-29 21:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-11 11:22 - 2016-09-29 21:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-11 11:22 - 2016-09-29 21:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-11 11:22 - 2016-09-29 21:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-11 11:22 - 2016-09-29 21:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-11 11:22 - 2016-09-29 21:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-11 11:22 - 2016-09-29 21:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-11 11:22 - 2016-09-29 21:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-11 11:22 - 2016-09-29 21:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-11 11:22 - 2016-09-29 21:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-11 11:22 - 2016-09-29 21:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-11 11:22 - 2016-09-29 21:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-11 11:22 - 2016-09-29 21:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-11 11:22 - 2016-09-29 21:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-11 11:22 - 2016-09-29 21:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-11 11:22 - 2016-09-29 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-11 11:22 - 2016-09-29 21:05 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-11 11:22 - 2016-09-29 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 11:22 - 2016-09-15 07:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-11 11:22 - 2016-09-12 12:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-11 11:22 - 2016-09-12 12:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-11 11:22 - 2016-09-12 12:26 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-11 11:22 - 2016-09-12 12:26 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-11 11:22 - 2016-09-12 12:26 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-11 11:22 - 2016-09-12 12:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-11 11:22 - 2016-09-12 12:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-11 11:22 - 2016-09-12 12:25 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-11 11:22 - 2016-09-09 10:00 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-11 11:22 - 2016-09-09 10:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-11 11:22 - 2016-09-09 09:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-11 11:22 - 2016-09-09 09:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-11 11:22 - 2016-09-09 09:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-11 11:22 - 2016-09-09 09:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-11 11:22 - 2016-09-09 09:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-11 11:22 - 2016-09-09 09:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-11 11:22 - 2016-09-09 09:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-11 11:22 - 2016-09-09 09:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-11 11:22 - 2016-09-09 09:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-11 11:22 - 2016-09-09 09:39 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-11 11:22 - 2016-09-09 09:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-11 11:22 - 2016-09-08 12:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 11:22 - 2016-09-08 12:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 11:22 - 2016-08-12 08:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-11 11:22 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-11 11:22 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-11 11:22 - 2016-08-06 07:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-11 11:22 - 2016-08-06 06:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-11 11:22 - 2016-08-06 06:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-11 11:22 - 2016-06-14 07:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-11 11:22 - 2016-06-14 07:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-11 11:22 - 2016-06-14 07:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-11 11:22 - 2016-06-14 07:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-11 11:22 - 2016-06-14 07:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-11 11:22 - 2016-06-14 07:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-11 11:22 - 2016-06-14 07:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-11 11:22 - 2016-06-14 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-11 11:22 - 2016-06-14 07:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-11 11:22 - 2016-06-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-11 11:22 - 2016-06-14 07:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-11 11:22 - 2016-06-14 07:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-11 11:22 - 2016-06-14 06:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-11 11:22 - 2016-06-14 06:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-11 11:22 - 2016-06-14 06:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 11:21 - 2016-08-29 07:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 11:21 - 2016-08-29 07:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-11 11:21 - 2016-08-29 07:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-11 11:21 - 2016-08-29 06:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-11 11:21 - 2016-08-16 12:27 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-11 11:21 - 2016-08-16 12:27 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-11 11:21 - 2016-08-16 12:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-11 11:21 - 2016-08-16 12:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-11 11:21 - 2016-08-16 12:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-11 11:21 - 2016-08-16 12:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-11 11:21 - 2016-08-16 12:26 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-08 09:37 - 2015-06-16 07:20 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-808292782-3668494104-3534392872-1001UA.job
2016-11-08 09:35 - 2009-07-13 20:34 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-08 09:35 - 2009-07-13 20:34 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-08 09:27 - 2010-11-20 13:01 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-08 09:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-11-08 09:25 - 2016-02-29 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-11-08 09:21 - 2014-04-30 13:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-08 09:21 - 2011-05-04 21:15 - 00000000 ____D C:\Users\Acacia
2016-11-08 09:21 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-07 21:59 - 2015-06-18 12:50 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-808292782-3668494104-3534392872-1002UA.job
2016-11-07 21:59 - 2014-04-30 13:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-07 15:10 - 2015-06-18 12:50 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-808292782-3668494104-3534392872-1002Core.job
2016-11-07 15:08 - 2015-05-04 05:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-07 15:01 - 2011-05-15 10:50 - 00000000 ____D C:\Users\Acacia\AppData\Local\ElevatedDiagnostics
2016-11-07 15:00 - 2014-01-31 13:00 - 00000000 ___RD C:\Users\Acacia_2\Dropbox
2016-11-07 15:00 - 2011-12-23 09:32 - 00000000 ____D C:\Users\Acacia_2\AppData\Local\Deployment
2016-11-07 14:58 - 2015-10-03 09:18 - 00000000 ___RD C:\Users\Acacia_2\iCloudDrive
2016-11-04 12:38 - 2016-09-13 17:46 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-04 12:38 - 2014-04-30 13:55 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-04 12:34 - 2011-10-07 12:57 - 00000000 ____D C:\Users\Acacia\AppData\Roaming\Apple Computer
2016-11-04 11:41 - 2011-05-13 07:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-04 11:22 - 2015-06-16 07:20 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-808292782-3668494104-3534392872-1001Core.job
2016-11-04 07:19 - 2014-07-06 16:56 - 00000000 ___RD C:\Users\Jason\Dropbox
2016-11-03 15:59 - 2011-07-26 10:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-02 14:19 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-10-27 16:48 - 2014-02-28 12:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Dropbox
2016-10-27 14:40 - 2014-01-29 17:46 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\Dropbox
2016-10-26 13:58 - 2011-05-15 12:39 - 00000000 ____D C:\Users\Acacia_2\AppData\Local\VirtualStore
2016-10-24 15:04 - 2014-06-02 11:37 - 00000000 ____D C:\Windows\Minidump
2016-10-24 14:52 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\NDF
2016-10-24 14:42 - 2014-10-24 15:00 - 00000000 ____D C:\ProgramData\Oracle
2016-10-24 14:40 - 2011-05-11 18:06 - 00000000 ____D C:\Program Files\java
2016-10-24 14:23 - 2015-09-09 09:17 - 00000000 ____D C:\Users\Acacia_2\.oracle_jre_usage
2016-10-13 12:11 - 2011-05-15 12:41 - 00000000 ____D C:\Users\Acacia_2\Desktop\Contact Electric
2016-10-13 09:45 - 2015-03-19 15:32 - 00000000 ____D C:\Users\Acacia_2\AppData\Local\Apple Inc
2016-10-13 09:44 - 2011-05-15 12:39 - 00000000 ____D C:\Users\Acacia_2
2016-10-13 09:41 - 2011-07-26 10:56 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\Apple Computer
2016-10-12 19:22 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2016-10-12 18:41 - 2009-07-13 20:33 - 00303408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 18:39 - 2014-12-09 13:06 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-12 18:39 - 2014-05-06 13:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-12 18:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-12 18:38 - 2012-03-05 11:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-11 23:11 - 2013-08-15 02:05 - 00000000 ____D C:\Windows\system32\MRT
2016-10-11 23:05 - 2011-05-11 17:46 - 141042968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 23:04 - 2012-03-05 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 12:16 - 2016-08-29 13:51 - 00058628 _____ C:\Users\Jason\Desktop\Lot 555 Invoice Submittal.pdf
2016-10-10 06:35 - 2011-05-09 17:44 - 00000000 ____D C:\Program Files\Common Files\Mcafee

