Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Battle of the Pup's


  • This topic is locked This topic is locked
11 replies to this topic

#1 juliewh

juliewh

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 11 March 2018 - 07:23 PM

Hi,

My name is Julie & this is my first time posting to this site. To keep a long story short, my laptop is slowly choking out.  I do research for a living & on overtime right now without a backup computer, so... :(   Malwarebytes hasn't been detecting, but I just discovered numerous errors with it in task manager this morning.  I've run AdwCleaner & FRST64.  I'll refrain from running anything else at this point - I'm in over my head as is.  Any help is greatly appreciated!

 

 

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [7774 B] - [2016/9/28 23:19:28]
C:/AdwCleaner/AdwCleaner[C2].txt - [1470 B] - [2016/9/30 7:42:47]
C:/AdwCleaner/AdwCleaner[C3].txt - [1407 B] - [2016/11/5 17:26:52]
C:/AdwCleaner/AdwCleaner[C4].txt - [1776 B] - [2017/1/24 5:12:34]
C:/AdwCleaner/AdwCleaner[S0].txt - [6564 B] - [2016/9/28 23:9:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1560 B] - [2016/9/30 3:21:25]
C:/AdwCleaner/AdwCleaner[S2].txt - [1515 B] - [2016/11/5 17:25:8]
C:/AdwCleaner/AdwCleaner[S3].txt - [1866 B] - [2017/1/24 5:10:2]
C:/AdwCleaner/AdwCleaner[S4].txt - [1658 B] - [2018/3/11 21:8:54]

 

------------------------------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01
Ran by Julie (administrator) on ASUS (11-03-2018 18:05:38)
Running from C:\Users\Julie\Downloads
Loaded Profiles: Julie (Available Profiles: Julie)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13530184 2013-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [401888 2016-11-30] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-29] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-04-16] (ASUS)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Run: [TinyTake by MangoApps] => C:\Users\Julie\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe [362584 2015-10-13] (MangoApps)
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Run: [Amazon Music] => C:\Users\Julie\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] ()
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Run: [Spotify Web Helper] => C:\Users\Julie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-23] (Spotify Ltd)
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Run: [Spotify] => C:\Users\Julie\AppData\Roaming\Spotify\Spotify.exe [6795376 2016-09-23] (Spotify Ltd)
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{a4e9ed1b-0c5b-4e1d-b9ea-46855b0a6f20}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://xfinity.comcast.net/?cid=insDate08302015
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3843277573-2447862647-3287370386-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3843277573-2447862647-3287370386-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\3v63if0f.default [2018-03-11]
FF user.js: detected! => C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\3v63if0f.default\user.js [2016-09-28]
FF Homepage: Mozilla\Firefox\Profiles\3v63if0f.default -> hxxp://xfinity.comcast.net/?cid=insDate08302015
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3843277573-2447862647-3287370386-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Julie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-12] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default [2018-03-11]
CHR Extension: (Docs) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (HelloFax) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2018-02-10]
CHR Extension: (OneTab) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
CHR Extension: (Google Search) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Blue Messenger) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmfchgfmbbddembehpkopmhjiepcckd [2018-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-04-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
S3 wpscloudsvr; C:\Users\Julie\appdata\local\kingsoft\wps office\wpscloudsvr.exe [177800 2017-11-18] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-05] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-05] (Malwarebytes)
R1 MpKsl82437c2a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8C3A123-183F-4093-98A8-D70BF3B8E5D2}\MpKsl82437c2a.sys [58120 2018-03-11] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
S3 WUDFWpdComp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-11 18:05 - 2018-03-11 18:06 - 000017658 _____ C:\Users\Julie\Downloads\FRST.txt
2018-03-11 18:05 - 2018-03-11 18:05 - 000000000 ____D C:\FRST
2018-03-11 18:04 - 2018-03-11 18:04 - 002402816 _____ (Farbar) C:\Users\Julie\Downloads\FRST64.exe
2018-03-11 17:53 - 2018-03-11 17:54 - 001763328 _____ (Farbar) C:\Users\Julie\Downloads\FRST.exe
2018-03-11 16:18 - 2018-03-11 16:18 - 000001808 _____ C:\Users\Julie\Desktop\AdwCleaner[C4].txt
2018-03-11 14:04 - 2018-03-11 14:05 - 008222496 _____ (Malwarebytes) C:\Users\Julie\Downloads\AdwCleaner(3).exe
2018-03-08 18:50 - 2018-03-08 18:50 - 000104332 _____ C:\Users\Julie\Downloads\arrests.pdf
2018-03-08 18:50 - 2018-03-08 18:50 - 000072842 _____ C:\Users\Julie\Downloads\incidents.pdf
2018-03-07 10:39 - 2018-03-07 10:40 - 004117361 _____ C:\Users\Julie\Documents\2017 Tax Return.pdf
2018-03-07 10:24 - 2018-03-07 10:24 - 001578246 _____ C:\Users\Julie\Documents\2017 M1PR Rent Refund.pdf
2018-03-07 10:23 - 2018-03-07 10:24 - 000201323 _____ C:\Users\Julie\Downloads\TaxReturn(1).pdf
2018-03-04 12:29 - 2018-03-04 12:29 - 000881204 _____ C:\Users\Julie\Downloads\2017 Information and Resource Sharing Folder Electronic Version.pdf
2018-03-02 17:46 - 2018-03-03 10:26 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-02 08:54 - 2018-03-02 08:54 - 000116959 _____ C:\Users\Julie\Documents\InsuranceIDCard.pdf
2018-02-15 09:24 - 2018-03-01 16:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-11 16:46 - 2016-11-18 13:53 - 000000000 ____D C:\Users\Julie\AppData\LocalLow\Mozilla
2018-03-11 16:45 - 2017-04-13 08:34 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-03-11 16:45 - 2015-10-05 13:35 - 000000000 __SHD C:\Users\Julie\IntelGraphicsProfiles
2018-03-11 16:44 - 2017-06-22 21:55 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-11 16:24 - 2016-09-28 17:54 - 000000000 ____D C:\AdwCleaner
2018-03-11 16:23 - 2017-12-07 09:02 - 001020368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-11 16:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-11 16:16 - 2017-12-07 08:39 - 000235752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-11 16:15 - 2017-12-07 09:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-11 16:15 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-11 16:15 - 2016-09-29 17:13 - 000000000 ____D C:\ProgramData\Kodak
2018-03-11 16:15 - 2015-08-12 11:57 - 000000640 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3843277573-2447862647-3287370386-1001.job
2018-03-11 16:15 - 2015-08-12 11:57 - 000000544 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3843277573-2447862647-3287370386-1001.job
2018-03-11 15:54 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-11 14:43 - 2014-02-19 18:25 - 000007602 _____ C:\Users\Julie\AppData\Local\resmon.resmoncfg
2018-03-11 14:29 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-11 14:28 - 2014-09-08 23:10 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-03-11 14:26 - 2015-08-12 11:57 - 000000000 ____D C:\Users\Julie\AppData\Local\Citrix
2018-03-11 11:53 - 2017-12-07 08:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-10 08:36 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-10 08:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-09 18:00 - 2017-12-07 08:43 - 000000000 ____D C:\Users\Julie
2018-03-08 14:53 - 2017-12-07 09:08 - 000003788 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3843277573-2447862647-3287370386-1001
2018-03-08 14:53 - 2017-12-07 09:08 - 000003692 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3843277573-2447862647-3287370386-1001
2018-03-08 14:53 - 2017-07-08 10:53 - 000000000 ____D C:\Users\Julie\AppData\Local\GoToMeeting
2018-03-03 10:25 - 2014-01-18 01:08 - 000000000 ____D C:\Users\Julie\AppData\Local\ElevatedDiagnostics
2018-03-01 16:07 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-02-27 16:55 - 2013-12-03 19:14 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-26 22:20 - 2017-12-07 09:08 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-23 19:23 - 2016-02-28 09:58 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-14 12:33 - 2013-12-02 20:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 12:31 - 2017-10-11 07:53 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 12:31 - 2013-12-02 20:46 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-13 10:15 - 2016-09-23 23:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-13 10:15 - 2014-01-15 23:43 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

