Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Malware


  • This topic is locked This topic is locked
13 replies to this topic

#1 ivarboneless

ivarboneless

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 18 March 2018 - 10:15 PM

I had a suspicious popup occur a few days ago, and ever since then my laptop has been running very slowly. I suspect that I've picked up some sort of infection.

 

Please help me out.



BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:09:38 AM

Posted 18 March 2018 - 10:32 PM

Hi ivarboneless,

Please follow the preparation guide to create a FRST log so that I can analyze your system and look for any malicious items. Instead of making a new topic like the guide says, just reply here with the logs.

Do note that as I am in training, my future replies to you need to be reviewed before they can be posted, so there may be a bit of a delay.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 ivarboneless

ivarboneless
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 18 March 2018 - 10:59 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Krazy Mike (administrator) on KRAZYMIKE-PC (18-03-2018 22:54:18)
Running from C:\Users\Krazy Mike\Desktop
Loaded Profiles: Krazy Mike (Available Profiles: Krazy Mike & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.8.309.0\McCSPServiceHost.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.690\SSScheduler.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Krazy Mike\Desktop\FRST64(2).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952832 2016-08-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3005120 2017-04-04] (Sony Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.690\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Krazy Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk [2013-07-17]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{62b619a0-629a-45bb-b392-4bd9b1897902}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-780541076-3246347877-3921251121-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-780541076-3246347877-3921251121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-780541076-3246347877-3921251121-1001 -> DefaultScope {991F5B2D-5E00-48CC-B300-E11865FD0A6F} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151203&p={searchTerms}
SearchScopes: HKU\S-1-5-21-780541076-3246347877-3921251121-1001 -> {4879C610-CE2B-4F6B-8EB7-815CAC9E7389} URL =
SearchScopes: HKU\S-1-5-21-780541076-3246347877-3921251121-1001 -> {991F5B2D-5E00-48CC-B300-E11865FD0A6F} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151203&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-17] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-02-06] (Atheros Commnucations)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-17] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-10-22] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2018-02-14] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-02-14] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Krazy Mike\AppData\Roaming\Mozilla\Firefox\Profiles\bmnqlx1u.default [2018-03-18]
FF SearchPlugin: C:\Users\Krazy Mike\AppData\Roaming\Mozilla\Firefox\Profiles\bmnqlx1u.default\searchplugins\McSiteAdvisor.xml [2015-12-03]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-07-27] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-02-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-17] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-02-14] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: Adobe Acrobat -> c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-02-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.690\McCHSvc.exe [405400 2018-02-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\\McCSPServiceHost.exe [2140888 2018-01-18] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1668816 2018-02-12] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2013-05-10] (Pharos Systems International) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2017-04-04] (Sony Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2016-08-01] (Hewlett-Packard)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-02-06] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
S3 lehidmini; C:\WINDOWS\system32\drivers\leath_hid.sys [36608 2013-02-06] (Atheros) [File not signed]
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2016-08-19] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-18 22:54 - 2018-03-18 22:55 - 000023326 _____ C:\Users\Krazy Mike\Desktop\FRST.txt
2018-03-18 22:51 - 2018-03-18 22:51 - 002403328 _____ (Farbar) C:\Users\Krazy Mike\Desktop\FRST64(2).exe
2018-03-18 22:50 - 2018-03-18 22:50 - 002403328 _____ (Farbar) C:\Users\Krazy Mike\Downloads\FRST64(1).exe
2018-03-18 22:48 - 2018-03-18 22:49 - 002403328 _____ (Farbar) C:\Users\Krazy Mike\Downloads\FRST64.exe
2018-03-14 09:13 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 09:13 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 09:13 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 09:13 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 09:13 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 09:13 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 09:13 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 09:13 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 09:13 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 09:13 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 09:13 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 09:13 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 09:13 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 09:13 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 09:13 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 09:13 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 09:13 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 09:13 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 09:13 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 09:13 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 09:13 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 09:13 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 09:13 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 09:13 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 09:13 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 09:13 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 09:13 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 09:13 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 09:13 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 09:13 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 09:13 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 09:13 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 09:13 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 09:13 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 09:13 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 09:13 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 09:13 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 09:13 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 09:13 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 09:13 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 09:13 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 09:13 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 09:13 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 09:13 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 09:13 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 09:13 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 09:13 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 09:13 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 09:13 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 09:13 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 09:13 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 09:13 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 09:13 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 09:13 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 09:13 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 09:13 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 09:13 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 09:13 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 09:13 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 09:13 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 09:13 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 09:13 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 09:13 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 09:13 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 09:13 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 09:13 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 09:13 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 09:13 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 09:13 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 09:13 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 09:13 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 09:13 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 09:13 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 09:13 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 09:13 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 09:13 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 09:13 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 09:13 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 09:13 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 09:13 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 09:13 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 09:13 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 09:13 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 09:13 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 09:13 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 09:13 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 09:13 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 09:13 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 09:13 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 09:13 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 09:13 