==================== Files in the root of some directories =======

2011-01-18 00:50 - 2011-01-18 00:50 - 132609310 _____ () C:\Program Files\openofficeorg1.cab
2011-01-18 00:53 - 2011-01-18 00:53 - 2994688 _____ () C:\Program Files\openofficeorg33.msi
2011-01-18 00:52 - 2011-01-18 00:52 - 0475016 _____ () C:\Program Files\setup.exe
2011-01-18 00:05 - 2011-01-18 00:05 - 0000290 _____ () C:\Program Files\setup.ini
2012-05-14 22:18 - 2014-04-18 14:38 - 0007601 _____ () C:\Users\Acacia\AppData\Local\Resmon.ResmonCfg

ZeroAccess:
C:\Users\Acacia_2\AppData\Local\{8c09b6da-ec21-096f-4e98-5cdda72245b0}

Files to move or delete:
====================
C:\Users\Acacia_2\gotomypc_626.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-04 08:10

==================== End of FRST.txt ============================Attached File  Addition.txt   43.6KB   1 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 11 November 2016 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk [2016-10-18]
ShortcutTarget: c732181.lnk ->  (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicy\User: Restriction ? <======= ATTENTION
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 mfehidk01; \Device\mfehidk01.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk
C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
===

Pleasepost the fixlog.txt file and let me know what problem persists with this computer.

#3 acaciaroses

acaciaroses
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 14 November 2016 - 08:24 PM

Below is the Fixlog.txt from my computer. I do not seem to be having any more issues.  McAfee is not telling me it has quarantined an infected file anymore. 