==================== Files in the root of some directories =======

2013-11-29 18:18 - 2013-11-29 18:18 - 000000021 _____ () C:\Users\Julie\AppData\Roaming\my_intel.sys
2013-11-29 18:13 - 2015-03-31 09:09 - 000000074 _____ () C:\Users\Julie\AppData\Roaming\sp_data.sys
2015-09-30 15:35 - 2015-09-30 15:35 - 000000022 _____ () C:\Users\Julie\AppData\Roaming\VimeoDownloaderSettings.ini
2014-10-29 14:49 - 2014-11-21 01:49 - 000000126 _____ () C:\Users\Julie\AppData\Roaming\WB.CFG
2015-09-15 23:33 - 2015-09-15 23:33 - 000006144 ___SH () C:\Users\Julie\AppData\Local\access.ctl
2014-10-31 05:49 - 2014-10-31 05:49 - 000000001 _____ () C:\Users\Julie\AppData\Local\DSI.DAT
2015-04-24 16:39 - 2016-07-20 12:23 - 000014920 _____ () C:\Users\Julie\AppData\Local\installer.log
2014-02-19 18:25 - 2018-03-11 14:43 - 000007602 _____ () C:\Users\Julie\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-08 13:47

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by Julie (11-03-2018 18:06:35)
Running from C:\Users\Julie\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-07 14:10:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3843277573-2447862647-3287370386-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3843277573-2447862647-3287370386-503 - Limited - Disabled)
Guest (S-1-5-21-3843277573-2447862647-3287370386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3843277573-2447862647-3287370386-1005 - Limited - Enabled)
Julie (S-1-5-21-3843277573-2447862647-3287370386-1001 - Administrator - Enabled) => C:\Users\Julie
WDAGUtilityAccount (S-1-5-21-3843277573-2447862647-3287370386-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
Amazon Kindle (HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Console (HKLM\...\{6D989E08-8143-4AB8-B0A8-5B836235CAA4}) (Version: 1.0.0 - ASUS)
ASUS FaceKey (HKLM-x32\...\{ACE24C70-743B-43B0-8045-817FF050800B}) (Version: 4.1.0.0 - )
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.1 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.0 - ASUS)
ASUS Video DSP (HKLM-x32\...\{B80DB514-46E5-43AA-B68C-1EBBF5CF7D34}) (Version: 1.0.000 - )
ASUS Video Magic (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.5005 - CyberLink Corp.) Hidden
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.5005 - CyberLink Corp.)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0028 - ASUS)
Azteca (HKLM-x32\...\WTA-d3268e37-1467-4498-b890-3b9c5fa9a690) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-e699b1f9-6f63-4385-ab80-1940bd828703) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
Cut the Rope (HKLM-x32\...\WTA-2c16f4f3-2c4a-41ba-8b8c-008bb7f4c749) (Version: 3.0.2.38 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3718_45957 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.5817a - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Drive Repair 638 (HKLM\...\DVD Drive Repair_is1) (Version: 638 - Rizonesoft)
eFile Express 2013 (HKLM-x32\...\eFile Express 2013) (Version: 2013.0b - Smartrak Group, Inc.)
eFile Express 2014 (HKLM-x32\...\eFile Express 2014) (Version: 2014.0b - Smartrak Group, Inc.)
eFile Express 2015 (HKLM-x32\...\eFile Express 2015) (Version: 2015.0b - Smartrak Group, Inc.)
eFile Express 2016 (HKLM-x32\...\eFile Express 2016) (Version: 2016.0a - Smartrak Group, Inc.)
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.22.0.8473 (HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\GoToMeeting) (Version: 8.22.0.8473 - LogMeIn, Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Peggle (HKLM-x32\...\WTA-fda76deb-ac7b-489e-8b18-b38b0d707428) (Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-c466df79-d924-4a89-a72c-303a90a57847) (Version: 2.2.0.98 - WildTangent) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.11.201.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6890 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Spotify) (Version: 1.0.38.171.g5e1cd7b2 - Spotify AB)
Tales of Lagoona (HKLM-x32\...\WTA-014dbe37-97d3-4bf5-93f4-13e4bbc2f02f) (Version: 2.2.0.110 - WildTangent) Hidden
TinyTake by MangoApps (HKLM-x32\...\{2586FC27-0086-4C49-9785-9A15DE989530}) (Version: 4.0.1 - MangoApps) Hidden
TinyTake by MangoApps (HKLM-x32\...\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}) (Version: 4.0.1 - MangoApps)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WPS Office (10.2.0.5978) (HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\Kingsoft Office) (Version: 10.2.0.5978 - Kingsoft Corp.)
Zello 1.78.0.0 (HKLM-x32\...\Zello) (Version: 1.78.0.0 - Zello Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3843277573-2447862647-3287370386-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Users\Julie\AppData\Local\Kingsoft\WPS Office\10.2.0.5978\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3843277573-2447862647-3287370386-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Julie\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll => No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-3843277573-2447862647-3287370386-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Users\Julie\AppData\Local\Kingsoft\WPS Office\10.2.0.5978\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2017-11-18] (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09167DFA-AB1B-45A4-97CC-F362CCC89C7E} - System32\Tasks\WpsExternal_Julie_20171118132237 => C:\Users\Julie\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe [2017-11-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {13202EF7-E921-4CA9-99A6-4293672B8DA6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {169A8F4E-4365-45E5-BA9F-1ED6B5D43D4A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {239B6ECB-DA08-46D4-9124-16EF60F574E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {25AEA738-6207-4100-965C-C77A6CAEF917} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {2A00F6F9-2134-4824-A31E-E82AAF0792C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2A1E9948-1F99-4CB8-872C-9959D35985D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {2AA02B90-2E46-4F68-B68C-7DC292C518D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {3136136B-C6C4-4B8B-9DAE-648CC37D41CA} - \WPD\SqmUpload_S-1-5-21-3843277573-2447862647-3287370386-1001 -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35C17D10-1A7C-469E-82D8-9962E578BC77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {36259B35-7299-4002-8644-18F3AFADBFFC} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {366A754F-3D60-4930-8363-480B566231F6} - \ASUS Live Update2 -> No File <==== ATTENTION
Task: {39A875A4-F931-451B-839B-22070930E178} - \ASUS P4G -> No File <==== ATTENTION
Task: {411D30E8-0BE9-4679-9867-9E182EF2F683} - \WpsUpdateTask_Julie -> No File <==== ATTENTION
Task: {44BDA1F5-8534-474B-8444-ECCD1B7667D2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {551A102F-C26C-4C9B-925D-22E4F8BA81B1} - \WpsNotifyTask_Julie -> No File <==== ATTENTION
Task: {58E9DFF9-820D-4708-A892-70D027480F78} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {5A6C0091-656C-4ED3-A42C-C5F2877B8474} - System32\Tasks\G2MUpdateTask-S-1-5-21-3843277573-2447862647-3287370386-1001 => C:\Users\Julie\AppData\Local\GoToMeeting\8473\g2mupdate.exe [2018-03-08] (LogMeIn, Inc.)
Task: {61DCEFA3-DC36-45E7-A38A-5ACF1933BF6B} - System32\Tasks\TinyTakeUpgrade => C:\Users\Julie\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-10-13] (MangoApps Inc.)
Task: {6D742402-ACA4-4F9A-9AE1-C1A2AA31E421} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {706018C2-62FF-4E7E-AC42-F2BA31279A76} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {79D85D75-FE9E-4F95-B39E-5DF24D974CF4} - System32\Tasks\GoogleUpdateTaskMachineUA1cfec859034963d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {84B8CE03-E41D-48B2-9787-70E419961A5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {897A0BC5-D8A0-4CEA-A052-54A4B7952C91} - \ASUS Splendid ColorU -> No File <==== ATTENTION
Task: {8B0EE4C0-F253-472E-A3E5-2329DD422CAC} - System32\Tasks\G2MUploadTask-S-1-5-21-3843277573-2447862647-3287370386-1001 => C:\Users\Julie\AppData\Local\GoToMeeting\8473\g2mupload.exe [2018-03-08] (LogMeIn, Inc.)
Task: {8DA8BDC7-5612-492B-83F7-84AC68C5B713} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {982603E0-C799-4ED6-81E0-FFDF539F03E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {9D1557CB-F80F-4DCB-BF3D-8F72FF702A47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A4C2C9E8-4CF1-4C01-BF45-6D70C5085D7F} - System32\Tasks\ASUS Console => C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe [2013-04-12] (ASUSTek Computer Inc.)
Task: {AA2B1223-51DE-41E5-9D94-678AB4D696DA} - \ASUS Live Update1 -> No File <==== ATTENTION
Task: {B2C7888C-D424-4083-9A3C-29A567866989} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {B6585656-291E-4570-B1FF-AC87165E304B} - \ASUS InstantOn Config -> No File <==== ATTENTION
Task: {B9554A6D-8534-4E1D-9C92-ADFC50AAE927} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {BC76AFAB-8053-4CD2-BED3-D427B79874FA} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
Task: {C1E0AA10-B190-4C64-99B1-B30A86E8FE1A} - \Optimize Start Menu Cache Files-S-1-5-21-3843277573-2447862647-3287370386-1001 -> No File <==== ATTENTION
Task: {C542DB8C-80FE-4280-BF6A-38AE13977E0D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C59D652B-92E7-4016-B8E0-6AD169719C25} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {C6B9A8CD-CD7E-4C22-88DE-32F41C4CCC19} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CE2C405F-D208-4299-96D7-B89FB9121A92} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CF63A0FB-94BC-4AB5-A65F-05D45252E2DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D0D04EA2-FF3C-4F19-988F-4A6BB6842129} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DD3210CD-0231-4C22-914A-733E8279B5AB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E30F08CF-874B-45FF-8F05-6AC2674D452E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {EC8B924A-2426-4810-ADED-46ED0971532E} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {ED3FEAC5-C902-461D-9D2A-C16495A9E610} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {F93B540C-A969-4AC0-ADBF-18389271E1EE} - \AsusVibeSchedule -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3843277573-2447862647-3287370386-1001.job => C:\Users\Julie\AppData\Local\GoToMeeting\8473\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3843277573-2447862647-3287370386-1001.job => C:\Users\Julie\AppData\Local\GoToMeeting\8473\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-12-19 01:10 - 2012-12-19 01:10 - 000072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-06-24 08:38 - 2009-04-17 05:01 - 000247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-11-30 22:57 - 2016-11-30 22:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-11-15 22:58 - 2017-11-01 09:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-06 13:15 - 2017-12-06 13:15 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-06 13:15 - 2017-12-06 13:15 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Julie\Documents\irs letter.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\Julie\Documents\irs letter.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Julie\Documents\irs waiver.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\Julie\Documents\irs waiver.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Julie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\StartupApproved\Run: => "TinyTake by MangoApps"
