Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"attack from Windows Explorer"


  • This topic is locked This topic is locked
22 replies to this topic

#1 MrHappyPants

MrHappyPants

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 10 October 2017 - 02:12 PM

"Attack from Windows Explorer" was the notice which inspired this search for malware. I posted my question to the wrong forum initially, and was instructed to download Malwarebytes, Adwcleaner, FRST scanner, and to run an ESET scan. 

 

The Malwarebytes scan turned up rootkits, and Trojans and due to my version of Malwarebytes being different from the one referred to in the instructions given to me in the forum reply, I didn't act on the results, and just posted the file back to the forum. The Malwarebytes log is here, below, followed by the FRST scan log.

 

I was unable to download the FRST scanner at first, as my browser crashed whenever I attempted to pull up the download link-from any site. But after going back to Malwarebytes, and quarantining the results, I was able to download the scanner and run it (my version of Malwarebytes didn't have a "delete" option, so I couldn't follow that part of the forum's reply-instructions). The ESET scan didn't turn up anything at all.

 

So here I am, and I don't know what to do next. How can I safely delete the quarantined files? How should I proceed?

 

As I'm unable to use my computer for my banking/finance accounts until I can get this taken care of, it's pretty urgent, at this point. Thanks very much for your help!

 

======================================================

Malwarebytes Scan
-Log Details-
Scan Date: 9/29/17
Scan Time: 5:38 PM
Log File: f39e2f30-a566-11e7-8fe6-00ffcf58dc79.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2917
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: CrappyPC\Mary

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316627
Threats Detected: 11
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\38207d93\SHELL\OPEN\COMMAND, No Action By User, [1378], [261826],1.0.2917
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\cqekijyt\SHELL\OPEN\COMMAND, No Action By User, [1378], [261826],1.0.2917

Registry Value: 4
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\38207d93\SHELL\OPEN\COMMAND|, No Action By User, [1378], [261826],1.0.2917
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\cqekijyt\SHELL\OPEN\COMMAND|, No Action By User, [1378], [261826],1.0.2917
Trojan.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^PYOG, No Action By User, [364], [262349],1.0.2917
Trojan.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^AGEC, No Action By User, [364], [262349],1.0.2917

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.Converter, C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\jetpack\@Converter\simple-storage, No Action By User, [7828], [386988],1.0.2917
PUP.Optional.Converter, C:\USERS\MARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OBG29JN7.DEFAULT\JETPACK\@CONVERTER, No Action By User, [7828], [386988],1.0.2917

File: 3
PUP.Optional.Converter, C:\USERS\MARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OBG29JN7.DEFAULT\EXTENSIONS\@CONVERTER.XPI, No Action By User, [7828], [386989],1.0.2917
PUP.Optional.Converter, C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\jetpack\@Converter\simple-storage\store.json, No Action By User, [7828], [386988],1.0.2917
PUP.Optional.OpenCandy, C:\USERS\MARY\DESKTOP\M\MARCO\HIJACKTHIS-D2C.EXE, No Action By User, [520], [297667],1.0.2917

Physical Sector: 0
(No malicious items detected)
 

 

========================================================================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2017
Ran by Mary (administrator) on CRAPPYPC (10-10-2017 13:56:08)
Running from C:\Users\Mary\Downloads
Loaded Profiles: Mary (Available Profiles: Mary)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee Inc.) C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Malwarebytes) C:\Users\Mary\Downloads\AdwCleaner.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\Run: [HijackThis startup scan] => C:\Users\Mary\Downloads\HijackThis.exe /startupscan
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1003008 2017-08-30] (McAfee Inc.)
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\MountPoints2: {c42caf0c-a78b-11e6-8255-806e6f6e6963} - "E:\OmniVue.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qpacufteqv.lnk [2017-09-29]
ShortcutTarget: qpacufteqv.lnk -> C:\Users\Mary\AppData\Local\Isxajqibp\c xasde.umnexb ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 216.82.201.11 66.90.130.10
Tcpip\..\Interfaces\{03AC0B6E-5CA6-4CE6-87B2-D6570FF0C93D}: [DhcpNameServer] 216.82.201.11 66.90.130.10
Tcpip\..\Interfaces\{E69384D8-73A6-4383-B0F0-232988ECF7D9}: [DhcpNameServer] 216.82.201.11 66.90.130.10

