Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU spikes, missing keystrokes, sporadic slowing. FRST log included


  • This topic is locked This topic is locked
2 replies to this topic

#1 SoulKnight

SoulKnight

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 22 March 2018 - 08:48 PM

There are random times when my CPU usage spikes on random processes. I also have missing keystrokes while I am typing. I have done very little on this computer in terms of downloading so I'm not sure were it came from.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Michael Bell (administrator) on DESKTOP-AUT6280 (22-03-2018 18:29:45)
Running from C:\Users\Michael Bell\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Michael Bell (Available Profiles: Michael Bell)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.724_none_9e8a868b2d8a538d\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipControlPTP.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
() C:\Program Files\ASUS\ASUS FlipLock\WifiPowerManager.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\rempl\remsh.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Trend Micro Inc.) C:\Users\Michael Bell\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-02-02] (Adobe Systems Incorporated)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2580867180-2308500141-3281000889-1001] => 173.161.0.227:80
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{084e3367-0200-4e91-b819-507a1feecc72}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{82fe5323-f336-4cd9-af0c-0c7340e5d79b}: [NameServer] 198.18.0.1,198.18.0.2
Tcpip\..\Interfaces\{82fe5323-f336-4cd9-af0c-0c7340e5d79b}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{b39002e7-fdc6-4786-a154-0d7526340b4d}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2580867180-2308500141-3281000889-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_92ed4db3_1201_1401_20160801_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO-x32: IBM Forms Viewer Helper -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Forms Viewer\4.0\PEhelper.dll [2013-11-27] (IBM Corporation)
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-06] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 8d6ngjxo.default
FF ProfilePath: C:\Users\Michael Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8d6ngjxo.default [2017-06-26]
FF user.js: detected! => C:\Users\Michael Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8d6ngjxo.default\user.js [2017-06-26]
FF Extension: (Firefox Hotfix) - C:\Users\Michael Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8d6ngjxo.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-22] [Legacy]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Michael Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8d6ngjxo.default\features\{2c7cd6c7-93ec-4546-a72b-6db5e33b5efe}\malware-remediation@mozilla.org.xpi [2016-12-22] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-2580867180-2308500141-3281000889-1001\...\Firefox\Extensions: [owasmime@microsoft.com] - C:\Users\Michael Bell\AppData\Local\SmimeAX\MozExtension
FF Extension: (Microsoft OWA S/MIME) - C:\Users\Michael Bell\AppData\Local\SmimeAX\MozExtension [2017-03-24] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-06] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [105136 2018-02-22] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [14776 2015-11-18] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-10] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-10] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [94712 2016-04-01] (ASUS Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47928 2015-11-04] (Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135992 2015-11-04] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71992 2015-11-09] (Intel)
R1 MpKslad387184; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FFC19823-B993-4FFE-9AF3-8DC5A4CCE7A2}\MpKslad387184.sys [58120 2018-03-22] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7218176 2017-03-18] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3102976 2016-01-26] (Realtek Semiconductor Corp.)
R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-10] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-10] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-22 18:29 - 2018-03-22 18:29 - 000000000 ____D C:\FRST
2018-03-22 17:31 - 2018-03-22 17:31 - 000000000 ___HD C:\$WINDOWS.~BT
2018-03-16 22:59 - 2018-03-16 22:59 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-03-16 22:59 - 2018-03-16 22:59 - 000001292 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-03-16 22:33 - 2018-03-16 22:33 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-03-16 22:33 - 2018-03-16 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-03-16 22:33 - 2018-03-16 22:33 - 000000000 ____D C:\Program Files\VS Revo Group