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AA08304C-ED94-4779-B312-87C24A41F819}] => (Allow) C:\Users\Julie\AppData\Local\Kingsoft\WPS Office\10.2.0.5978\office6\wpscloudsvr.exe
FirewallRules: [{A192267D-D842-47EA-ACC8-F450CB95CE70}] => (Allow) C:\Program Files (x86)\Zello\Zello.exe
FirewallRules: [{0144D02D-06AD-49B0-8D9F-9E9C0D7C086E}] => (Allow) C:\Program Files (x86)\Zello\Zello.exe
FirewallRules: [UDP Query User{02A1794D-4D1F-4B79-8542-4F04C1F3B42D}C:\users\julie\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\julie\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8F02A4A6-18C8-40E5-9927-7A84536BA693}C:\users\julie\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\julie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3F779960-F8D5-45E0-B51F-BF20A35FD0AE}C:\users\julie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\julie\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4A55DAF3-FF4A-4C97-8771-901C7CB9A305}C:\users\julie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\julie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{463349A0-E6A4-42B8-809E-CD1E4B0437F2}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{A3D2241F-B593-4F3B-8817-FF07993CDA02}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{619540EB-94F5-4125-A55D-CDC582FCABA7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{410D60A9-3D30-4711-95AB-57CD3CEB86B5}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{377C16F7-0001-456B-ADA3-516F3A21FFA9}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{9B173394-94FF-4E87-B303-CFEF6A5BDAF8}] => (Allow) LPort=5353
FirewallRules: [{5A8C45B3-03B8-4A22-A782-2B0E0B3E3A0C}] => (Allow) LPort=9322
FirewallRules: [UDP Query User{ED56A9CB-9413-4B29-81F5-7E623AA802F9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D16F3E6C-829C-439D-9307-B10869877DE0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1976ECF9-B158-4A48-ADD2-E68CB3D9BDB6}] => (Allow) LPort=5353
FirewallRules: [{AC71B45E-3CB5-4E88-B948-D216B6FC8C71}] => (Allow) LPort=9322
FirewallRules: [{3239F59C-0200-4295-BE64-9C90136C5380}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{9B354A42-AF99-48F9-A21F-968C8E1B27B2}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{F3172B8B-86E9-4498-A960-4BA884AF7386}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{A62475FB-AC25-43A6-9AD5-B001F51CB058}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{5E5EC54D-ECE7-4CF0-8368-1C3FC07A97AA}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{310802D2-DBD8-4070-95FC-2BFE21156DD9}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{B213C088-CB98-4A0F-8905-45216D06AE76}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{95D5F4ED-CB61-4505-B82F-AEFC3605B7AD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{03B02C84-B97C-429C-BE5D-98BCE8A59DAF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{A84DC47B-BA7C-4E34-88FE-7481A1596EA7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{741881D6-B16C-41B5-8189-0AF87ECF9B5B}] => (Allow) LPort=5353
FirewallRules: [{D799788A-9161-4F39-A6FC-B661243C505E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{577C7159-BF08-4437-832F-322D7DF65AAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0188803F-6A4B-42D8-9319-B12D0276CAA1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7D13E0FD-A136-498B-AC63-4AE61B149B42}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D9CB2201-D744-4F6B-AFEB-D495DD707245}] => (Allow) LPort=2869
FirewallRules: [{B435A9E9-B2F5-4A85-A497-3052975805D0}] => (Allow) LPort=1900
FirewallRules: [{9140D482-C871-4F78-A72C-65704139CE02}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{B715ECEC-20B8-416F-8A55-B440D1F9B40E}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7EBACAEE-A0D0-4A8D-9A10-DFAAAC92CFB0}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{99300943-50A0-40A5-95E0-BF9400D9E3A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6A3A920-F054-49A4-AD95-806CA00DFFFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6949E775-3A4E-48D7-B4AC-D32A9FD4D3C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A4FFEDD6-3D38-401D-A78C-0466A23EE8FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F78F0D2-7A69-43F0-85A7-57F7D4CCA379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77ED7F4F-B072-4CAD-95E0-8ED05D3B69A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ABE72EEB-0B0B-45B0-8977-45B1E2B80ED1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{7FD87350-B066-446E-879C-0476DB7B27B7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BD2971E1-6D63-4ABA-AEB0-92FBE9512596}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9C7A423E-A6C5-4E67-9B44-15F8FDEB1261}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{96385BC8-CF57-4C5D-AFB9-138BD9FF04D8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6CDBB4F0-0AD2-4440-96D9-3C2BB53A1131}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{350F93DA-7AB6-43FF-83EB-FB9227F85197}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