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {8BD93BCC-0D53-4FC7-90F0-5E91462F04C9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {8BD93BCC-0D53-4FC7-90F0-5E91462F04C9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1992209377-382255440-3143550161-1001 -> {8BD93BCC-0D53-4FC7-90F0-5E91462F04C9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-09-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-09-25] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: obg29jn7.default
FF ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default [2017-10-10]
FF Homepage: Mozilla\Firefox\Profiles\obg29jn7.default -> hxxps://www.google.com/
FF Extension: (__MSG_appName__) - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-03]
FF Extension: (Adblock Plus) - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-09-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-09-07] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-28] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-09-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-28] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-09-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US400D20170519&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR Profile: C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default [2017-10-10]
CHR Extension: (Google Slides) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-20]
CHR Extension: (Google Docs) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-02]
CHR Extension: (Google Drive) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-02]
CHR Extension: (YouTube) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-20]
CHR Extension: (Gmail) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-02]
CHR Extension: (Chrome Media Router) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-08-10] (McAfee, Inc.)
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-09-25] (McAfee, Inc.)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2017-08-30] () [File not signed]
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [994280 2017-09-14] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [242640 2017-06-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [394704 2017-06-21] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [350160 2017-06-21] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546904 2017-08-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1043864 2017-07-31] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\windows\System32\drivers\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 cfwids; C:\windows\System32\drivers\cfwids.sys [77800 2017-06-26] (McAfee, Inc.)
R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77440 2017-10-09] ()
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [209608 2017-08-07] (McAfee, Inc.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-09] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\DRIVERS\farflt.sys [110016 2017-10-10] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [45504 2017-10-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-10] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [94144 2017-10-10] (Malwarebytes)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [487408 2017-06-26] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [355312 2017-06-26] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [84544 2017-06-26] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [506352 2017-06-26] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [933360 2017-06-26] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [504792 2017-06-27] (McAfee LLC.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [108504 2017-06-27] (McAfee LLC.)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [116208 2017-06-26] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [253424 2017-06-26] (McAfee, Inc.)
R3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [6393856 2016-12-29] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 13:56 - 2017-10-10 13:57 - 000022946 _____ C:\Users\Mary\Downloads\FRST.txt
2017-10-10 13:55 - 2017-10-10 13:55 - 005660147 _____ (Swearware) C:\Users\Mary\Downloads\ComboFix.exe
2017-10-10 13:55 - 2017-10-10 13:55 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Mary\Downloads\rkill.exe
2017-10-10 13:54 - 2017-10-10 13:55 - 001790024 _____ (Malwarebytes) C:\Users\Mary\Downloads\JRT.exe
2017-10-10 13:53 - 2017-10-10 13:56 - 000000000 ____D C:\FRST
2017-10-10 13:52 - 2017-10-10 13:52 - 002401792 _____ (Farbar) C:\Users\Mary\Downloads\FRST64.exe
2017-10-10 13:49 - 2017-10-10 13:50 - 000000000 ____D C:\AdwCleaner
2017-10-10 13:44 - 2017-10-10 13:45 - 000000000 ____D C:\Users\Mary\Desktop\security
2017-10-09 23:52 - 2017-10-10 13:36 - 000110016 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-10-09 23:52 - 2017-10-10 13:36 - 000094144 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-10-09 23:52 - 2017-10-10 13:36 - 000045504 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-10-09 23:52 - 2017-10-09 23:52 - 000192952 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2017-10-09 12:10 - 2017-10-09 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-10-09 12:10 - 2017-10-09 12:10 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-10-09 12:06 - 2017-10-09 12:06 - 019709440 _____ (Luis Cobian, CobianSoft) C:\Users\Mary\Downloads\cbSetup.exe
2017-10-08 16:15 - 2017-10-08 16:15 - 000000000 ____D C:\Users\Mary\AppData\Local\ESET
2017-10-08 16:14 - 2017-10-08 16:14 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Mary\Downloads\esetonlinescanner_enu.exe
2017-10-08 00:02 - 2017-10-08 00:02 - 000069718 _____ C:\Users\Mary\Downloads\2017_Calendar_Two_Months_Per_Page.pdf
2017-10-06 00:03 - 2017-10-10 03:41 - 000003860 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-10-05 03:13 - 2017-10-10 13:36 - 000252232 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2017-10-02 04:29 - 2017-10-02 04:29 - 003215151 _____ C:\Users\Mary\Downloads\environmental-toxicants-and-infant-mortality-in-the-usa.pdf
2017-10-02 02:47 - 2017-10-02 02:47 - 000015657 _____ C:\Users\Mary\Downloads\AnatomyofanEpidemic-SummaryofFindings-Whitaker.pdf
2017-10-01 18:36 - 2017-10-01 18:36 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mary\Downloads\mbar-1.09.3.1001(2).exe
2017-09-30 09:24 - 2017-09-30 09:24 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mary\Downloads\mbar-1.09.3.1001(1).exe
2017-09-29 17:39 - 2017-09-29 17:39 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mary\Downloads\mbar-1.09.3.1001.exe
2017-09-29 17:19 - 2017-10-09 23:51 - 000077440 _____ C:\windows\system32\Drivers\mbae64.sys
2017-09-29 17:19 - 2017-09-29 17:19 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-29 17:19 - 2017-09-29 17:19 - 000000000 ____D C:\Users\Mary\AppData\Local\Isxajqibp
2017-09-29 17:19 - 2017-09-29 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-29 17:19 - 2017-09-29 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-29 17:19 - 2017-09-29 17:19 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-29 17:18 - 2017-09-29 17:18 - 008249808 _____ (Malwarebytes) C:\Users\Mary\Downloads\AdwCleaner.exe
2017-09-29 17:17 - 2017-09-29 17:17 - 068408664 _____ (Malwarebytes ) C:\Users\Mary\Downloads\mb3-setup-1878.1878-3.2.2.2029.exe
2017-09-28 16:00 - 2017-09-28 16:00 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2017-09-28 16:00 - 2017-09-28 16:00 - 000001088 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2017-09-28 16:00 - 2017-09-28 16:00 - 000000000 ____D C:\Users\Mary\AppData\Roaming\McAfee Safe Connect
2017-09-28 16:00 - 2017-09-28 16:00 - 000000000 ____D C:\Users\Mary\AppData\Local\McAfee_Inc
2017-09-28 15:56 - 2017-09-28 15:56 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2017-09-27 21:00 - 2017-09-27 21:00 - 000000000 ____D C:\ProgramData\360Quarant
2017-09-27 20:11 - 2017-09-15 06:42 - 000086248 _____ (360.cn) C:\windows\SysWOW64\Drivers\360AvFlt.sys
2017-09-27 20:10 - 2017-09-28 18:40 - 000000000 ____D C:\Program Files (x86)\360
2017-09-27 20:09 - 2017-09-27 20:09 - 076547176 _____ C:\Users\Mary\Downloads\360TS_Setup.exe
2017-09-27 20:08 - 2017-09-27 20:08 - 001496672 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\Mary\Downloads\360TS_Setup_Mini.exe
2017-09-27 19:11 - 2017-09-27 19:11 - 000001931 _____ C:\Users\Mary\Desktop\top ideas.txt
2017-09-26 02:05 - 2017-09-26 02:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-09-26 02:05 - 2017-09-26 02:05 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2017-09-23 15:34 - 2017-09-23 15:34 - 000723152 _____ (Spotify Ltd) C:\Users\Mary\Downloads\SpotifySetup.exe
2017-09-20 18:51 - 2017-09-20 18:51 - 000002788 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2017-09-20 18:51 - 2017-09-20 18:51 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-20 18:51 - 2017-09-20 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-20 18:50 - 2017-09-26 02:53 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-20 18:50 - 2017-09-26 02:53 - 000002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-20 18:50 - 2017-09-20 18:59 - 000003332 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-20 18:50 - 2017-09-20 18:59 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-20 18:50 - 2017-09-20 18:51 - 000000000 ____D C:\Users\Mary\AppData\Local\Google
2017-09-20 18:50 - 2017-09-20 18:51 - 000000000 ____D C:\Program Files\CCleaner
2017-09-20 18:50 - 2017-09-20 18:50 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-20 15:55 - 2017-09-20 15:55 - 000087711 _____ C:\Users\Mary\Downloads\563705RMA_209019PORTABLE_CALLTAG.PDF
2017-09-19 12:30 - 2017-09-19 15:00 - 000000093 _____ C:\Users\Mary\Desktop\suppsbuy9-19.txt
2017-09-16 12:16 - 2017-09-16 15:46 - 000000000 ____D C:\Users\Mary\Desktop\SanteviaFilter
2017-09-16 12:16 - 2017-09-16 15:46 - 000000000 ____D C:\Users\Mary\Desktop\Osteo
2017-09-16 12:01 - 2017-09-25 00:32 - 000000000 ____D C:\Users\Mary\Desktop\MARY
2017-09-16 11:05 - 2017-09-20 18:59 - 000003182 _____ C:\windows\System32\Tasks\{A8592515-8374-4869-992A-6398F89B6B64}
2017-09-13 09:32 - 2017-08-19 12:27 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2017-09-13 09:32 - 2017-08-19 11:48 - 000215040 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2017-09-13 09:32 - 2017-08-17 17:07 - 000537200 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2017-09-13 09:32 - 2017-08-17 17:07 - 000140016 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2017-09-13 09:32 - 2017-08-17 17:03 - 000450392 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2017-09-13 09:32 - 2017-08-17 17:03 - 000136832 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2017-09-13 09:32 - 2017-08-15 09:06 - 015260160 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-09-13 09:32 - 2017-08-15 09:01 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-09-13 09:32 - 2017-08-15 09:01 - 000128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2017-09-13 09:32 - 2017-08-15 09:01 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-09-13 09:32 - 2017-08-15 08:58 - 013673984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-09-13 09:32 - 2017-08-13 13:58 - 025730560 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-09-13 09:32 - 2017-08-13 12:19 - 000040960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nsiproxy.sys
2017-09-13 09:32 - 2017-08-13 12:05 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-09-13 09:32 - 2017-08-13 12:04 - 002899968 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-09-13 09:32 - 2017-08-13 11:54 - 020269056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-09-13 09:32 - 2017-08-13 11:51 - 005981696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-09-13 09:32 - 2017-08-13 11:50 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-09-13 09:32 - 2017-08-13 11:29 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-09-13 09:32 - 2017-08-13 11:28 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-09-13 09:32 - 2017-08-13 11:24 - 002291200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-09-13 09:32 - 2017-08-13 11:23 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-09-13 09:32 - 2017-08-13 11:21 - 000145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2017-09-13 09:32 - 2017-08-13 11:20 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-09-13 09:32 - 2017-08-13 11:17 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-09-13 09:32 - 2017-08-13 11:15 - 007078912 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2017-09-13 09:32 - 2017-08-13 11:14 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-09-13 09:32 - 2017-08-13 11:07 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-09-13 09:32 - 2017-08-13 11:05 - 000380416 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-09-13 09:32 - 2017-08-13 11:04 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-09-13 09:32 - 2017-08-13 11:04 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-09-13 09:32 - 2017-08-13 11:01 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-09-13 09:32 - 2017-08-13 10:52 - 005274624 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2017-09-13 09:32 - 2017-08-13 10:52 - 000486912 _____ (Microsoft Corporation) C:\windows\system32\tpmvsc.dll
2017-09-13 09:32 - 2017-08-13 10:51 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-09-13 09:32 - 2017-08-13 10:48 - 004547072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-09-13 09:32 - 2017-08-13 10:46 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-09-13 09:32 - 2017-08-13 10:44 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-09-13 09:32 - 2017-08-13 10:44 - 000331776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-09-13 09:32 - 2017-08-13 10:43 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-09-13 09:32 - 2017-08-13 10:40 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-09-13 09:32 - 2017-08-13 10:27 - 001544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-09-13 09:32 - 2017-08-13 10:25 - 007797248 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-09-13 09:32 - 2017-08-13 10:18 - 005270016 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 09:32 - 2017-08-13 10:17 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-09-13 09:32 - 2017-08-13 10:13 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-09-13 09:32 - 2017-08-12 04:30 - 022361344 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-09-13 09:32 - 2017-08-12 04:26 - 019789736 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-09-13 09:32 - 2017-08-11 19:39 - 001364552 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-09-13 09:32 - 2017-08-11 18:59 - 007440728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-09-13 09:32 - 2017-08-11 18:58 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-09-13 09:32 - 2017-08-11 18:58 - 001502000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-09-13 09:32 - 2017-08-11 15:46 - 000367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPTpm12.dll
2017-09-13 09:32 - 2017-08-11 15:29 - 000425984 _____ (Microsoft Corporation) C:\windows\system32\PCPTpm12.dll
2017-09-13 09:32 - 2017-08-11 15:13 - 000175616 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2017-09-13 09:32 - 2017-08-10 22:30 - 004170240 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-09-13 09:32 - 2017-08-10 22:27 - 000281600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2017-09-13 09:32 - 2017-08-10 22:27 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-09-13 09:32 - 2017-08-10 21:38 - 000477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2017-09-13 09:32 - 2017-08-10 21:08 - 001753600 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2017-09-13 09:32 - 2017-08-10 21:08 - 000329216 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2017-09-13 09:32 - 2017-08-10 21:02 - 001084928 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-09-13 09:32 - 2017-08-10 20:52 - 001491456 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2017-09-13 09:32 - 2017-08-10 20:49 - 000346624 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2017-09-13 09:32 - 2017-08-10 20:44 - 001095680 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2017-09-13 09:32 - 2017-08-10 20:43 - 000865792 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-09-13 09:32 - 2017-08-10 20:41 - 000307200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2017-09-13 09:32 - 2017-08-06 16:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2017-09-13 09:32 - 2017-08-06 02:13 - 000530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2017-09-13 09:32 - 2017-07-22 13:34 - 000033792 _____ (Microsoft Corporation) C:\windows\system32\iscsium.dll
2017-09-13 09:32 - 2017-07-22 12:32 - 000027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\iscsium.dll
2017-09-13 09:32 - 2017-07-17 14:53 - 004298240 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2017-09-13 09:32 - 2017-07-16 18:55 - 003551744 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2017-09-13 09:32 - 2017-07-13 18:03 - 002013528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-09-13 09:32 - 2017-07-12 15:29 - 000420440 _____ (Microsoft Corporation) C:\windows\system32\wevtapi.dll
2017-09-13 09:32 - 2017-07-12 15:29 - 000075440 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-09-13 09:32 - 2017-07-12 15:25 - 000308872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wevtapi.dll
2017-09-13 09:32 - 2017-07-12 15:25 - 000066112 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-09-13 09:32 - 2017-07-08 14:03 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-09-13 09:32 - 2017-07-08 13:43 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-09-13 09:32 - 2017-07-08 13:30 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-09-13 09:32 - 2017-07-08 13:20 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-09-13 09:32 - 2017-07-08 12:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-09-13 09:32 - 2017-07-07 22:14 - 000100184 ____C (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2017-09-13 09:31 - 2017-08-13 10:18 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-09-13 09:31 - 2017-08-13 10:14 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-09-13 09:31 - 2017-07-08 12:25 - 001436160 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 13:48 - 2016-11-11 00:57 - 000003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1992209377-382255440-3143550161-1001
2017-10-10 13:46 - 2016-11-11 00:54 - 000000000 ____D C:\Users\Mary\Documents\Youcam
2017-10-10 13:45 - 2016-11-27 06:50 - 000000000 ____D C:\windows\Minidump
2017-10-10 13:35 - 2016-11-18 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-10 13:35 - 2016-11-12 11:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-10 13:35 - 2013-08-22 09:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-10-10 13:32 - 2016-11-12 11:32 - 000000937 _____ C:\windows\Tasks\EPSON WF-2650 Series Update {C36F6C14-2B66-426A-A605-8636D8BBBAC0}.job
2017-10-10 13:12 - 2017-08-15 21:50 - 000617472 ___SH C:\Users\Mary\Desktop\Thumbs.db
2017-10-10 12:39 - 2013-08-22 10:20 - 000000000 ____D C:\windows\CbsTemp
2017-10-10 09:48 - 2016-11-11 01:23 - 000003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{9948DAC9-F66C-4BEF-A753-ED09C32930C7}
2017-10-10 03:50 - 2013-08-22 08:36 - 000000000 ____D C:\windows\Inf
2017-10-09 18:43 - 2016-11-11 00:52 - 000000000 ____D C:\Users\Mary
2017-10-09 16:23 - 2017-08-15 04:35 - 001304064 ___SH C:\Users\Mary\Downloads\Thumbs.db
2017-10-07 16:02 - 2017-03-11 19:34 - 000000346 _____ C:\windows\Tasks\HPCeeScheduleForMary.job
2017-10-07 16:02 - 2014-12-22 03:47 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-10-07 12:45 - 2017-03-11 19:34 - 000003158 _____ C:\windows\System32\Tasks\HPCeeScheduleForMary
2017-10-07 09:24 - 2017-05-19 11:35 - 000003068 _____ C:\windows\System32\Tasks\McAfeeLogon
2017-10-05 09:45 - 2014-12-22 02:34 - 000065536 _____ C:\windows\system32\spu_storage.bin
2017-10-04 22:40 - 2016-11-11 09:51 - 000000000 ____D C:\Users\Mary\AppData\Local\Hewlett-Packard
2017-10-02 01:56 - 2017-08-15 05:18 - 000000000 ____D C:\Users\Mary\Desktop\m
2017-09-28 16:08 - 2017-08-21 06:46 - 000000000 ____D C:\Users\Mary\AppData\Local\Adobe
2017-09-28 15:50 - 2013-08-22 10:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-09-28 15:50 - 2013-08-22 10:36 - 000000000 ____D C:\windows\system32\Macromed
2017-09-26 15:05 - 2016-11-11 00:52 - 000000000 ____D C:\Users\Mary\AppData\Local\VirtualStore
2017-09-26 02:05 - 2017-08-30 21:24 - 000000000 ____D C:\Program Files\McAfee Security Scan
2017-09-26 02:05 - 2017-08-30 20:54 - 000001987 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-09-24 23:49 - 2013-08-22 10:36 - 000000000 ____D C:\windows\system32\NDF
2017-09-23 18:27 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-23 18:27 - 2013-08-22 10:36 - 000000000 ____D C:\windows\AppReadiness
2017-09-23 12:01 - 2013-08-22 09:44 - 000346824 _____ C:\windows\system32\FNTCACHE.DAT
2017-09-22 08:40 - 2017-01-26 02:06 - 000000000 ____D C:\Users\Mary\Documents\PKHot
2017-09-21 14:19 - 2014-03-18 04:53 - 000893460 _____ C:\windows\system32\PerfStringBackup.INI
2017-09-20 18:59 - 2016-11-11 00:52 - 000000000 ____D C:\Users\Mary\AppData\Local\Packages
2017-09-20 18:58 - 2017-08-25 17:56 - 000000000 ____D C:\Users\Mary\AppData\Roaming\TC2000v16
2017-09-20 18:52 - 2014-04-02 17:17 - 000000000 ____D C:\windows\Panther
2017-09-16 22:00 - 2017-01-18 01:19 - 000000000 ____D C:\Users\Mary\Documents\Marc
2017-09-16 12:59 - 2017-03-21 12:15 - 000000000 ____D C:\Users\Mary\Desktop\Tapping
2017-09-16 11:10 - 2017-08-29 23:55 - 000000000 ____D C:\Users\Mary\AppData\Roaming\DVDVideoSoft
2017-09-14 02:47 - 2013-08-22 10:36 - 000000000 ____D C:\windows\rescache
2017-09-13 14:27 - 2013-08-22 10:36 - 000000000 ___RD C:\windows\ToastData
2017-09-13 09:55 - 2016-11-26 20:46 - 000000000 ____D C:\windows\system32\MRT
2017-09-13 09:43 - 2016-11-26 20:45 - 138202976 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-05 05:13