2018-03-16 21:21 - 2018-02-18 04:53 - 001568672 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-16 21:21 - 2018-02-18 04:53 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-16 21:21 - 2018-02-18 04:47 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-16 21:21 - 2018-02-18 04:46 - 000749472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-16 21:21 - 2018-02-18 04:46 - 000609184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-16 21:21 - 2018-02-18 04:45 - 000664480 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-16 21:21 - 2018-02-18 04:45 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-16 21:21 - 2018-02-18 04:44 - 000273312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-16 21:21 - 2018-02-18 04:36 - 000528288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-16 21:21 - 2018-02-18 04:24 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-16 21:21 - 2018-02-09 22:49 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-16 21:21 - 2018-02-09 22:47 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-16 21:21 - 2018-02-09 22:41 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-16 21:21 - 2018-02-09 22:40 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-16 21:21 - 2017-12-31 18:23 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-03-16 21:21 - 2017-12-31 18:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-16 21:19 - 2018-03-16 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-16 21:15 - 2018-02-18 04:32 - 000026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-03-16 21:15 - 2018-02-18 03:56 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-03-16 21:15 - 2018-02-18 03:54 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-03-16 21:15 - 2018-02-18 03:49 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-16 21:15 - 2018-02-18 03:49 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-03-16 21:15 - 2018-02-18 03:49 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-03-16 21:15 - 2018-02-18 03:48 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-16 21:15 - 2018-02-18 03:48 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-03-16 21:15 - 2018-02-18 03:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-03-16 21:15 - 2018-02-18 03:47 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-03-16 21:15 - 2018-02-18 03:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-03-16 21:15 - 2018-02-18 03:46 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-16 21:15 - 2018-02-18 03:45 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2018-03-16 21:15 - 2018-02-18 03:44 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-16 21:15 - 2018-02-18 03:41 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-03-16 21:15 - 2018-02-18 03:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-16 21:15 - 2018-02-18 03:39 - 002449920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-03-16 21:15 - 2018-02-18 03:38 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-03-16 21:15 - 2018-02-18 03:36 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-03-16 21:15 - 2018-02-09 21:35 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-03-16 21:15 - 2018-02-09 21:30 - 001307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-03-16 21:10 - 2018-03-16 22:23 - 000000000 ____D C:\Users\Michael Bell\Desktop\RSMA DEPLOYMENT
2018-03-15 04:50 - 2018-03-15 04:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-15 04:50 - 2018-03-15 04:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-15 04:50 - 2018-03-15 04:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-15 04:50 - 2018-03-15 04:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-10 23:20 - 2018-03-10 23:20 - 000048860 _____ C:\Users\Michael Bell\Desktop\Cargo Flight 1 747 list.pdf
2018-03-10 23:12 - 2018-03-10 23:21 - 000000036 _____ C:\WINDOWS\progress.ini
2018-03-10 23:12 - 2018-03-10 23:12 - 000062975 _____ C:\Users\Michael Bell\Desktop\CARGO 1 11MAR2018.pdf
2018-03-10 22:30 - 2018-03-22 18:23 - 000000000 ____D C:\Windows10Upgrade
2018-03-10 22:30 - 2018-03-18 15:28 - 000000815 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-03-10 22:30 - 2018-03-18 15:28 - 000000803 _____ C:\Users\Michael Bell\Desktop\Windows 10 Update Assistant.lnk
2018-03-10 22:30 - 2018-03-10 23:12 - 000000000 ___HD C:\$GetCurrent
2018-03-10 22:21 - 2018-03-16 22:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-03-10 21:59 - 2018-03-10 22:00 - 000002057 _____ C:\Users\Michael Bell\Desktop\Welcome to ASUS Product Registration.lnk
2018-03-10 21:59 - 2018-03-10 21:59 - 000000000 ____D C:\ProgramData\APRP
2018-03-10 21:55 - 2018-03-10 21:55 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-06 19:09 - 2018-03-16 21:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-06 09:47 - 2018-03-06 09:47 - 000002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