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 09:13 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 09:13 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 09:13 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 09:13 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 09:13 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 09:13 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 09:13 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 09:13 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 09:13 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 09:13 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 09:13 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 09:13 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 09:13 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 09:13 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 09:13 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 09:13 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 09:13 - 2018-02-21 19:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 09:12 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 09:12 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 09:12 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 09:12 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 09:12 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 09:12 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 09:12 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 09:12 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 09:12 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 09:12 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 09:12 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 09:12 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 09:12 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 09:12 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 09:12 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 09:12 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 09:12 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 09:12 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 09:12 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 09:12 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 09:12 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 09:12 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 09:12 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 09:12 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 09:12 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 09:12 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 09:12 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 09:12 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 09:12 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 09:12 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 09:12 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 09:12 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 09:12 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 09:12 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 09:12 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 09:12 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 09:12 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 09:12 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 09:12 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 09:12 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 09:12 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 09:12 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 09:12 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 09:12 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 09:12 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 09:12 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 09:12 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 09:12 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 09:12 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 09:12 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 09:12 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 09:12 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 09:12 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 09:12 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 09:12 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 09:12 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 09:12 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 09:12 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 09:12 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 09:12 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 09:12 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 09:12 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 09:12 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 09:12 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 09:12 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 09:12 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 09:12 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 09:12 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 09:12 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 09:12 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 09:12 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 09:12 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 09:12 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 09:12 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 09:12 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 19:19 - 2018-03-13 19:19 - 000004582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-02 23:14 - 2018-03-02 23:14 - 000000000 ____D C:\Users\Krazy Mike\Documents\FeedbackHub
2018-02-23 10:16 - 2018-02-23 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-02-23 10:16 - 2018-02-23 10:16 - 000000000 ____D C:\ProgramData\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-18 22:54 - 2015-01-18 21:44 - 000000000 ____D C:\FRST
2018-03-18 21:56 - 2017-12-24 12:57 - 001233028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-18 21:56 - 2017-12-23 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-03-18 21:56 - 2016-11-19 00:52 - 000000000 ____D C:\Users\Krazy Mike\AppData\LocalLow\Mozilla
2018-03-18 21:55 - 2014-04-07 17:14 - 000129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-03-18 21:53 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-18 21:53 - 2016-10-19 05:14 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-03-18 21:53 - 2016-10-19 05:14 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-03-18 21:53 - 2016-06-01 08:23 - 000000000 __SHD C:\Users\Krazy Mike\IntelGraphicsProfiles
2018-03-18 21:53 - 2013-07-17 15:55 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-03-18 21:52 - 2017-12-24 13:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-18 21:52 - 2017-09-29 03:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-03-18 21:52 - 2016-11-16 00:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-18 21:52 - 2014-08-15 12:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-18 21:52 - 2013-08-26 21:06 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-18 21:51 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-18 21:45 - 2017-12-24 12:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-18 19:57 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-18 19:50 - 2014-08-15 12:11 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-18 11:05 - 2013-07-17 16:03 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-03-18 11:04 - 2017-12-24 13:23 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-03-18 11:03 - 2017-12-24 13:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-03-18 08:58 - 2017-12-24 13:23 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{83498154-93C6-48C7-A89C-43CFB6BA9051}
2018-03-16 19:19 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-16 16:59 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-14 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-14 19:07 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 19:02 - 2017-12-24 13:30 - 000000000 ___RD C:\Users\Krazy Mike\3D Objects
2018-03-14 19:02 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-14 19:02 - 2016-06-01 08:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 17:45 - 2017-12-24 12:53 - 000268280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 17:43 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 17:43 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 17:43 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 09:38 - 2013-08-31 03:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 09:22 - 2017-10-10 20:26 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 09:22 - 2013-08-31 03:00 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 09:16 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 09:16 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 19:19 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 19:19 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-13 09:10 - 2017-12-24 13:02 - 000000000 ____D C:\Users\Krazy Mike
2018-03-10 16:54 - 2017-12-24 13:03 - 000000000 ____D C:\Users\Krazy Mike\AppData\Local\Packages
2018-03-08 01:29 - 2017-12-24 13:23 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-03-07 09:52 - 2017-02-05 14:57 - 000000000 ___RD C:\Users\Krazy Mike\Downloads\New folder
2018-03-02 16:09 - 2017-09-29 08:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 16:09 - 2017-09-29 08:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-23 10:16 - 2015-11-12 13:22 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-02-23 10:16 - 2014-12-13 13:21 - 000002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2017-03-17 00:25 - 2017-03-21 21:09 - 000000308 _____ () C:\Users\Krazy Mike\AppData\Roaming\Rim.Desktop.Exception.log
2017-03-17 00:24 - 2017-03-17 00:24 - 000001111 _____ () C:\Users\Krazy Mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-03-17 00:25 - 2017-03-21 21:09 - 000000308 _____ () C:\Users\Krazy Mike\AppData\Roaming\Rim.DesktopHelper.Exception.log
2017-03-17 01:21 - 2017-03-21 21:09 - 000000154 _____ () C:\Users\Krazy Mike\AppData\Roaming\Rim.Transcoder.Exception.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-08 00:56