==================== End of FRST.txt ============================

===================================================================================================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-10-2017
Ran by Mary (10-10-2017 13:58:39)
Running from C:\Users\Mary\Downloads
Windows 8.1 (Update) (X64) (2016-11-11 05:51:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1992209377-382255440-3143550161-500 - Administrator - Disabled)
Guest (S-1-5-21-1992209377-382255440-3143550161-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1992209377-382255440-3143550161-1003 - Limited - Enabled)
Mary (S-1-5-21-1992209377-382255440-3143550161-1001 - Administrator - Enabled) => C:\Users\Mary

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D1822C34-F342-B6AA-6369-899C9D2A9227}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5405 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5405 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4113 - CyberLink Corp.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{86B4A6B9-07FD-48EC-8730-1EC82E80C3D7}) (Version: 3.10.0030 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.50.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0000 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.0.1013 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{229FDD0B-B642-4032-8C15-772B47797B8D}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E7F7C2F3-0BEF-471A-A6F3-4B43002034F4}) (Version: 12.8.37.11 - HP Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.3 - McAfee, Inc.)
McAfee Safe Connect (HKLM-x32\...\{54EB2499-4B4F-4AE5-9D1E-CCAE9D6ED880}) (Version: 1.3.1.128 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.136 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (Cyberlink)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-05-13] (Foxit Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-10-14] (Foxit Software Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-09-25] (McAfee, Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-06-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-10-14] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2017-09-25] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03BB19DB-2059-49B7-ACDD-3C72B7B823E5} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {18892104-61BF-4406-9FF5-7B3381A46D03} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {2428ABAD-DF9F-4980-B762-D9E0B616F1CC} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-05-13] (CyberLink Corp.)
Task: {3ABE73CE-8BCC-44A4-9540-0F8BDFFC0894} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-08-03] (McAfee, Inc.)
Task: {4837BA13-2857-42A6-B413-0E5AA367A73F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {54898105-4494-4DAD-A529-54ADE89AB29B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {5B87B883-8C3F-4E7C-98D5-1C553D06ACB6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {68B11E8E-219E-4012-82F3-F2578B2E3B54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {6B48CFE4-136C-4A35-B1D2-B962A7B1729E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-20] (Google Inc.)
Task: {78F1B394-F671-49B7-9F8C-E00FD600810D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {7B2887C1-C0DB-4A72-9684-B1AF4C5C27E3} - System32\Tasks\HPCeeScheduleForMary => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {7B820CEB-1AEF-4209-8BDF-6679165B851B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-20] (Google Inc.)
Task: {9900145A-317B-4DBB-A672-9543ECD2E084} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
Task: {9A3C6036-11C4-4177-B44E-9AD85D6271A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-01] (HP Inc.)
Task: {9CC86B90-F841-487E-83FA-3B25DC7A6D18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {A61A7AE2-DFEA-423F-87F7-9221B9C7159C} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {B5DD63C6-7E65-46BB-8CAA-B6BBE290F2B8} - System32\Tasks\{A8592515-8374-4869-992A-6398F89B6B64} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYTVDownloader
Task: {C2874839-B648-4470-94F0-3A74ECDA68C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {C45366A0-69BF-4771-A8EF-35D2BC5A7E65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {C4982E52-8C8C-45A2-8CAA-B47651D40313} - System32\Tasks\EPSON WF-2650 Series Update {C36F6C14-2B66-426A-A605-8636D8BBBAC0} => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {C7178861-BEBA-44D2-9404-29B969AA82A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\EPSON WF-2650 Series Update {C36F6C14-2B66-426A-A605-8636D8BBBAC0}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE:/EXE:{C36F6C14-2B66-426A-A605-8636D8BBBAC0} /F:UpdateWORKGROUP\CRAPPYPC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\windows\Tasks\HPCeeScheduleForMary.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Mary\Desktop\HP software\Get Dropbox Offer.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=en_us&pf=cndt&s=db_dticon&tp=dropbox
ShortcutWithArgument: C:\Users\Mary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP

==================== Loaded Modules (Whitelisted) ==============

2017-08-16 22:20 - 2017-09-25 12:48 - 001436400 _____ () C:\Program Files\McAfee\MSC\WscInteractionHandler.dll
2014-12-22 03:19 - 2014-04-14 21:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-09-29 17:19 - 2017-10-09 23:51 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 17:19 - 2017-10-09 23:51 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-06-29 15:33 - 2017-08-11 14:08 - 000595608 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-06-29 15:33 - 2017-08-11 14:08 - 000586728 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-09-26 02:05 - 000000855 _____ C:\windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1992209377-382255440-3143550161-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 216.82.201.11 - 66.90.130.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4C3BA635-0980-473B-83F1-A6785DCAB101}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{6937804F-00F1-4424-BCEC-915CCD9D0A8B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{ED223258-8CC8-4BE4-BA26-CDA18AE22ED6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F9D6390C-4C14-4511-A1B8-B50C186AE118}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A13E77F3-7823-429C-8DCC-3211891157AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2AB3A001-A597-4EDB-B327-17D075DA6CA3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C8E94603-BD76-428C-AEC3-72EC53878925}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0DE9BBB5-8169-43B6-868B-B83FFDEB2F2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{121E7F33-2014-4161-B175-EF55E9AA9F93}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9D535449-17DF-4535-A50B-6E00F6E6D139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F59DB6D-51AC-4F46-99F9-1CEFFFA75DCF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6174780D-8E99-4EF0-AB3E-7AF29C39E5DA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{BF7512DA-7A03-49F6-9ADA-2F452B3F3CA0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{F13FB83C-748B-4142-8933-BF72D5BBBDB3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3B46FAE9-AA00-4B57-9737-A9282210CAFD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{F970A23B-F908-45A3-906E-34912D4211C7}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{1C7CEA56-1C56-425D-96B8-F5E60B4AE07E}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{A6CD5935-58A4-4B4B-A7D6-D737A37A1A26}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-09-2017 05:14:09 Scheduled Checkpoint
02-10-2017 07:06:12 Windows Update
10-10-2017 05:19:42 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: CyberLink WebCam Virtual Driver
Description: CyberLink WebCam Virtual Driver
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: CyberLink
Service: clwvd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2017 01:45:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostex (5160) WebCacheLocal: An attempt to open the file "C:\Users\Mary\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/10/2017 01:13:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 56.0.0.6478 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4638

Start Time: 01d341f352dc1bbe

Termination Time: 62

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b2e19c42-ade6-11e7-8349-0025ab75126b

Faulting package full name:

Faulting package-relative application ID:

Error: (10/10/2017 05:06:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\users\mary\desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (10/10/2017 04:13:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program McAfee Safe Connect.exe version 1.3.1.128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1488

Start Time: 01d341a4c94b2922

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe

Report Id: 4743bb6b-ad9b-11e7-8349-0025ab75126b

Faulting package full name:

Faulting package-relative application ID:

Error: (10/10/2017 03:54:08 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/10/2017 03:45:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/10/2017 03:45:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/09/2017 06:45:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program McAfee Safe Connect.exe version 1.3.1.128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1718

Start Time: 01d341586f7eb6c9

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe

Report Id: e31b75a3-ad4b-11e7-8348-0025ab75126b

Faulting package full name:

Faulting package-relative application ID:

Error: (10/09/2017 06:32:15 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (10/09/2017 03:21:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (10/10/2017 01:35:49 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x1000007e (0xffffffffc0000005, 0xfffff80087b5913b, 0xffffd000534ea1b8, 0xffffd000534e99c0). A dump was saved in: C:\windows\Minidump\101017-17468-01.dmp. Report Id: 101017-17468-01.

Error: (10/10/2017 01:35:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:31:16 PM on ‎10/‎10/‎2017 was unexpected.

Error: (10/10/2017 01:01:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (10/10/2017 05:07:46 AM) (Source: DCOM) (EventID: 10010) (User: CrappyPC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (10/10/2017 05:07:05 AM) (Source: DCOM) (EventID: 10010) (User: CrappyPC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (10/10/2017 05:06:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (10/10/2017 04:13:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epson Scanner Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/10/2017 03:49:28 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x1000007e (0xffffffffc0000005, 0xfffff80086fbe13b, 0xffffd0014b6961b8, 0xffffd0014b6959c0). A dump was saved in: C:\windows\Minidump\101017-15343-01.dmp. Report Id: 101017-15343-01.