Also, I recently updated Java, but I will do it again.  Do I need Java?  I am unsure.  I read your articles you directed me to, but it did not seem to answer that question.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-11-2016
Ran by Acacia (14-11-2016 16:59:24) Run:1
Running from C:\Users\Acacia\Desktop
Loaded Profiles: Acacia & Jason (Available Profiles: Acacia & Jason & Acacia_2 & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk [2016-10-18]
ShortcutTarget: c732181.lnk ->  (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicy\User: Restriction ? <======= ATTENTION
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 mfehidk01; \Device\mfehidk01.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> no filepath
C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk
C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully.
"HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully.
"HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully.
"HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully.
"HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk => moved successfully
ShortcutTarget: c732181.lnk ->  (No File) => not found.
C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe => not found.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => value removed successfully.
HKCR\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
BTCFilterService => service removed successfully.
mfehidk01 => service removed successfully.
motccgp => service removed successfully.
motccgpfl => service removed successfully.
motmodem => service removed successfully.
MotoSwitchService => service removed successfully.
Motousbnet => service removed successfully.
motusbdevice => service removed successfully.
MREMPR5 => service removed successfully.
MRENDIS5 => service removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}" => key removed successfully.
"HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}" => key removed successfully.
HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-21-808292782-3668494104-3534392872-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk" => not found.
"C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7663272 B
Java, Flash, Steam htmlcache => 1238 B
Windows/system/drivers => 1416664575 B
Edge => 0 B
Chrome => 6103800 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 17863295 B
Public => 0 B
ProgramData => 0 B
systemprofile => 21586281 B
LocalService => 132244 B
NetworkService => 1431512 B
Acacia => 224674753 B
Jason => 710442936 B
Acacia_2 => 1634463073 B
Guest => 257144367 B

RecycleBin => 7425 B
EmptyTemp: => 4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:07:35 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 15 November 2016 - 10:02 AM

Download the Latest version of Java.

Disable it as suggested in my previous post.
If ever needed you can enable it.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 acaciaroses

acaciaroses
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 17 November 2016 - 11:30 PM

Attached File  Addition.txt   40.23KB   0 downloadsHello.  When I went into my computer today, it was slow loading my printer icon, and a bit slow in general.  When I went back on this evening, I received the same message, "McAfee has quarantined an infected file on your device." 