==================== End of FRST.txt ============================



#4 ivarboneless

ivarboneless
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 18 March 2018 - 11:02 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Krazy Mike (18-03-2018 22:55:57)
Running from C:\Users\Krazy Mike\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-24 18:25:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-780541076-3246347877-3921251121-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-780541076-3246347877-3921251121-503 - Limited - Disabled)
Guest (S-1-5-21-780541076-3246347877-3921251121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-780541076-3246347877-3921251121-1002 - Limited - Enabled)
Krazy Mike (S-1-5-21-780541076-3246347877-3921251121-1001 - Administrator - Enabled) => C:\Users\Krazy Mike
WDAGUtilityAccount (S-1-5-21-780541076-3246347877-3921251121-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
Blackberry Extractor (HKLM-x32\...\{A7985D09-6DAA-4F1B-82DC-2C2AD636AEFB}) (Version: 10.7 - MyPhoneData)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extegrity Exam4 (HKLM-x32\...\Exam4) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 16.0 R9 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.690.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7}) (Version: 9.3.00 - Sony Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.1.6648 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Pharos (HKLM-x32\...\Pharos) (Version:  - )
PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.4.00.04040 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{2CA3C685-339C-4C61-B12C-FAD81A872651}) (Version: 10.4.00 - Sony Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SofTest v11 (HKLM-x32\...\{C363046A-F22A-4B9B-92A3-77B76F265DE6}) (Version: 11.30.2 - Examsoft) Hidden
SofTest v11 (HKLM-x32\...\InstallShield_{C363046A-F22A-4B9B-92A3-77B76F265DE6}) (Version: 11.30.2 - Examsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-780541076-3246347877-3921251121-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2018-02-14] (McAfee, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2018-02-14] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {020DB09B-6274-44AA-B343-CA31534C0B63} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {03FFCDB8-BDEC-46B5-8DB7-C5B68D92A3F1} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1313B67C-D6B3-47AB-AC10-EC47E46219A7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {15A25BF5-0E60-40CC-81B6-14F7838DFF92} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {17770AF6-6839-4C00-A978-76BF1FD3E96D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-08-19] (Synaptics Incorporated)
Task: {1E5F18A4-FE13-4BAE-A64D-5D5C69917FE9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {22E38D79-1A06-491F-93C8-8E8EA3F6B462} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2B4EDFE9-1616-4BE1-9E5E-41E3E5E1FDD9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {2D195DB4-7668-4F44-B9A6-29ACFED96EB7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {35BBDB14-3025-4B28-B6C6-6B261250887B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3B0FE7B9-2EDE-4B33-BB84-4C86EA3DF9AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {423BC46C-9FA2-4FAC-ACCE-BA9000194F29} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4DC5E46C-698D-40E3-8BDD-87513F7F49C7} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-01] (McAfee, Inc.)
Task: {4DD870E3-74B9-4484-BC1C-5D144FAC7069} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {52016D41-A0DE-4FD1-872E-39CA156B32C1} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {5318E51B-660A-44FF-BFE9-66209FC28A72} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {62704BA8-A578-4D92-8701-31B876B236F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {64271F78-2459-4BF4-945F-06B465A2BCA8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {6C4E89F6-E030-4104-833B-124171529D23} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {78895DE7-A8E2-4ADD-9F94-923EC5C8F302} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {816FC3CA-C41E-4FA0-87DB-9261AE87B635} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {858D7DEC-5F6F-4AA4-8792-6C5109EF07E2} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8C4984F6-8ED2-41D4-9AFE-7DDF129DA590} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90468029-0AE5-44EC-94B6-6F5A667A264C} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {978D5355-F1C5-47FB-9430-22CA96DC8D5D} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {9C397A12-02A5-44F7-A251-90437C762AD2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {A04887D4-2CCA-4642-B8F7-7113596FD3F2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B64CD4F4-B663-42BE-909C-6B8C9B14570F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C56D7BBA-420A-4455-B8A7-8239D6A7D60A} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {C9996536-ECF2-4C13-AAEC-7541339FECE9} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE61013F-797D-47EA-AC8D-4D66C7F5F392} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3413FD0-016A-4ED6-BE69-934A9D819699} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D890663E-FD0F-411A-9AC6-920E3BD63557} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DE74A30A-2229-48AA-8FCD-C8F83452C39E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DFEF7EC8-570E-495F-9562-F834376E4170} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {E0F488F3-BF67-4B7E-8B63-E01906F46E95} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {E725D11A-E489-44B0-8105-901D5B0F3531} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {EC8E4595-0B3D-4D60-A480-460A775F1A98} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F589B0ED-C25E-47C9-A132-B3ADFD22B172} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {F5FF4B78-4D9E-46B4-B02D-E3E6F9511DC6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F88FB8C5-B9E5-480F-B0A2-951BB779A674} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2014-03-21 08:11 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-01-18 08:31 - 2018-01-18 08:31 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\McCSPMsgBusDLL.dll
2017-04-18 19:21 - 2018-02-14 14:24 - 001768976 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-04-18 19:21 - 2018-02-14 14:25 - 000583160 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2013-07-17 15:56 - 2012-01-26 21:49 - 002751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2017-03-24 09:28 - 2017-01-31 07:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-03-14 09:12 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 09:13 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-16 16:58 - 2018-03-16 16:59 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 16:58 - 2018-03-16 16:59 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 16:58 - 2018-03-16 16:59 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 16:58 - 2018-03-16 16:59 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2016-01-04 11:55 - 2016-01-04 11:55 - 000904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
2018-02-15 21:27 - 2018-02-15 21:27 - 000016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\3fbad1d707904521ac74a0e1c07a45f6\PSIClient.ni.dll
2013-07-17 15:44 - 2012-06-25 13:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-02-23 10:16 - 000000098 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-780541076-3246347877-3921251121-1001\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Examsoft\Softest 11.0\bgimg.bmp
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2B60FA58-49FD-4AFE-BD88-C3C35126E838}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{5FA17B18-9091-4481-B199-C8FC0E6990EF}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{B731C6B3-F7ED-45B7-9695-461F0AB7597A}] => (Allow) LPort=4482
FirewallRules: [{A67E5B21-8E76-4FE4-9D6B-EB2EBC2C6554}] => (Allow) LPort=4482
FirewallRules: [{77C0BFA1-2C23-4C56-8B90-1B98EAF43898}] => (Allow) LPort=4481
FirewallRules: [{235D3285-FF9C-47B0-800C-DA0F8C3E4726}] => (Allow) LPort=4481
FirewallRules: [{48041068-2B7C-4E48-BFB1-9F17865F96BD}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{1CB86AD2-B4CB-47DE-8905-A815B94BB992}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{77F8A212-5D56-4EB6-856C-D4B8F74436BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{688787AA-1D24-4F7E-B5CE-8CF98BA562BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0BE1B10-F3E7-40F5-B116-1422B2EB47A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5CEA02A5-0757-49EB-9430-C48EF7440FFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C3BDFBA-4E21-4E83-BEF2-67DCBB98B135}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{156B4D23-9DEA-43C5-A178-95B2A44CFC0A}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{484205D8-6C2E-4010-8B16-A34F97D01CBD}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{7F62B436-6A27-4465-B50B-1FAEA5951643}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{A4F12893-5E38-44EF-90B5-37679EDB9FA6}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{A17BB90C-642B-4824-A0FD-BD9276BE599F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E38C0914-CAB7-4028-9601-2667C63A3192}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{63CB7F60-691D-4FA0-9A7A-62B377D907B2}] => (Allow) C:\Users\Krazy Mike\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{AE6A7C98-A8F6-477B-BCE3-708EDBDBFE7E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B459F2D2-F863-4983-9188-1DD5CED4A127}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{38B3F64E-BE70-4F9C-8209-BF8CA8CA6457}] => (Allow) LPort=1900
FirewallRules: [{11183304-55C2-407A-9C6D-CB160C4266EC}] => (Allow) LPort=2869
FirewallRules: [{F480016E-7FB3-4A20-AC2A-9FACE6DBC46A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8B0BF13B-4DDB-4B0C-929F-88BC968E84E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