Error: (10/10/2017 03:49:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:58:05 PM on ‎10/‎9/‎2017 was unexpected.

Error: (10/09/2017 07:54:19 PM) (Source: DCOM) (EventID: 10010) (User: CrappyPC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 76%
Total physical RAM: 3518.26 MB
Available physical RAM: 837.95 MB
Total Virtual: 3982.26 MB
Available Virtual: 832.18 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.71 GB) (Free:860.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:16.32 GB) (Free:2.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Genesis) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FA7C1809)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by hamluis, 10 October 2017 - 02:50 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:29 AM

Posted 10 October 2017 - 07:13 PM

Hi

Welcome :)

I'll be helping you to clean up your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

  • Highlight the entire content of the quote box below.

Start::
Folder: C:\Users\Mary\AppData\Local\Isxajqibp
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 MrHappyPants

MrHappyPants
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 10 October 2017 - 09:46 PM

OK so here we go:

 

This is the "Fixlog" from FRST scan, following the instructions above.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2017
Ran by Mary (administrator) on CRAPPYPC (10-10-2017 13:56:08)
Running from C:\Users\Mary\Downloads
Loaded Profiles: Mary (Available Profiles: Mary)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee Inc.) C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Malwarebytes) C:\Users\Mary\Downloads\AdwCleaner.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\Run: [HijackThis startup scan] => C:\Users\Mary\Downloads\HijackThis.exe /startupscan
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1003008 2017-08-30] (McAfee Inc.)
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\...\MountPoints2: {c42caf0c-a78b-11e6-8255-806e6f6e6963} - "E:\OmniVue.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qpacufteqv.lnk [2017-09-29]
ShortcutTarget: qpacufteqv.lnk -> C:\Users\Mary\AppData\Local\Isxajqibp\c xasde.umnexb ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 216.82.201.11 66.90.130.10
Tcpip\..\Interfaces\{03AC0B6E-5CA6-4CE6-87B2-D6570FF0C93D}: [DhcpNameServer] 216.82.201.11 66.90.130.10
Tcpip\..\Interfaces\{E69384D8-73A6-4383-B0F0-232988ECF7D9}: [DhcpNameServer] 216.82.201.11 66.90.130.10