==================== Restore Points =========================

21-02-2018 17:24:43 Scheduled Checkpoint
02-03-2018 19:46:37 Scheduled Checkpoint
11-03-2018 14:25:17 Removed Citrix Online Launcher

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2018 05:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.362, time stamp: 0x59f249f1
Exception code: 0xc0000409
Fault offset: 0x000000000033da10
Faulting process id: 0x27d0
Faulting application start time: 0x01d3b9832889d0ae
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 020a640e-1712-45e6-8b88-d310e076a2a6
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2018 04:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.362, time stamp: 0x59f249f1
Exception code: 0xc0000409
Fault offset: 0x000000000033da10
Faulting process id: 0xc20
Faulting application start time: 0x01d3b97e25b2a596
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 44724329-5a3c-4dcb-ab05-ec8226836377
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2018 04:45:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 3.0.0.10.in-addr.arpa. PTR Asus.local.

Error: (03/11/2018 04:45:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353   14 3.0.0.10.in-addr.arpa. PTR Asus-2.local.

Error: (03/11/2018 04:16:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 3.0.0.10.in-addr.arpa. PTR Asus.local.

Error: (03/11/2018 04:16:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353   14 3.0.0.10.in-addr.arpa. PTR Asus-2.local.

Error: (03/11/2018 10:48:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.362, time stamp: 0x59f249f1
Exception code: 0xc0000409
Fault offset: 0x000000000033da10
Faulting process id: 0x1488
Faulting application start time: 0x01d3b8a6820e617f
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: f77c886d-df6e-4261-8e26-5527e4ec24a3
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2018 08:42:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 3.0.0.10.in-addr.arpa. PTR Asus.local.


System errors:
=============
Error: (03/11/2018 05:39:28 PM) (Source: DCOM) (EventID: 10016) (User: Asus)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Asus\Julie SID (S-1-5-21-3843277573-2447862647-3287370386-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2018 05:19:33 PM) (Source: DCOM) (EventID: 10016) (User: Asus)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Asus\Julie SID (S-1-5-21-3843277573-2447862647-3287370386-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2018 05:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/11/2018 05:00:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2018 04:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/11/2018 04:48:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/11/2018 04:19:58 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/11/2018 04:17:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-03-11 09:57:15.584
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BA88F06F-6F31-47AA-A331-7F4642F70511}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-03 18:45:25.537
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {656AB29A-B981-4CC8-BB36-E1063442AD1E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-03 18:23:43.385
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3F3F5782-03E6-454C-B3C2-54D0C38B170E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-03 17:34:54.942
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {200ECE58-C987-46E9-9EF8-1997F77C7B22}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-03 17:22:04.123
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4BC34F32-5D86-451C-9B12-30E1D0DDD0D2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-31 17:01:34.183
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.584.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2018-01-31 17:01:34.182
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2018-01-31 15:14:02.952
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.521.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-01-31 15:14:02.951
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.521.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-01-31 15:14:02.950
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.521.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