27-02-2018 00:29:50 Windows Modules Installer
08-03-2018 01:22:14 Scheduled Checkpoint
14-03-2018 09:11:34 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2018 09:38:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/09/2018 11:09:22 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (01/09/2018 11:09:22 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (01/05/2018 10:10:32 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (01/05/2018 10:10:31 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (01/05/2018 10:06:12 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (01/05/2018 10:06:09 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (01/05/2018 10:06:08 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014


System errors:
=============
Error: (03/18/2018 10:08:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/18/2018 09:53:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/18/2018 09:53:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/18/2018 09:53:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/18/2018 09:53:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/18/2018 09:53:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/18/2018 09:53:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/18/2018 09:51:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%264


CodeIntegrity:
===================================

Date: 2018-03-15 20:26:54.533
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-15 20:26:54.480
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-15 20:26:54.442
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-15 20:26:54.366
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-15 20:26:54.332
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-15 20:26:54.285
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-15 20:26:52.851
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-15 20:26:52.391
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 55%
Total physical RAM: 6019.35 MB
Available physical RAM: 2679.61 MB
Total Virtual: 12163.35 MB
Available Virtual: 8297.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.06 GB) (Free:370.9 GB) NTFS

\\?\Volume{4b47c6c4-ef30-11e2-9962-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 983BD7B1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=444.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#5 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:09:38 AM

Posted 21 March 2018 - 10:59 AM

Hi ivarboneless,

Sorry for the delay in a reply. Could you provide more information about the pop-up and slowness you're experiencing? Did you download/run anything from the pop-up?

Have you had the chance to run Malwarebytes? If not, please do so and let me know if it flags anything.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#6 ivarboneless

ivarboneless
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 22 March 2018 - 10:37 PM

I don't recall anything specific about the popup. I always try to close them as soon as possible if they do happen. It was open maybe 2 seconds at the most.

 

The slowness is both on and offline, but I primarily notice it online.

 

I have not run Malwarebytes yet. I'll do so and get back to you.



#7 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:09:38 AM

Posted 25 March 2018 - 06:59 PM

Hi ivarboneless,

Please let me know the results of the scan and then follow the below instructions. Additionally, I would suggest installing an adblocker such as uBlock Origin so that you can automatically block these things they make web browsing much more pleasant. Let me know if you need any help with the below instructions or in installing an adblocker.

zcMPezJ.pngAdwCleaner - Scan Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, click on the Logfiles button to open the Log Manager
  • Make sure you are under the Scan tab, and double-click on the most recent entry to open the log in Notepad
  • Copy/paste the content of the log in your next reply

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#8 ivarboneless

ivarboneless
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 25 March 2018 - 09:23 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/25/18
Scan Time: 9:13 PM
Log File: 4d82e1de-309b-11e8-9c5a-bc85569e9890.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4484
License: Trial

-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: KrazyMike-PC\Krazy Mike

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339946
Threats Detected: 70
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.WinZipMalwareProtector, HKU\S-1-5-21-780541076-3246347877-3921251121-1001\SOFTWARE\NICO MAK COMPUTING\WinZip Malware Protector, No Action By User, [2107], [255424],1.0.4484
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR, No Action By User, [2107], [255427],1.0.4484

Registry Value: 5
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BUYNOWURL, No Action By User, [2107], [255427],1.0.4484
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BUYNOWURLADU, No Action By User, [2107], [255427],1.0.4484
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BUYNOWURLRCP, No Action By User, [2107], [255427],1.0.4484
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BUYNOWURLASP, No Action By User, [2107], [255427],1.0.4484
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BUYNOWURLPB, No Action By User, [2107], [255427],1.0.4484