My Java is up to date and I disabled it on Admin but not as User. I ran a quickclean through McAfee and I also ran RegServo this afternoon. RegServo tells me I have a lot of empty registry keys.  Is this something I should be concerned about?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2016
Ran by Acacia (administrator) on ACACIA-PC (17-11-2016 20:13:46)
Running from C:\Users\Acacia\Desktop
Loaded Profiles: Acacia (Available Profiles: Acacia & Jason & Acacia_2 & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\ModuleCore\ModuleCoreService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2016\QBW32.EXE
(Apple, Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\secd.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Security) C:\Program Files\Common Files\Mcafee\ClientAnalytics\McClientAnalytics.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [762032 2016-09-23] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-11-01] (Apple Inc.)
HKU\S-1-5-21-808292782-3668494104-3534392872-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-808292782-3668494104-3534392872-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-808292782-3668494104-3534392872-1000\...\Run: [iCloudPhotos] => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-10-05] (Apple Inc.)
Startup: C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk [2016-11-14]
ShortcutTarget: c732181.lnk ->  (No File)
Startup: C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-11-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-11-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{065F1C90-A13B-4F1A-A673-F798CE712F78}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-808292782-3668494104-3534392872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-808292782-3668494104-3534392872-1000 -> Default = (value not set)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-808292782-3668494104-3534392872-1000 -> {B3FD7DAC-1A00-4CDE-A02A-6B5040109D11} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-808292782-3668494104-3534392872-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2016-06-14] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2016-09-23] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-10-06]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Google Slides) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Docs) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-25]
CHR Extension: (YouTube) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-25]
CHR Extension: (Google Search) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-25]
CHR Extension: (Google Sheets) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (SiteAdvisor) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Acacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [142600 2016-10-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [870688 2016-09-23] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1405264 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [630704 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196848 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [343304 2016-06-23] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [265968 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1130272 2016-06-17] (McAfee, Inc.)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [361472 2012-03-13] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342016 2012-07-05] (Alcatel-Lucent) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [858864 2016-05-25] (Intel Security, Inc.)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-06-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-02-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-02-11] (Intuit Inc.) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [257024 2011-08-01] (WDC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [71968 2016-04-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [168800 2016-08-02] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-01-13] ()
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [321312 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [271144 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [379680 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648480 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [408360 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [83752 2016-08-01] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [41600 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [199464 2016-04-27] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-03-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-03-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 14:38 - 2015-12-16 10:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-11-15 14:38 - 2015-12-16 10:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-11-15 14:38 - 2015-12-16 10:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-11-15 14:38 - 2015-12-16 10:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-11-15 14:37 - 2015-08-05 09:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-11-15 14:37 - 2015-08-05 08:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-11-15 14:15 - 2016-11-15 14:15 - 00171054 _____ C:\Users\Acacia_2\Desktop\161110 bill pay stub.xps
2016-11-15 14:08 - 2016-11-15 14:08 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-14 17:24 - 2016-11-14 17:24 - 00000000 ____D C:\Users\Acacia\AppData\Roaming\Oracle
2016-11-14 16:59 - 2016-11-14 17:07 - 00015745 _____ C:\Users\Acacia\Desktop\Fixlog.txt
2016-11-14 16:52 - 2016-11-17 20:13 - 00000000 ____D C:\Users\Acacia\Desktop\FRST-OlderVersion
2016-11-14 10:54 - 2016-11-14 10:54 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-14 10:49 - 2016-11-14 10:49 - 00219956 _____ C:\Users\Jason\Downloads\filename_0=Contact%20Electric's%202nd%20Nevada%20Home%20Charging%20Installation%20%20%20Pr
2016-11-09 22:19 - 2016-11-09 22:19 - 00079874 _____ C:\Users\Jason\Desktop\King Residence Electrical Proposal.pdf
2016-11-08 22:26 - 2016-11-08 22:26 - 00070399 _____ C:\Users\Jason\Desktop\The Child Garden Electrical Proposal.pdf
2016-11-08 14:10 - 2016-11-08 14:10 - 00058339 _____ C:\Users\Jason\Desktop\Lot 188 Invoice Submittal.pdf
2016-11-08 12:16 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 12:16 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 12:16 - 2016-11-02 07:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 12:16 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 12:16 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 12:16 - 2016-10-27 19:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 12:16 - 2016-10-27 07:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 12:16 - 2016-10-27 06:16 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 12:16 - 2016-10-25 06:54 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 12:16 - 2016-10-22 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 12:16 - 2016-10-22 09:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 12:16 - 2016-10-22 09:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 12:16 - 2016-10-22 09:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 12:16 - 2016-10-22 09:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 12:16 - 2016-10-22 09:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 12:16 - 2016-10-22 09:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 12:16 - 2016-10-22 09:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 12:16 - 2016-10-22 09:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 12:16 - 2016-10-22 09:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 12:16 - 2016-10-22 09:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 12:16 - 2016-10-22 09:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 12:16 - 2016-10-22 09:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 12:16 - 2016-10-22 09:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 12:16 - 2016-10-22 09:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 12:16 - 2016-10-22 09:13 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 12:16 - 2016-10-22 09:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 12:16 - 2016-10-22 09:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 12:16 - 2016-10-22 09:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 12:16 - 2016-10-22 08:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 12:16 - 2016-10-22 08:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 12:16 - 2016-10-22 08:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 12:16 - 2016-10-22 08:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 12:16 - 2016-10-22 08:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 12:16 - 2016-10-22 08:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 12:16 - 2016-10-22 08:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 12:16 - 2016-10-22 08:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 12:16 - 2016-10-22 08:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 12:16 - 2016-10-22 08:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 12:16 - 2016-10-22 08:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 12:16 - 2016-10-22 08:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 12:16 - 2016-10-22 08:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 12:16 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 12:16 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 12:16 - 2016-10-11 07:24 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 12:16 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 12:16 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 12:16 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 12:16 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 12:16 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 12:16 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 12:16 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 12:16 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 12:16 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 12:16 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 12:16 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 12:16 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 12:16 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 12:16 - 2016-10-10 07:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 12:16 - 2016-10-10 07:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 12:16 - 2016-10-10 07:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 12:16 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 12:16 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 12:16 - 2016-10-10 06:50 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 12:16 - 2016-10-10 06:50 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 12:16 - 2016-10-10 06:50 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 12:16 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 12:16 - 2016-10-10 06:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 12:16 - 2016-10-10 06:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 12:16 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-08 12:16 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 12:16 - 2016-10-07 07:15 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 12:16 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 12:16 - 2016-10-07 06:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 12:16 - 2016-10-07 06:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 12:16 - 2016-10-07 06:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 12:16 - 2016-10-07 06:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 12:16 - 2016-10-07 06:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 12:16 - 2016-10-07 06:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 12:16 - 2016-10-05 06:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 12:16 - 2016-09-15 06:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 12:16 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 12:16 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 12:16 - 2016-08-21 05:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-08 11:25 - 2016-11-08 11:25 - 00000000 ____D C:\Users\Acacia\Intuit
2016-11-08 09:45 - 2016-11-08 09:46 - 00044645 _____ C:\Users\Acacia\Desktop\Addition.txt
2016-11-08 09:43 - 2016-11-17 20:15 - 00016787 _____ C:\Users\Acacia\Desktop\FRST.txt
2016-11-08 09:43 - 2016-11-17 20:13 - 00000000 ____D C:\FRST
2016-11-08 09:42 - 2016-11-17 20:13 - 01761280 _____ (Farbar) C:\Users\Acacia\Desktop\FRST.exe
2016-11-04 12:34 - 2016-11-17 20:05 - 00000000 ___RD C:\Users\Acacia\iCloudDrive
2016-11-04 12:34 - 2016-11-04 12:34 - 00000000 ____D C:\Users\Acacia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-11-04 12:34 - 2016-11-04 12:34 - 00000000 ____D C:\Users\Acacia\AppData\Local\Apple Inc
2016-11-03 16:00 - 2016-11-03 16:00 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-03 16:00 - 2016-11-03 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-03 15:59 - 2016-11-03 16:00 - 00000000 ____D C:\Program Files\iTunes
2016-11-03 15:59 - 2016-11-03 15:59 - 00000000 ____D C:\Program Files\iPod
2016-11-03 15:48 - 2016-11-03 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-11-03 14:39 - 2016-11-03 14:40 - 00000000 ____D C:\Users\Acacia_2\Desktop\CA Mechanics Lien
2016-11-03 14:32 - 2016-11-03 14:32 - 00000611 _____ C:\IMG_20160902_0001.lnk5z657
2016-10-27 18:31 - 2016-10-27 18:31 - 00000738 _____ C:\9-28 to 10-4 NS.lnkpf931
2016-10-27 18:21 - 2016-10-27 18:21 - 00000931 _____ C:\2016-09-26 11.53.38.lnkht927
2016-10-27 18:20 - 2016-10-27 18:20 - 00000931 _____ C:\2016-09-09 12.36.52.lnkyk742
2016-10-27 18:19 - 2016-10-27 18:19 - 00000931 _____ C:\2016-08-29 08.16.32.lnkui710
2016-10-27 18:19 - 2016-10-27 18:19 - 00000931 _____ C:\2016-08-22 19.11.26.lnkhs705
2016-10-27 18:18 - 2016-10-27 18:18 - 00000931 _____ C:\2016-08-18 19.25.13.lnky4689
2016-10-27 12:42 - 2016-10-27 13:10 - 00024551 _____ C:\Users\Acacia_2\Desktop\CE customers.CSV
2016-10-26 18:37 - 2016-10-26 19:17 - 00075285 _____ C:\Users\Jason\Desktop\14135 Davos Dr. Electrical Proposal.pdf
2016-10-24 16:54 - 2016-10-24 16:54 - 00000000 ____D C:\Users\Acacia\AppData\Local\Eraser 6
2016-10-24 14:42 - 2016-10-24 14:42 - 00000000 ____D C:\Program Files\Common Files\Java
2016-10-24 14:40 - 2016-10-24 14:40 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-10-24 14:40 - 2016-10-24 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-20 22:01 - 2016-10-20 22:01 - 00001527 _____ C:\Contact Electric QBW (Backup Oct 20,2016  10 59 PM).lnkpn937
2016-10-20 21:20 - 2016-10-20 21:20 - 00001081 _____ C:\20161012_1927191 (1).lnkui79
2016-10-20 20:48 - 2016-10-20 20:49 - 00072400 _____ C:\Users\Jason\Desktop\Hyatt Place Electrical Proposal for 2 Charging Stations.pdf
2016-10-19 06:28 - 2016-10-19 07:35 - 00089793 _____ C:\Users\Jason\Desktop\Lot 353 edges job sheet.pdf
2016-10-18 14:05 - 2016-10-18 14:05 - 00076570 _____ C:\Users\Jason\Desktop\Lot 373 Edges Job Sheet.pdf
2016-10-18 11:23 - 2016-10-24 15:28 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\3a27903
2016-10-18 11:23 - 2016-10-18 11:24 - 00000000 ____D C:\Users\Acacia_2\AppData\Local\3a27903
2016-10-18 11:23 - 2016-10-18 11:23 - 00000791 _____ C:\70a2572.lnky4811
2016-10-18 11:23 - 2016-10-18 11:23 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\9f1c1b3
2016-10-18 10:13 - 2016-10-18 10:13 - 00000829 _____ C:\Lot 188 Edges Job Sheet.lnkpn119