CodeIntegrity:
===================================

Date: 2018-03-11 16:45:00.338
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 16:45:00.337
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 16:44:58.954
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 16:44:58.953
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 16:26:32.502
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 16:26:32.501
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 16:20:57.077
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 16:20:57.076
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 8075.71 MB
Available physical RAM: 4493.64 MB
Total Virtual: 9355.71 MB
Available Virtual: 5907.38 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.26 GB) (Free:321.37 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:537.6 GB) (Free:537.28 GB) NTFS

\\?\Volume{b62bc6b8-3dbb-479a-ab21-fb4a56ecde3b}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
\\?\Volume{67507a76-cf75-4355-a48b-b51e9e72b142}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.54 GB) NTFS
\\?\Volume{5469ba7d-6a61-4eaa-a1b6-4d674745fb61}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{e6b194ed-304e-4879-a1c9-94814153f5a3}\ (Restore) (Fixed) (Total:20.01 GB) (Free:6.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 115DA0F7)

Partition: GPT.

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 12 March 2018 - 09:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3843277573-2447862647-3287370386-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
FF user.js: detected! => C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\3v63if0f.default\user.js [2016-09-28]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]

CustomCLSID: HKU\S-1-5-21-3843277573-2447862647-3287370386-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Julie\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {13202EF7-E921-4CA9-99A6-4293672B8DA6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {169A8F4E-4365-45E5-BA9F-1ED6B5D43D4A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {239B6ECB-DA08-46D4-9124-16EF60F574E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2A00F6F9-2134-4824-A31E-E82AAF0792C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3136136B-C6C4-4B8B-9DAE-648CC37D41CA} - \WPD\SqmUpload_S-1-5-21-3843277573-2447862647-3287370386-1001 -> No File <==== ATTENTION
Task: {35C17D10-1A7C-469E-82D8-9962E578BC77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {366A754F-3D60-4930-8363-480B566231F6} - \ASUS Live Update2 -> No File <==== ATTENTION
Task: {39A875A4-F931-451B-839B-22070930E178} - \ASUS P4G -> No File <==== ATTENTION
Task: {411D30E8-0BE9-4679-9867-9E182EF2F683} - \WpsUpdateTask_Julie -> No File <==== ATTENTION
Task: {551A102F-C26C-4C9B-925D-22E4F8BA81B1} - \WpsNotifyTask_Julie -> No File <==== ATTENTION
Task: {58E9DFF9-820D-4708-A892-70D027480F78} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {897A0BC5-D8A0-4CEA-A052-54A4B7952C91} - \ASUS Splendid ColorU -> No File <==== ATTENTION
Task: {9D1557CB-F80F-4DCB-BF3D-8F72FF702A47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AA2B1223-51DE-41E5-9D94-678AB4D696DA} - \ASUS Live Update1 -> No File <==== ATTENTION
Task: {B6585656-291E-4570-B1FF-AC87165E304B} - \ASUS InstantOn Config -> No File <==== ATTENTION
Task: {BC76AFAB-8053-4CD2-BED3-D427B79874FA} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
Task: {C1E0AA10-B190-4C64-99B1-B30A86E8FE1A} - \Optimize Start Menu Cache Files-S-1-5-21-3843277573-2447862647-3287370386-1001 -> No File <==== ATTENTION
Task: {C542DB8C-80FE-4280-BF6A-38AE13977E0D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C59D652B-92E7-4016-B8E0-6AD169719C25} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {C6B9A8CD-CD7E-4C22-88DE-32F41C4CCC19} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CE2C405F-D208-4299-96D7-B89FB9121A92} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CF63A0FB-94BC-4AB5-A65F-05D45252E2DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D0D04EA2-FF3C-4F19-988F-4A6BB6842129} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DD3210CD-0231-4C22-914A-733E8279B5AB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ED3FEAC5-C902-461D-9D2A-C16495A9E610} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {F93B540C-A969-4AC0-ADBF-18389271E1EE} - \AsusVibeSchedule -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Julie\Documents\irs letter.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\Julie\Documents\irs letter.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Julie\Documents\irs waiver.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\Julie\Documents\irs waiver.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
---

If the problem persists please let me know if other browsers are also compromised.

The type of Pub and were it's coming from may help.

#3 juliewh

juliewh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 12 March 2018 - 11:42 AM

Hi nasdaq, thank you for replying so quickly.  The only info I have on the pup's is from the adware log.  Malwarebytes errors out while running, so the logs show no threats.  Is there somewhere else I should look?  Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by Julie (12-03-2018 11:20:57) Run:1
Running from C:\Users\Julie\Downloads
Loaded Profiles: Julie (Available Profiles: Julie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3843277573-2447862647-3287370386-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
FF user.js: detected! => C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\3v63if0f.default\user.js [2016-09-28]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]