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {8BD93BCC-0D53-4FC7-90F0-5E91462F04C9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {8BD93BCC-0D53-4FC7-90F0-5E91462F04C9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1992209377-382255440-3143550161-1001 -> {8BD93BCC-0D53-4FC7-90F0-5E91462F04C9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-25] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-09-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-09-25] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: obg29jn7.default
FF ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default [2017-10-10]
FF Homepage: Mozilla\Firefox\Profiles\obg29jn7.default -> hxxps://www.google.com/
FF Extension: (__MSG_appName__) - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-03]
FF Extension: (Adblock Plus) - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-09-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-09-07] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-28] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-09-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-28] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-09-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US400D20170519&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR Profile: C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default [2017-10-10]
CHR Extension: (Google Slides) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-20]
CHR Extension: (Google Docs) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-02]
CHR Extension: (Google Drive) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-02]
CHR Extension: (YouTube) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-20]
CHR Extension: (Gmail) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-02]
CHR Extension: (Chrome Media Router) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-08-10] (McAfee, Inc.)
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-09-25] (McAfee, Inc.)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2017-08-30] () [File not signed]
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [994280 2017-09-14] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [242640 2017-06-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [394704 2017-06-21] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [350160 2017-06-21] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546904 2017-08-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1043864 2017-07-31] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\windows\System32\drivers\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 cfwids; C:\windows\System32\drivers\cfwids.sys [77800 2017-06-26] (McAfee, Inc.)
R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77440 2017-10-09] ()
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [209608 2017-08-07] (McAfee, Inc.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-09] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\DRIVERS\farflt.sys [110016 2017-10-10] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [45504 2017-10-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-10] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [94144 2017-10-10] (Malwarebytes)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [487408 2017-06-26] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [355312 2017-06-26] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [84544 2017-06-26] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [506352 2017-06-26] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [933360 2017-06-26] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [504792 2017-06-27] (McAfee LLC.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [108504 2017-06-27] (McAfee LLC.)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [116208 2017-06-26] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [253424 2017-06-26] (McAfee, Inc.)
R3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [6393856 2016-12-29] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 13:56 - 2017-10-10 13:57 - 000022946 _____ C:\Users\Mary\Downloads\FRST.txt
2017-10-10 13:55 - 2017-10-10 13:55 - 005660147 _____ (Swearware) C:\Users\Mary\Downloads\ComboFix.exe
2017-10-10 13:55 - 2017-10-10 13:55 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Mary\Downloads\rkill.exe
2017-10-10 13:54 - 2017-10-10 13:55 - 001790024 _____ (Malwarebytes) C:\Users\Mary\Downloads\JRT.exe
2017-10-10 13:53 - 2017-10-10 13:56 - 000000000 ____D C:\FRST
2017-10-10 13:52 - 2017-10-10 13:52 - 002401792 _____ (Farbar) C:\Users\Mary\Downloads\FRST64.exe
2017-10-10 13:49 - 2017-10-10 13:50 - 000000000 ____D C:\AdwCleaner
2017-10-10 13:44 - 2017-10-10 13:45 - 000000000 ____D C:\Users\Mary\Desktop\security
2017-10-09 23:52 - 2017-10-10 13:36 - 000110016 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-10-09 23:52 - 2017-10-10 13:36 - 000094144 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-10-09 23:52 - 2017-10-10 13:36 - 000045504 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-10-09 23:52 - 2017-10-09 23:52 - 000192952 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2017-10-09 12:10 - 2017-10-09 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-10-09 12:10 - 2017-10-09 12:10 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-10-09 12:06 - 2017-10-09 12:06 - 019709440 _____ (Luis Cobian, CobianSoft) C:\Users\Mary\Downloads\cbSetup.exe
2017-10-08 16:15 - 2017-10-08 16:15 - 000000000 ____D C:\Users\Mary\AppData\Local\ESET
2017-10-08 16:14 - 2017-10-08 16:14 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Mary\Downloads\esetonlinescanner_enu.exe
2017-10-08 00:02 - 2017-10-08 00:02 - 000069718 _____ C:\Users\Mary\Downloads\2017_Calendar_Two_Months_Per_Page.pdf
2017-10-06 00:03 - 2017-10-10 03:41 - 000003860 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-10-05 03:13 - 2017-10-10 13:36 - 000252232 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2017-10-02 04:29 - 2017-10-02 04:29 - 003215151 _____ C:\Users\Mary\Downloads\environmental-toxicants-and-infant-mortality-in-the-usa.pdf
2017-10-02 02:47 - 2017-10-02 02:47 - 000015657 _____ C:\Users\Mary\Downloads\AnatomyofanEpidemic-SummaryofFindings-Whitaker.pdf
2017-10-01 18:36 - 2017-10-01 18:36 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mary\Downloads\mbar-1.09.3.1001(2).exe
2017-09-30 09:24 - 2017-09-30 09:24 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mary\Downloads\mbar-1.09.3.1001(1).exe
2017-09-29 17:39 - 2017-09-29 17:39 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mary\Downloads\mbar-1.09.3.1001.exe
2017-09-29 17:19 - 2017-10-09 23:51 - 000077440 _____ C:\windows\system32\Drivers\mbae64.sys
2017-09-29 17:19 - 2017-09-29 17:19 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-29 17:19 - 2017-09-29 17:19 - 000000000 ____D C:\Users\Mary\AppData\Local\Isxajqibp
2017-09-29 17:19 - 2017-09-29 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-29 17:19 - 2017-09-29 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-29 17:19 - 2017-09-29 17:19 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-29 17:18 - 2017-09-29 17:18 - 008249808 _____ (Malwarebytes) C:\Users\Mary\Downloads\AdwCleaner.exe
2017-09-29 17:17 - 2017-09-29 17:17 - 068408664 _____ (Malwarebytes ) C:\Users\Mary\Downloads\mb3-setup-1878.1878-3.2.2.2029.exe
2017-09-28 16:00 - 2017-09-28 16:00 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2017-09-28 16:00 - 2017-09-28 16:00 - 000001088 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2017-09-28 16:00 - 2017-09-28 16:00 - 000000000 ____D C:\Users\Mary\AppData\Roaming\McAfee Safe Connect
2017-09-28 16:00 - 2017-09-28 16:00 - 000000000 ____D C:\Users\Mary\AppData\Local\McAfee_Inc
2017-09-28 15:56 - 2017-09-28 15:56 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2017-09-27 21:00 - 2017-09-27 21:00 - 000000000 ____D C:\ProgramData\360Quarant
2017-09-27 20:11 - 2017-09-15 06:42 - 000086248 _____ (360.cn) C:\windows\SysWOW64\Drivers\360AvFlt.sys
2017-09-27 20:10 - 2017-09-28 18:40 - 000000000 ____D C:\Program Files (x86)\360
2017-09-27 20:09 - 2017-09-27 20:09 - 076547176 _____ C:\Users\Mary\Downloads\360TS_Setup.exe
2017-09-27 20:08 - 2017-09-27 20:08 - 001496672 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\Mary\Downloads\360TS_Setup_Mini.exe
2017-09-27 19:11 - 2017-09-27 19:11 - 000001931 _____ C:\Users\Mary\Desktop\top ideas.txt
2017-09-26 02:05 - 2017-09-26 02:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-09-26 02:05 - 2017-09-26 02:05 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2017-09-23 15:34 - 2017-09-23 15:34 - 000723152 _____ (Spotify Ltd) C:\Users\Mary\Downloads\SpotifySetup.exe
2017-09-20 18:51 - 2017-09-20 18:51 - 000002788 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2017-09-20 18:51 - 2017-09-20 18:51 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-20 18:51 - 2017-09-20 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-20 18:50 - 2017-09-26 02:53 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-20 18:50 - 2017-09-26 02:53 - 000002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-20 18:50 - 2017-09-20 18:59 - 000003332 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-20 18:50 - 2017-09-20 18:59 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-20 18:50 - 2017-09-20 18:51 - 000000000 ____D C:\Users\Mary\AppData\Local\Google
2017-09-20 18:50 - 2017-09-20 18:51 - 000000000 ____D C:\Program Files\CCleaner
2017-09-20 18:50 - 2017-09-20 18:50 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-20 15:55 - 2017-09-20 15:55 - 000087711 _____ C:\Users\Mary\Downloads\563705RMA_209019PORTABLE_CALLTAG.PDF
2017-09-19 12:30 - 2017-09-19 15:00 - 000000093 _____ C:\Users\Mary\Desktop\suppsbuy9-19.txt
2017-09-16 12:16 - 2017-09-16 15:46 - 000000000 ____D C:\Users\Mary\Desktop\SanteviaFilter
2017-09-16 12:16 - 2017-09-16 15:46 - 000000000 ____D C:\Users\Mary\Desktop\Osteo
2017-09-16 12:01 - 2017-09-25 00:32 - 000000000 ____D C:\Users\Mary\Desktop\MARY
2017-09-16 11:05 - 2017-09-20 18:59 - 000003182 _____ C:\windows\System32\Tasks\{A8592515-8374-4869-992A-6398F89B6B64}
2017-09-13 09:32 - 2017-08-19 12:27 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2017-09-13 09:32 - 2017-08-19 11:48 - 000215040 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2017-09-13 09:32 - 2017-08-17 17:07 - 000537200 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2017-09-13 09:32 - 2017-08-17 17:07 - 000140016 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2017-09-13 09:32 - 2017-08-17 17:03 - 000450392 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2017-09-13 09:32 - 2017-08-17 17:03 - 000136832 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2017-09-13 09:32 - 2017-08-15 09:06 - 015260160 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-09-13 09:32 - 2017-08-15 09:01 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-09-13 09:32 - 2017-08-15 09:01 - 000128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2017-09-13 09:32 - 2017-08-15 09:01 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-09-13 09:32 - 2017-08-15 08:58 - 013673984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-09-13 09:32 - 2017-08-13 13:58 - 025730560 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-09-13 09:32 - 2017-08-13 12:19 - 000040960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nsiproxy.sys