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 6
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\PROGRAMDATA\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\2.1.1000.10798, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Logs, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\USERS\KRAZY MIKE\APPDATA\ROAMING\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR, No Action By User, [2107], [181689],1.0.4484

File: 57
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\completedatabase.db, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\Cookies.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\DigSign.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\FilePaths.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\FileSignature.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\Folders.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\Md5.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\Registry.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\SetupSign.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\StrSetupSign.bin, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1545completedatabase.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1741mupdate.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1742update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1743update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1744update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1745update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1746update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1747update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1748update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1749update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1750update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1751update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1752update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1753update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1754update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1755update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1756update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1757update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1758update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1759update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1760update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1761update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1762update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1763update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1764update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1765update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1766update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1767update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1768update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1769update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1770update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1771update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1772update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1773update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1774update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1775update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1776update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1777update.zip, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\AddonSafelist, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\log.xslt, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\2.1.1000.10798\ASPLog.txt, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Logs\log_07-04-14_06-43-15.xml, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Logs\SMLog.xml, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\ASPStartupManagerErrorLog.txt, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\QDetail.db, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Settings.db, No Action By User, [2107], [181689],1.0.4484
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Update.ini, No Action By User, [2107], [181689],1.0.4484

Physical Sector: 0
(No malicious items detected)


(end)



#9 ivarboneless

ivarboneless
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 25 March 2018 - 09:34 PM

# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 26 02:28:55 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-23.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Application Data\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Users\All Users\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Users\Krazy Mike\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.metrolyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SOFTWARE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKU\S-1-5-21-780541076-3246347877-3921251121-1001\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKCU\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Value] - HKLM\SOFTWARE\Classes\Unknown\shell\opendlg\command | WinZip Malware Protector.bak


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1234 B] - [2015/1/31 0:44:26]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

 

 

It gives me an option to "clean selected elements." Should I tell it to clean?



#10 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:09:38 AM

Posted 27 March 2018 - 08:44 PM

Hi ivarboneless,

Thank you for the logs. Please follow the below instructions. Additionally, can you please elaborate on the slowness you’re experiencing? Is it occurring when you open new programs, or while browsing the web, or something else/both? Have you made any other changes recently that could be the origin?

:step1: In AdwCleaner, please ensure all of the found items are selected and then press Clean. Do note that cleaning will close all open programs.

:step2: After cleaning with AdwCleaner, open Malwarebytes, perform a new scan, and then tell it to clean any found items. Please export the log (Export Summary) after it finishes cleaning.

Let me know if you have any questions.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#11 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:09:38 AM

Posted 30 March 2018 - 04:16 PM

Hi ivarboneless,

Please let me know if you need help following the above instructions. Do note this topic will be closed if there is no reply to my previous post within five days.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#12 ivarboneless

ivarboneless
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 30 March 2018 - 08:46 PM

The slowness had been affecting all of my computer's processes but was primarily detectable when browsing the internet--websites taking forever to load, etc. I hadn't done anything differently leading up to the slowness.

 

I cleaned with the adwcleaner and ran malware bytes after the cleaning. The log is below.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/30/18
Scan Time: 8:25 PM
Log File: 7337ae7e-3482-11e8-b8d1-bc85569e9890.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4560
License: Trial

-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: KrazyMike-PC\Krazy Mike

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340087
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#13 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:09:38 AM

Posted 02 April 2018 - 06:05 PM

Hi ivarboneless,

Throughout our cleaning I have not seen anything malicious that should be causing your computer to be slow. Your logs have been mostly clean; AdwCleaner removed some remnants of a potentially unwanted program, but it was not active and shouldn't have been harming anything.

One thing I would try at this point is disabling McAfee and seeing if responsiveness improves. Anti-viruses can insert themselves quite deep into your system and poorly designed ones may inadvertently slow things down in the process.

Having said that, fixing general slowness is a bit out of my range of expertise, and I'd suggest making a post in the Windows 10 Support forum to see what they can do in terms of helping you. I would make sure to summarize your symptoms and also link to this thread so that they can see your issue likely isn't malware.

If you have any further questions about anything (what we've done, making a new topic, etc), just let me know. Otherwise, this topic will be closed, but you can ask for it to be re-opened in the future if needed.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:38 AM

Posted 05 April 2018 - 09:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users