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-17 20:09 - 2016-02-29 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-11-17 20:05 - 2014-04-30 13:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-17 20:05 - 2011-05-04 21:15 - 00000000 ____D C:\Users\Acacia
2016-11-17 20:00 - 2014-07-06 16:56 - 00000000 ___RD C:\Users\Jason\Dropbox
2016-11-17 19:58 - 2015-10-03 09:18 - 00000000 ___RD C:\Users\Acacia_2\iCloudDrive
2016-11-17 19:58 - 2014-01-31 13:00 - 00000000 ___RD C:\Users\Acacia_2\Dropbox
2016-11-17 19:57 - 2015-06-18 12:50 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-808292782-3668494104-3534392872-1002UA.job
2016-11-17 19:57 - 2015-06-16 07:20 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-808292782-3668494104-3534392872-1001UA.job
2016-11-17 19:57 - 2014-04-30 13:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-17 16:56 - 2015-06-18 12:50 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-808292782-3668494104-3534392872-1002Core.job
2016-11-17 16:32 - 2014-07-08 10:07 - 00000000 ____D C:\ProgramData\REGSERVO
2016-11-17 15:12 - 2009-07-13 20:34 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-17 15:12 - 2009-07-13 20:34 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-17 14:58 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-17 14:58 - 2009-07-13 20:33 - 00303408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-16 22:16 - 2012-09-14 12:25 - 00000000 ____D C:\Users\Jason\AppData\LocalLow\Temp
2016-11-16 21:46 - 2015-06-16 07:20 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-808292782-3668494104-3534392872-1001Core.job
2016-11-15 18:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2016-11-15 17:41 - 2014-07-08 18:11 - 00000008 __RSH C:\Users\Jason\ntuser.pol
2016-11-15 17:41 - 2011-05-12 06:55 - 00000000 ____D C:\Users\Jason
2016-11-15 14:43 - 2010-11-20 13:01 - 00774632 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-15 14:43 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-11-15 14:15 - 2012-11-18 11:11 - 00000000 ____D C:\Users\Acacia_2\AppData\LocalLow\Temp
2016-11-15 14:08 - 2014-01-29 17:46 - 00000000 ____D C:\Users\Acacia_2\AppData\Roaming\Dropbox
2016-11-15 13:49 - 2016-09-13 17:46 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 13:49 - 2014-04-30 13:55 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 17:16 - 2014-07-08 13:07 - 00000008 __RSH C:\Users\Acacia_2\ntuser.pol
2016-11-14 17:16 - 2011-05-15 12:39 - 00000000 ____D C:\Users\Acacia_2
2016-11-14 17:09 - 2014-07-16 13:41 - 00000008 __RSH C:\Users\Acacia\ntuser.pol
2016-11-14 17:06 - 2013-01-08 07:28 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\Temp
2016-11-14 17:01 - 2013-08-30 15:56 - 00000000 ____D C:\Users\Acacia\AppData\LocalLow\Temp
2016-11-14 17:00 - 2009-07-13 18:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-14 10:55 - 2014-02-28 12:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Dropbox
2016-11-09 08:27 - 2011-05-15 10:50 - 00000000 ____D C:\Users\Acacia\AppData\Local\ElevatedDiagnostics
2016-11-09 08:01 - 2011-05-09 17:44 - 00000000 ____D C:\Program Files\McAfee
2016-11-08 23:45 - 2013-08-15 02:05 - 00000000 ____D C:\Windows\system32\MRT
2016-11-08 23:41 - 2011-05-11 17:46 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 11:26 - 2011-05-13 07:11 - 00000000 ____D C:\Users\Acacia\AppData\Local\Intuit
2016-11-07 15:08 - 2015-05-04 05:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-07 15:00 - 2011-12-23 09:32 - 00000000 ____D C:\Users\Acacia_2\AppData\Local\Deployment
2016-11-04 12:34 - 2011-10-07 12:57 - 00000000 ____D C:\Users\Acacia\AppData\Roaming\Apple Computer
2016-11-04 11:41 - 2011-05-13 07:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-03 15:59 - 2011-07-26 10:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-02 14:19 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-10-26 13:58 - 2011-05-15 12:39 - 00000000 ____D C:\Users\Acacia_2\AppData\Local\VirtualStore
2016-10-24 15:04 - 2014-06-02 11:37 - 00000000 ____D C:\Windows\Minidump
2016-10-24 14:52 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\NDF
2016-10-24 14:42 - 2014-10-24 15:00 - 00000000 ____D C:\ProgramData\Oracle
2016-10-24 14:40 - 2011-05-11 18:06 - 00000000 ____D C:\Program Files\java
2016-10-24 14:23 - 2015-09-09 09:17 - 00000000 ____D C:\Users\Acacia_2\.oracle_jre_usage