CustomCLSID: HKU\S-1-5-21-3843277573-2447862647-3287370386-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 ->
C:\Users\Julie\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {13202EF7-E921-4CA9-99A6-4293672B8DA6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {169A8F4E-4365-45E5-BA9F-1ED6B5D43D4A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {239B6ECB-DA08-46D4-9124-16EF60F574E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2A00F6F9-2134-4824-A31E-E82AAF0792C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3136136B-C6C4-4B8B-9DAE-648CC37D41CA} - \WPD\SqmUpload_S-1-5-21-3843277573-2447862647-3287370386-1001 -> No File <==== ATTENTION
Task: {35C17D10-1A7C-469E-82D8-9962E578BC77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task:
{366A754F-3D60-4930-8363-480B566231F6} - \ASUS Live Update2 -> No File <==== ATTENTION
Task: {39A875A4-F931-451B-839B-22070930E178} - \ASUS P4G -> No File <==== ATTENTION
Task: {411D30E8-0BE9-4679-9867-9E182EF2F683} - \WpsUpdateTask_Julie -> No File <==== ATTENTION
Task: {551A102F-C26C-4C9B-925D-22E4F8BA81B1} - \WpsNotifyTask_Julie -> No File <==== ATTENTION
Task: {58E9DFF9-820D-4708-A892-70D027480F78} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {897A0BC5-D8A0-4CEA-A052-54A4B7952C91} - \ASUS Splendid ColorU -> No File <==== ATTENTION
Task: {9D1557CB-F80F-4DCB-BF3D-8F72FF702A47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AA2B1223-51DE-41E5-9D94-678AB4D696DA} - \ASUS Live Update1 -> No File <==== ATTENTION
Task: {B6585656-291E-4570-B1FF-AC87165E304B} - \ASUS InstantOn Config -> No File <==== ATTENTION
Task: {BC76AFAB-8053-4CD2-BED3-D427B79874FA} - \ASUS Patch for Touch
Panel -> No File <==== ATTENTION
Task: {C1E0AA10-B190-4C64-99B1-B30A86E8FE1A} - \Optimize Start Menu Cache Files-S-1-5-21-3843277573-2447862647-3287370386-1001 -> No File <==== ATTENTION
Task: {C542DB8C-80FE-4280-BF6A-38AE13977E0D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C59D652B-92E7-4016-B8E0-6AD169719C25} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {C6B9A8CD-CD7E-4C22-88DE-32F41C4CCC19} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CE2C405F-D208-4299-96D7-B89FB9121A92} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CF63A0FB-94BC-4AB5-A65F-05D45252E2DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D0D04EA2-FF3C-4F19-988F-4A6BB6842129} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task:
{DD3210CD-0231-4C22-914A-733E8279B5AB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ED3FEAC5-C902-461D-9D2A-C16495A9E610} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {F93B540C-A969-4AC0-ADBF-18389271E1EE} - \AsusVibeSchedule -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Julie\Documents\irs letter.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\Julie\Documents\irs letter.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Julie\Documents\irs waiver.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\Julie\Documents\irs waiver.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-3843277573-2447862647-3287370386-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => removed successfully
HKLM\Software\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => not found
C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\3v63if0f.default\user.js => moved successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => removed successfully
"HKU\S-1-5-21-3843277573-2447862647-3287370386-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => removed successfully
"C:\Users\Julie\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll => No File" => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13202EF7-E921-4CA9-99A6-4293672B8DA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13202EF7-E921-4CA9-99A6-4293672B8DA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{169A8F4E-4365-45E5-BA9F-1ED6B5D43D4A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{169A8F4E-4365-45E5-BA9F-1ED6B5D43D4A}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{239B6ECB-DA08-46D4-9124-16EF60F574E9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{239B6ECB-DA08-46D4-9124-16EF60F574E9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A00F6F9-2134-4824-A31E-E82AAF0792C1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A00F6F9-2134-4824-A31E-E82AAF0792C1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3136136B-C6C4-4B8B-9DAE-648CC37D41CA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3136136B-C6C4-4B8B-9DAE-648CC37D41CA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3843277573-2447862647-3287370386-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35C17D10-1A7C-469E-82D8-9962E578BC77}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35C17D10-1A7C-469E-82D8-9962E578BC77}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
Task: => Error: No automatic fix found for this entry.
{366A754F-3D60-4930-8363-480B566231F6} - \ASUS Live Update2 -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39A875A4-F931-451B-839B-22070930E178}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39A875A4-F931-451B-839B-22070930E178}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS P4G" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{411D30E8-0BE9-4679-9867-9E182EF2F683}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{411D30E8-0BE9-4679-9867-9E182EF2F683}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WpsUpdateTask_Julie" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{551A102F-C26C-4C9B-925D-22E4F8BA81B1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{551A102F-C26C-4C9B-925D-22E4F8BA81B1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WpsNotifyTask_Julie" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58E9DFF9-820D-4708-A892-70D027480F78}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58E9DFF9-820D-4708-A892-70D027480F78}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{897A0BC5-D8A0-4CEA-A052-54A4B7952C91}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{897A0BC5-D8A0-4CEA-A052-54A4B7952C91}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ColorU" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D1557CB-F80F-4DCB-BF3D-8F72FF702A47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D1557CB-F80F-4DCB-BF3D-8F72FF702A47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA2B1223-51DE-41E5-9D94-678AB4D696DA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2B1223-51DE-41E5-9D94-678AB4D696DA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6585656-291E-4570-B1FF-AC87165E304B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6585656-291E-4570-B1FF-AC87165E304B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS InstantOn Config" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC76AFAB-8053-4CD2-BED3-D427B79874FA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC76AFAB-8053-4CD2-BED3-D427B79874FA}" => removed successfully
Panel -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1E0AA10-B190-4C64-99B1-B30A86E8FE1A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1E0AA10-B190-4C64-99B1-B30A86E8FE1A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3843277573-2447862647-3287370386-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C542DB8C-80FE-4280-BF6A-38AE13977E0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C542DB8C-80FE-4280-BF6A-38AE13977E0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C59D652B-92E7-4016-B8E0-6AD169719C25}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59D652B-92E7-4016-B8E0-6AD169719C25}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS USB Charger Plus" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6B9A8CD-CD7E-4C22-88DE-32F41C4CCC19}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6B9A8CD-CD7E-4C22-88DE-32F41C4CCC19}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2C405F-D208-4299-96D7-B89FB9121A92}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2C405F-D208-4299-96D7-B89FB9121A92}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF63A0FB-94BC-4AB5-A65F-05D45252E2DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF63A0FB-94BC-4AB5-A65F-05D45252E2DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0D04EA2-FF3C-4F19-988F-4A6BB6842129}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0D04EA2-FF3C-4F19-988F-4A6BB6842129}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
Task: => Error: No automatic fix found for this entry.
{DD3210CD-0231-4C22-914A-733E8279B5AB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED3FEAC5-C902-461D-9D2A-C16495A9E610}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED3FEAC5-C902-461D-9D2A-C16495A9E610}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F93B540C-A969-4AC0-ADBF-18389271E1EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93B540C-A969-4AC0-ADBF-18389271E1EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AsusVibeSchedule" => removed successfully
C:\Users\Julie\Documents\irs letter.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Julie\Documents\irs letter.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Julie\Documents\irs waiver.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Julie\Documents\irs waiver.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:447:c001:88e0:260a:64ff:fe2b:6eb6
   Link-local IPv6 Address . . . . . : fe80::69d9:5671:e396:d909%9
   Default Gateway . . . . . . . . . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:447:c001:88e0:260a:64ff:fe2b:6eb6
   Link-local IPv6 Address . . . . . : fe80::69d9:5671:e396:d909%9
   IPv4 Address. . . . . . . . . . . : 10.0.0.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.1