2017-09-13 09:32 - 2017-08-13 12:05 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-09-13 09:32 - 2017-08-13 12:04 - 002899968 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-09-13 09:32 - 2017-08-13 11:54 - 020269056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-09-13 09:32 - 2017-08-13 11:51 - 005981696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-09-13 09:32 - 2017-08-13 11:50 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-09-13 09:32 - 2017-08-13 11:29 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-09-13 09:32 - 2017-08-13 11:28 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-09-13 09:32 - 2017-08-13 11:24 - 002291200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-09-13 09:32 - 2017-08-13 11:23 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-09-13 09:32 - 2017-08-13 11:21 - 000145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2017-09-13 09:32 - 2017-08-13 11:20 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-09-13 09:32 - 2017-08-13 11:17 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-09-13 09:32 - 2017-08-13 11:15 - 007078912 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2017-09-13 09:32 - 2017-08-13 11:14 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-09-13 09:32 - 2017-08-13 11:07 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-09-13 09:32 - 2017-08-13 11:05 - 000380416 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-09-13 09:32 - 2017-08-13 11:04 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-09-13 09:32 - 2017-08-13 11:04 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-09-13 09:32 - 2017-08-13 11:01 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-09-13 09:32 - 2017-08-13 10:52 - 005274624 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2017-09-13 09:32 - 2017-08-13 10:52 - 000486912 _____ (Microsoft Corporation) C:\windows\system32\tpmvsc.dll
2017-09-13 09:32 - 2017-08-13 10:51 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-09-13 09:32 - 2017-08-13 10:48 - 004547072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-09-13 09:32 - 2017-08-13 10:46 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-09-13 09:32 - 2017-08-13 10:44 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-09-13 09:32 - 2017-08-13 10:44 - 000331776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-09-13 09:32 - 2017-08-13 10:43 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-09-13 09:32 - 2017-08-13 10:40 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-09-13 09:32 - 2017-08-13 10:27 - 001544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-09-13 09:32 - 2017-08-13 10:25 - 007797248 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-09-13 09:32 - 2017-08-13 10:18 - 005270016 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 09:32 - 2017-08-13 10:17 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-09-13 09:32 - 2017-08-13 10:13 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-09-13 09:32 - 2017-08-12 04:30 - 022361344 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-09-13 09:32 - 2017-08-12 04:26 - 019789736 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-09-13 09:32 - 2017-08-11 19:39 - 001364552 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-09-13 09:32 - 2017-08-11 18:59 - 007440728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-09-13 09:32 - 2017-08-11 18:58 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-09-13 09:32 - 2017-08-11 18:58 - 001502000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-09-13 09:32 - 2017-08-11 15:46 - 000367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPTpm12.dll
2017-09-13 09:32 - 2017-08-11 15:29 - 000425984 _____ (Microsoft Corporation) C:\windows\system32\PCPTpm12.dll
2017-09-13 09:32 - 2017-08-11 15:13 - 000175616 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2017-09-13 09:32 - 2017-08-10 22:30 - 004170240 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-09-13 09:32 - 2017-08-10 22:27 - 000281600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2017-09-13 09:32 - 2017-08-10 22:27 - 000243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-09-13 09:32 - 2017-08-10 21:38 - 000477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2017-09-13 09:32 - 2017-08-10 21:08 - 001753600 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2017-09-13 09:32 - 2017-08-10 21:08 - 000329216 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2017-09-13 09:32 - 2017-08-10 21:02 - 001084928 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-09-13 09:32 - 2017-08-10 20:52 - 001491456 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2017-09-13 09:32 - 2017-08-10 20:49 - 000346624 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2017-09-13 09:32 - 2017-08-10 20:44 - 001095680 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2017-09-13 09:32 - 2017-08-10 20:43 - 000865792 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-09-13 09:32 - 2017-08-10 20:41 - 000307200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2017-09-13 09:32 - 2017-08-06 16:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2017-09-13 09:32 - 2017-08-06 02:13 - 000530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2017-09-13 09:32 - 2017-07-22 13:34 - 000033792 _____ (Microsoft Corporation) C:\windows\system32\iscsium.dll
2017-09-13 09:32 - 2017-07-22 12:32 - 000027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\iscsium.dll
2017-09-13 09:32 - 2017-07-17 14:53 - 004298240 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2017-09-13 09:32 - 2017-07-16 18:55 - 003551744 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2017-09-13 09:32 - 2017-07-13 18:03 - 002013528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-09-13 09:32 - 2017-07-12 15:29 - 000420440 _____ (Microsoft Corporation) C:\windows\system32\wevtapi.dll
2017-09-13 09:32 - 2017-07-12 15:29 - 000075440 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-09-13 09:32 - 2017-07-12 15:25 - 000308872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wevtapi.dll
2017-09-13 09:32 - 2017-07-12 15:25 - 000066112 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-09-13 09:32 - 2017-07-08 14:03 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-09-13 09:32 - 2017-07-08 13:43 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-09-13 09:32 - 2017-07-08 13:30 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-09-13 09:32 - 2017-07-08 13:20 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-09-13 09:32 - 2017-07-08 12:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-09-13 09:32 - 2017-07-07 22:14 - 000100184 ____C (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2017-09-13 09:31 - 2017-08-13 10:18 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-09-13 09:31 - 2017-08-13 10:14 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-09-13 09:31 - 2017-07-08 12:25 - 001436160 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 13:48 - 2016-11-11 00:57 - 000003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1992209377-382255440-3143550161-1001
2017-10-10 13:46 - 2016-11-11 00:54 - 000000000 ____D C:\Users\Mary\Documents\Youcam
2017-10-10 13:45 - 2016-11-27 06:50 - 000000000 ____D C:\windows\Minidump
2017-10-10 13:35 - 2016-11-18 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-10 13:35 - 2016-11-12 11:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-10 13:35 - 2013-08-22 09:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-10-10 13:32 - 2016-11-12 11:32 - 000000937 _____ C:\windows\Tasks\EPSON WF-2650 Series Update {C36F6C14-2B66-426A-A605-8636D8BBBAC0}.job
2017-10-10 13:12 - 2017-08-15 21:50 - 000617472 ___SH C:\Users\Mary\Desktop\Thumbs.db
2017-10-10 12:39 - 2013-08-22 10:20 - 000000000 ____D C:\windows\CbsTemp
2017-10-10 09:48 - 2016-11-11 01:23 - 000003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{9948DAC9-F66C-4BEF-A753-ED09C32930C7}
2017-10-10 03:50 - 2013-08-22 08:36 - 000000000 ____D C:\windows\Inf
2017-10-09 18:43 - 2016-11-11 00:52 - 000000000 ____D C:\Users\Mary
2017-10-09 16:23 - 2017-08-15 04:35 - 001304064 ___SH C:\Users\Mary\Downloads\Thumbs.db
2017-10-07 16:02 - 2017-03-11 19:34 - 000000346 _____ C:\windows\Tasks\HPCeeScheduleForMary.job
2017-10-07 16:02 - 2014-12-22 03:47 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-10-07 12:45 - 2017-03-11 19:34 - 000003158 _____ C:\windows\System32\Tasks\HPCeeScheduleForMary
2017-10-07 09:24 - 2017-05-19 11:35 - 000003068 _____ C:\windows\System32\Tasks\McAfeeLogon
2017-10-05 09:45 - 2014-12-22 02:34 - 000065536 _____ C:\windows\system32\spu_storage.bin
2017-10-04 22:40 - 2016-11-11 09:51 - 000000000 ____D C:\Users\Mary\AppData\Local\Hewlett-Packard
2017-10-02 01:56 - 2017-08-15 05:18 - 000000000 ____D C:\Users\Mary\Desktop\m
2017-09-28 16:08 - 2017-08-21 06:46 - 000000000 ____D C:\Users\Mary\AppData\Local\Adobe
2017-09-28 15:50 - 2013-08-22 10:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-09-28 15:50 - 2013-08-22 10:36 - 000000000 ____D C:\windows\system32\Macromed
2017-09-26 15:05 - 2016-11-11 00:52 - 000000000 ____D C:\Users\Mary\AppData\Local\VirtualStore
2017-09-26 02:05 - 2017-08-30 21:24 - 000000000 ____D C:\Program Files\McAfee Security Scan
2017-09-26 02:05 - 2017-08-30 20:54 - 000001987 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-09-24 23:49 - 2013-08-22 10:36 - 000000000 ____D C:\windows\system32\NDF
2017-09-23 18:27 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-23 18:27 - 2013-08-22 10:36 - 000000000 ____D C:\windows\AppReadiness
2017-09-23 12:01 - 2013-08-22 09:44 - 000346824 _____ C:\windows\system32\FNTCACHE.DAT
2017-09-22 08:40 - 2017-01-26 02:06 - 000000000 ____D C:\Users\Mary\Documents\PKHot
2017-09-21 14:19 - 2014-03-18 04:53 - 000893460 _____ C:\windows\system32\PerfStringBackup.INI
2017-09-20 18:59 - 2016-11-11 00:52 - 000000000 ____D C:\Users\Mary\AppData\Local\Packages
2017-09-20 18:58 - 2017-08-25 17:56 - 000000000 ____D C:\Users\Mary\AppData\Roaming\TC2000v16
2017-09-20 18:52 - 2014-04-02 17:17 - 000000000 ____D C:\windows\Panther
2017-09-16 22:00 - 2017-01-18 01:19 - 000000000 ____D C:\Users\Mary\Documents\Marc
2017-09-16 12:59 - 2017-03-21 12:15 - 000000000 ____D C:\Users\Mary\Desktop\Tapping
2017-09-16 11:10 - 2017-08-29 23:55 - 000000000 ____D C:\Users\Mary\AppData\Roaming\DVDVideoSoft
2017-09-14 02:47 - 2013-08-22 10:36 - 000000000 ____D C:\windows\rescache
2017-09-13 14:27 - 2013-08-22 10:36 - 000000000 ___RD C:\windows\ToastData
2017-09-13 09:55 - 2016-11-26 20:46 - 000000000 ____D C:\windows\system32\MRT
2017-09-13 09:43 - 2016-11-26 20:45 - 138202976 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-05 05:13