==================== Files in the root of some directories =======

2011-01-18 00:50 - 2011-01-18 00:50 - 132609310 _____ () C:\Program Files\openofficeorg1.cab
2011-01-18 00:53 - 2011-01-18 00:53 - 2994688 _____ () C:\Program Files\openofficeorg33.msi
2011-01-18 00:52 - 2011-01-18 00:52 - 0475016 _____ () C:\Program Files\setup.exe
2011-01-18 00:05 - 2011-01-18 00:05 - 0000290 _____ () C:\Program Files\setup.ini
2012-05-14 22:18 - 2014-04-18 14:38 - 0007601 _____ () C:\Users\Acacia\AppData\Local\Resmon.ResmonCfg

ZeroAccess:
C:\Users\Acacia_2\AppData\Local\{8c09b6da-ec21-096f-4e98-5cdda72245b0}

Files to move or delete:
====================
C:\Users\Acacia_2\gotomypc_626.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-14 14:53

==================== End of FRST.txt ============================

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 18 November 2016 - 09:36 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

Startup: C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk [2016-11-14]
ShortcutTarget: c732181.lnk ->  (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\Acacia\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
URLSearchHook: HKU\S-1-5-21-808292782-3668494104-3534392872-1000 -> Default = (value not set)
C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c732181.lnk
C:\Users\Acacia_2\AppData\Local\{8c09b6da-ec21-096f-4e98-5cdda72245b0}

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

---

if the problem persists run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

As for the empty registry key nothing to worry about.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 24 November 2016 - 10:08 AM

Are you still with me?

#8 acaciaroses

acaciaroses
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 28 November 2016 - 01:13 PM

Yes. I am still with you and working on it. About to do RogueKiller. Just want to make sure I'm doing everything right. This is a shared computer with 4 different users: Admin, 2 users, and guest. The malware warning pops up on User Acacia, but I installed FRST on admin and sent you the logs from Admin. Should I instead have installed FRST on User Acacia and sent you the logs from there? Should I install RogueKiller on User Acacia or from Admin?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 28 November 2016 - 01:48 PM

Run the RogueKiller on both profiles.

The Farbar program must be run from an Administrator account.

#10 acaciaroses

acaciaroses
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 28 November 2016 - 04:31 PM

Attached is the fixlog.txt generated after I ran the last script you sent.Attached File  Fixlog.txt   1.77KB   0 downloads



#11 acaciaroses

acaciaroses
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 28 November 2016 - 05:52 PM

RogueKiller on Admin profile. (There were no items in RED, so I did not remove any of the items. There were some in Orange and one Green, but I left them until otherwise instructed.)

RogueKiller V12.8.3.0 [Nov 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Acacia [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 11/28/2016 13:41:05 (Duration : 00:31:37)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\AVSoftware -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\BoostSoftware -> Found
[PUP] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\AVSoftware -> Found
[PUP] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\AppDataLow\Software\Freecause -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 7 ¤¤¤
[PUP][Folder] C:\ProgramData\BoostSoftware -> Found
[PUP][Folder] C:\Users\Acacia\AppData\Roaming\Download Manager -> Found
[PUP][Folder] C:\Users\Acacia\AppData\Roaming\Yahoo!\Companion -> Found
[PUP][Folder] C:\Users\Acacia\AppData\Local\YSearchUtil -> Found
[PUP][Folder] C:\ProgramData\BoostSoftware -> Found
[PUP][Folder] C:\Program Files\FileViewPro -> Found
[PUP][Folder] C:\Program Files\Yahoo!\yset -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FALS-00E3A0 ATA Device +++++
--- User ---
[MBR] 18253cb5b8a404da4f85e62eb64425af
[BSP] 434a9c8115be8cdfa7d85d1ca698af50 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

#12 acaciaroses

acaciaroses
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 28 November 2016 - 06:38 PM

RogueKiller on User Acacia Profile. There were 4 RED files to delete. The rest were Orange, Grey, and Green.

RogueKiller V12.8.3.0 [Nov 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Acacia [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 11/28/2016 15:04:07 (Duration : 00:23:51)

¤¤¤ Processes : 3 ¤¤¤
[Proc.Injected|Proc.RunPE] explorer.exe(7004) -- C:\Windows\explorer.exe[7] -> Found
[Proc.Injected|Proc.RunPE] explorer.exe(7164) -- C:\Windows\explorer.exe[7] -> Found
[Suspicious.Path] DropboxUpdate.exe(7804) -- C:\Users\Acacia_2\AppData\Local\Temp\GUM7E54.tmp\DropboxUpdate.exe[x] -> Found

¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\AVSoftware -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\BoostSoftware -> Found
[PUP] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\AVSoftware -> Found
[PUP] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\AppDataLow\Software\Freecause -> Found
[PUP] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\AppDataLow\Software\Freecause -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Found
[Tr.Kovter] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Windows\CurrentVersion\Run | rlekxfnxr : "C:\Windows\system32\mshta.exe" javascript:bFqA68="9mLj3";Yd0=new%20ActiveXObject("WScript.Shell");Z8pfCXu="fRaZ5A9A";Jq6DS4=Yd0.RegRead("HKCU\\software\\shvlhvfx\\nfwahpu");jESc8w="mATW";eval(Jq6DS4);WXN4SZW="RTgun"; [x] -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Windows\CurrentVersion\Run | czbf : "C:\Users\Acacia_2\AppData\Roaming\3a27903\70a2572.lnk" [x] -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Internet Explorer\Main | Start Page : https://mg.mail.yahoo.com/neo/launch?.rand=aroqa70jb46s3 -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 8 ¤¤¤
[Suspicious.Path|Suspicious.Startup][File] C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6f9a132.lnk -> Found
[PUP][Folder] C:\ProgramData\BoostSoftware -> Found
[PUP][Folder] C:\Users\Acacia\AppData\Roaming\Download Manager -> Found
[PUP][Folder] C:\Users\Acacia\AppData\Roaming\Yahoo!\Companion -> Found
[PUP][Folder] C:\Users\Acacia\AppData\Local\YSearchUtil -> Found
[PUP][Folder] C:\ProgramData\BoostSoftware -> Found
[PUP][Folder] C:\Program Files\FileViewPro -> Found
[PUP][Folder] C:\Program Files\Yahoo!\yset -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FALS-00E3A0 ATA Device +++++
--- User ---
[MBR] 18253cb5b8a404da4f85e62eb64425af
[BSP] 434a9c8115be8cdfa7d85d1ca698af50 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

After Removed Selected Files, the following is the Report:

RogueKiller V12.8.3.0 [Nov 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Acacia [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 11/28/2016 15:04:07 (Duration : 00:23:51)

¤¤¤ Processes : 3 ¤¤¤
[Proc.Injected|Proc.RunPE] explorer.exe(7004) -- C:\Windows\explorer.exe[7] -> Killed [TermProc]
[Proc.Injected|Proc.RunPE] explorer.exe(7164) -- C:\Windows\explorer.exe[7] -> Killed [TermProc]
[Suspicious.Path] DropboxUpdate.exe(7804) -- C:\Users\Acacia_2\AppData\Local\Temp\GUM7E54.tmp\DropboxUpdate.exe[x] -> Found

¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\AVSoftware -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\BoostSoftware -> Not selected
[PUP] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\AVSoftware -> Not selected
[PUP] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\AppDataLow\Software\Freecause -> Not selected
[PUP] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\AppDataLow\Software\Freecause -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Not selected
[Tr.Kovter] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Windows\CurrentVersion\Run | rlekxfnxr : "C:\Windows\system32\mshta.exe" javascript:bFqA68="9mLj3";Yd0=new%20ActiveXObject("WScript.Shell");Z8pfCXu="fRaZ5A9A";Jq6DS4=Yd0.RegRead("HKCU\\software\\shvlhvfx\\nfwahpu");jESc8w="mATW";eval(Jq6DS4);WXN4SZW="RTgun"; [x] -> Deleted
[Suspicious.Path] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Windows\CurrentVersion\Run | czbf : "C:\Users\Acacia_2\AppData\Roaming\3a27903\70a2572.lnk" [x] -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Internet Explorer\Main | Start Page : https://mg.mail.yahoo.com/neo/launch?.rand=aroqa70jb46s3 -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 8 ¤¤¤
[Suspicious.Path|Suspicious.Startup][File] C:\Users\Acacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6f9a132.lnk -> Deleted
[PUP][Folder] C:\ProgramData\BoostSoftware -> Not selected
[PUP][Folder] C:\Users\Acacia\AppData\Roaming\Download Manager -> Not selected
[PUP][Folder] C:\Users\Acacia\AppData\Roaming\Yahoo!\Companion -> Not selected
[PUP][Folder] C:\Users\Acacia\AppData\Local\YSearchUtil -> Not selected
[PUP][Folder] C:\ProgramData\BoostSoftware -> Not selected
[PUP][Folder] C:\Program Files\FileViewPro -> Not selected
[PUP][Folder] C:\Program Files\Yahoo!\yset -> Not selected

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FALS-00E3A0 ATA Device +++++
--- User ---
[MBR] 18253cb5b8a404da4f85e62eb64425af
[BSP] 434a9c8115be8cdfa7d85d1ca698af50 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 29 November 2016 - 10:37 AM


RogueKiller log.

I would remove this unless you know what it is.
[Suspicious.Path] HKEY_USERS\S-1-5-21-808292782-3668494104-3534392872-1002\Software\Microsoft\Windows\CurrentVersion\Run | czbf : "C:\Users\Acacia_2\AppData\Roaming\3a27903\70a2572.lnk" [x] -> Not selected

Freecause your call if you want to keep this.
http://malwarefixes.com/threats/pup-optional-freecause-tb/

===

How is the computer running now?

#14 acaciaroses

acaciaroses
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 01 December 2016 - 05:13 PM

I removed the suspicious path and the Freecause.  I have not seen any infected files warnings, and my computer seems to be running smoother.  I have noticed that the internet (especially Yahoo) is still running rather slow, but all the cleaners say everything is in working order.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 02 December 2016 - 09:58 AM

This may help.
Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users