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37963165 B
Java, Flash, Steam htmlcache => 347587 B
Windows/system/drivers => 379328 B
Edge => 863158 B
Chrome => 575571984 B
Firefox => 556827704 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 988692 B
Julie => 32627402 B

RecycleBin => 172280546 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2018 11:25:52)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 11:25:54 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 12 March 2018 - 01:33 PM

Hi,

Confirm that you are not able to run Mbam to completion.

Are these entries returning when you run the AdwCleaner tool.
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

#5 juliewh

juliewh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 12 March 2018 - 04:39 PM

No, AdwCleaner comes back clean.  The errors for mbam are re: CleanControllerImpl.dll.  It appears to be running now; no errors logged for today, though I haven't tried running a full scan yet.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 13 March 2018 - 06:54 AM



Hi,

If you look at your Addition.txt log this error is reported.

Error: (03/11/2018 05:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.362, time stamp: 0x59f249f1
Exception code: 0xc0000409
Fault offset: 0x000000000033da10

etc...


It's caused by a wrong version of MBAM as see in this topic.
https://forums.malwarebytes.com/topic/217372-mbamserviceexe-crashes-multiple-times-a-day/

If recentry you have updated MBAM the error should no longer be seen.

===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 juliewh

juliewh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 13 March 2018 - 10:43 AM

I updated Mbam & it's running fine now... no threats.  I sincerely appreciate your help with the fixlog!  The only issue I'm still having is constantly having to reset my wireless adapter, but I believe that's a separate issue.  I located an eset scan I did a while back that pointed to Kingsoft WPS updates and Bundled.Toolbar.Google.D in ccleaner download.  After that fix things were running well.  Those are referenced on FRST, too.  Not sure if it's just leftover files that eset didn't fix or if either is something that's going to keep popping up again?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 13 March 2018 - 01:04 PM



Hi,

constantly having to reset my wireless adapter


Try this.

Reset Winsock

Winsock corruption can cause connectivity problems. Windows sockets settings may get corrupted due to the installation of networking software, or perhaps due to Malware infestation. Try resetting Winsock entries to its default installation.

Here’s how:


a. Go to Start and type cmd.

b. Right-Click on cmd and select “Run as administrator”.

c. Type “netsh winsock reset catalog” without the quotesin the command prompt and press Enter.

===

Are you still using their services?

Kingsoft WPS

How is the internet now?

#9 juliewh

juliewh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 14 March 2018 - 09:28 AM

Yesterday I followed your instructions for Winsock reset & rebooted.  I didn't lose connection again the rest of the day.  Today I lost internet connection twice within 30 minutes of start up, but it's been steady the last hour. 

 

As for Kingsoft, it's still on my computer, but hasn't been used/opened in a couple months.  I've been meaning to look for a replacement when I have time.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 14 March 2018 - 10:27 AM

Have your Internet Provider check your Modem and Router.

It may be going bad.

#11 juliewh

juliewh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 14 March 2018 - 10:44 AM

I will.  Aside from that, it's running cooler & overall working much better.  I work from home so this fix really saved me.  I'm incredibly grateful for your help!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 14 March 2018 - 01:05 PM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

I will leave this topic open for 6 days. If you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users