==================== End of FRST.txt ============================

 

As requested, the AdwCleaner log:

 

# AdwCleaner 7.0.3.0 - Logfile created on Wed Oct 11 02:43:48 2017
# Updated on 2017/28/09 by Malwarebytes
# Database: 10-04-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1464 B] - [2017/10/10 19:29:55]
C:/AdwCleaner/AdwCleaner[S0].txt - [1340 B] - [2017/10/10 18:57:24]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

 

 

 

I leave myself very humbly in your imminently capable hands.

 

MHP



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:29 AM

Posted 11 October 2017 - 05:34 PM

No, you posted a scan of FRST and the report of AdwCleaner. Lets try this again:

 

  • Highlight the entire content of the quote box below.

Start::
Folder: C:\Users\Mary\AppData\Local\Isxajqibp
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 MrHappyPants

MrHappyPants
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 11 October 2017 - 08:30 PM

Whoops. Apologies.

 

Below, the Fixlog.txt from latest scan, after running as administrator, and having followed your other instructions, above (copy to clipboard, click "fix").

 

Ran Junkware Removal Tool as administrator. Here are the logs, Fixlog.txt first:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Mary (11-10-2017 20:14:02) Run:2
Running from C:\Users\Mary\Desktop\security
Loaded Profiles: Mary &  (Available Profiles: Mary)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\Users\Mary\AppData\Local\Isxajqibp
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************


========================= Folder: C:\Users\Mary\AppData\Local\Isxajqibp ========================

2017-09-29 17:19 - 2017-09-29 17:19 - 000019631 ____A [384F3B3FA20EE93C71470871174D32C9] () C:\Users\Mary\AppData\Local\Isxajqibp\c xasde.umnexb

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1992209377-382255440-3143550161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1992209377-382255440-3143550161-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10112017152843715\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1992209377-382255440-3143550161-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10112017152843715\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3251932 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 2048 B
Edge => 0 B
Chrome => 0 B
Firefox => 69911486 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 165 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Mary => 420326 B

RecycleBin => 33127792 B
EmptyTemp: => 113.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:15:46 ====

 

-------------------------------------------------------------------------------------------------------

 

"JRT.txt":

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64
Ran by Mary (Administrator) on Wed 10/11/2017 at 20:20:59.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8BD93BCC-0D53-4FC7-90F0-5E91462F04C9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8BD93BCC-0D53-4FC7-90F0-5E91462F04C9} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/11/2017 at 20:27:13.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------------------------------------------------------------------------------------------------------------------------

 

Thanks again!



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:29 AM

Posted 12 October 2017 - 02:17 PM

  • Highlight the entire content of the quote box below.

Quote

Start::  
C:\Users\Mary\AppData\Local\Isxajqibp
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 MrHappyPants

MrHappyPants
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 13 October 2017 - 03:00 PM

Done and done. Here's the fixlog.txt result (I added the 10-13 myself just to distinguish it from the others).

 

As far as how the computer is doing...I would say just fine...if it weren't for the fact that it seemed to be doing just fine, before...and that was when it was infected with multiple rootkits and trojans. I can understand your admonition that we wait for someone with your professional experience to pronounce it clean, yourself, before being so naive/optimistic as to assume that the coast is clear, so to speak.

 

But I've been given no reason to suspect that my accounts have been compromised in any way, up to this point, at least. Maybe I should include a "yet" caveat there, though, I suppose.

 

I'm still mind-boggled, though, over the fact that it/they would crash my browser rather than allow me to download the FRST scan.

But after I quarantined the Malwarbytes Scan results I was able to then download the FRST, at least, and proceed with your instructions...which I'd postponed doing previously, because my previous helper had directed me to click "delete" on the scan results...and my version of Malwarebytes didn't provide that delete option, just the quarantine. So I postponed acting until I found I couldn't proceed with your advice to download FRST, by any apparent means.

 

So then I went back and quarantined the Malwarebytes scan results with the option provided in the program,  and had no further problems downloading FRST, at least.

So there appears to have been at least some tangible, demonstrable improvement, even if the malware activities weren't manifest otherwise in the normal course of the general use of the computer, previously.

 

I have a Hijack This log, if you'd like me to post it (Scan dating from prior to running the FRST scan, on your most recent instructions).

I'll refrain from posting it until you direct me to do so, though, after reading through your specifications in your intro info, not to stray from your direct instructions during the process.

So here's the FRST fixlog, resulting from running FRST as administrator, the above quote panel contents in the clipboard at the time, and clicking the "Fix" option.

 

Again, I can't thank you enough for all your help!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Mary (13-10-2017 14:51:08) Run:3
Running from C:\Users\Mary\Desktop\security
Loaded Profiles: Mary (Available Profiles: Mary)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
C:\Users\Mary\AppData\Local\Isxajqibp

*****************

C:\Users\Mary\AppData\Local\Isxajqibp => moved successfully

==== End of Fixlog 14:51:08 ====

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Mary (13-10-2017 14:51:08) Run:3
Running from C:\Users\Mary\Desktop\security
Loaded Profiles: Mary (Available Profiles: Mary)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
C:\Users\Mary\AppData\Local\Isxajqibp

*****************

C:\Users\Mary\AppData\Local\Isxajqibp => moved successfully

==== End of Fixlog 14:51:08 ====


Edited by MrHappyPants, 13 October 2017 - 03:06 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:29 AM

Posted 13 October 2017 - 03:45 PM

Open Malwarebytes Antimalware. Click on the Quarantine panel, select all quarantined items and click on Delete.

 

To remove the tools we used and their quarantine, run this application:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

As far as I see it, there is nothing in your computer to be concern about. Always keep your antivirus active and updated.

 

Best regards. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 MrHappyPants

MrHappyPants
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 13 October 2017 - 04:55 PM

I've just noticed a new entry on my startup menu, in the task manager...an exe program on startup menu which I'm unfamiliar with, and which happens to be in the file you referenced above in FRST fix (Isxajqibp)

 

The identifier is the following: c xasde.umnexb

 

Would you have any guess as to it's nature?



#10 MrHappyPants

MrHappyPants
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 13 October 2017 - 05:02 PM

Did the above as instructed. Here's Delfix.log resulting, followed by the Hijackthis log (HJT scan performed pre-delfix scan)

 

# DelFix v1.013 - Logfile created 13/10/2017 at 17:01:32
# Updated 17/04/2016 by Xplode
# Username : Mary - CRAPPYPC
# Operating System : Windows 8.1  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mary\Desktop\JRT.txt
Deleted : C:\Users\Mary\Downloads\Fixlog.txt
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup ... OK

########## - EOF - ##########

 

______________________________________________________________________

HJT log:

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:41:35 PM, on 10/13/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18817)

FIREFOX: 56.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Users\Mary\Desktop\security\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Users\Mary\Downloads\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [McAfeeSafeConnect] C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
O4 - Startup: qpacufteqv.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
O23 - Service: Cobian Backup 11 Gravity (CobianBackup11) - Luis Cobian, CobianSoft - C:\Program Files (x86)\Cobian Backup 11\cbService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(06) (EPSON_PM_RPCV4_06) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Vpn Service - Unknown owner - C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe
O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11659 bytes
 

 

Thanks so much again! You've been a lifesaver, truly!

 


Edited by MrHappyPants, 13 October 2017 - 05:07 PM.


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:29 AM

Posted 13 October 2017 - 06:45 PM

Hijackthis is obsolete. The process was removed earlier. Lets try again. You will need to download FRST again.
  • Highlight the entire content of the quote box below.

Start::  
Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qpacufteqv.lnk [2017-09-29]
ShortcutTarget: qpacufteqv.lnk -> C:\Users\Mary\AppData\Local\Isxajqibp\c xasde.umnexb ()
C:\Users\Mary\AppData\Local\Isxajqibp
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Edited by JSntgRvr, 13 October 2017 - 06:46 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 MrHappyPants

MrHappyPants
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 14 October 2017 - 09:22 AM

Fixlog.txt

 

I've noticed another unusual item that's appeared in my startup menu, for the first time, after the previously mentioned entry has been removed. It's listed simply as "C". There's no option provided to open the containing folder, however.

I disabled it in hopes that would aid in tracking it down, but now it's disappeared. The listing was simply a capital "C", next to the blank page with corner turned down that usually refers to an offline web-page. Any idea what it could be?

Thanks

---------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Mary (13-10-2017 14:51:08) Run:3
Running from C:\Users\Mary\Desktop\security
Loaded Profiles: Mary (Available Profiles: Mary)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
C:\Users\Mary\AppData\Local\Isxajqibp

*****************

C:\Users\Mary\AppData\Local\Isxajqibp => moved successfully

==== End of Fixlog 14:51:08 ====



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:29 AM

Posted 14 October 2017 - 01:37 PM

That fixlog does no respond to the fixlist above.

 

I've noticed another unusual item that's appeared in my startup menu, for the first time, after the previously mentioned entry has been removed. It's listed simply as "C". There's no option provided to open the containing folder, however.

I disabled it in hopes that would aid in tracking it down, but now it's disappeared. The listing was simply a capital "C", next to the blank page with corner turned down that usually refers to an offline web-page. Any idea what it could be?

 

I have no idea. Send me a screenshot.

 

  • You can do this by pressing the PrintScreen key.
  • Then search > Paint
  • In Paint, go up to Edit > Paste
  • Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it on the desktop.
  • Then click Reply in this topic.
  • Scroll down to manage attachments
  • Click the Choose File button.
  • Locate the file you just saved, click on it, then click Open, then Upload.
  • Add a Reply


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:29 AM

Posted 17 October 2017 - 05:31 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 MrHappyPants

MrHappyPants
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 21 October 2017 - 06:10 PM

Yes, and thanks so much for your continuing help. I realized that the above issue was innocuous, however.

 

One more question though, if I may, while I have someone of your expertise to help-What antivirus/malware software/combination would you recommend I install. What would you consider to be the ideal combination of security programs?

 

Again, thank you so much, and I just noticed that you're in Puerto Rico. Lo siento, de que paso, y mas-que no hacen nada a ayudarles a uds. Qué desgracia, por este pais, y este gente...que ignorancia. Ojala que mejorara, este.  En verdad.

 

Yo podi darsele a uds. solo 30 dollares ahorita. Pero doy a todas de uds. toda de mi corazon, y buenes suertes, en verdad.


Edited by MrHappyPants, 21 October 2017 - 06:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users