2018-03-06 09:47 - 2018-03-06 09:47 - 000000000 ____D C:\Program Files (x86)\Amazon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-22 18:32 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-22 18:32 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-22 18:28 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-22 18:20 - 2016-06-19 18:21 - 000000000 ____D C:\Users\Michael Bell\AppData\Local\VirtualStore
2018-03-22 18:19 - 2016-06-19 18:21 - 000000206 _____ C:\Users\Michael Bell\AppData\Roaming\sp_data.sys
2018-03-22 18:07 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2018-03-22 18:01 - 2017-08-13 22:52 - 000000000 ____D C:\Program Files\rempl
2018-03-22 17:31 - 2017-08-27 11:03 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-22 17:14 - 2017-09-09 12:10 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-03-22 17:14 - 2017-09-09 12:10 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-03-22 17:13 - 2016-06-19 20:19 - 000000000 ____D C:\Users\Michael Bell\AppData\Local\CrashDumps
2018-03-22 17:09 - 2016-06-19 23:09 - 000000000 ____D C:\Users\Michael Bell\AppData\Local\Adobe
2018-03-22 17:08 - 2017-08-29 22:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-18 15:39 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 23:02 - 2017-08-13 22:41 - 000000000 ___RD C:\Users\Michael Bell\Creative Cloud Files
2018-03-16 22:59 - 2016-06-19 23:10 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-16 22:59 - 2016-03-31 21:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-16 22:49 - 2017-08-29 22:38 - 001101990 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-16 22:48 - 2016-06-20 22:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-16 22:47 - 2018-01-20 15:46 - 000000000 ___RD C:\Users\Michael Bell\iCloudDrive
2018-03-16 22:44 - 2016-06-19 18:21 - 000000000 __SHD C:\Users\Michael Bell\IntelGraphicsProfiles
2018-03-16 22:43 - 2017-08-29 22:14 - 000396952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-16 22:41 - 2017-08-29 22:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-16 22:41 - 2017-08-14 16:19 - 000000000 ____D C:\ProgramData\Norton
2018-03-16 22:41 - 2017-08-14 16:19 - 000000000 ____D C:\Program Files\Norton Security
2018-03-16 22:39 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-16 22:39 - 2017-03-18 04:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-16 22:38 - 2017-10-13 14:03 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-16 22:38 - 2016-06-19 20:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-16 22:37 - 2017-03-18 14:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-16 22:37 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-16 22:37 - 2016-06-19 20:44 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-16 21:29 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-16 21:27 - 2016-03-31 21:17 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 21:21 - 2016-03-31 21:17 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-16 21:16 - 2017-12-02 19:57 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-11 00:37 - 2016-08-14 22:17 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-03-11 00:31 - 2017-08-29 22:43 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2018-03-11 00:31 - 2017-08-29 22:43 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-03-11 00:11 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Registration
2018-03-10 23:46 - 2016-06-19 18:21 - 000000000 ____D C:\Users\Michael Bell\AppData\Local\Packages
2018-03-10 22:21 - 2017-08-14 17:03 - 000000000 ____D C:\Program Files\Common Files\AV
2018-03-10 21:58 - 2017-03-18 14:03 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-10 21:56 - 2016-06-20 22:21 - 000000000 ____D C:\Users\Michael Bell\AppData\Local\Steam
2018-03-10 21:52 - 2017-09-05 19:24 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2580867180-2308500141-3281000889-1001
2018-03-10 21:52 - 2016-06-19 18:24 - 000002390 _____ C:\Users\Michael Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-10 21:51 - 2016-06-19 18:24 - 000000000 ___RD C:\Users\Michael Bell\OneDrive
==================== Files in the root of some directories =======
2016-06-19 18:21 - 2018-03-22 18:19 - 000000206 _____ () C:\Users\Michael Bell\AppData\Roaming\sp_data.sys
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-17 02:23
==================== End of FRST.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 23 March 2018 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

:step1:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Run the Farbar program again ensure that you check these boxes.
https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=http://i121.photobucket.com/albums/o239/kevinf80/Farbar%20Tools/frst%20b.jpg&key=98f8e4fa906452a8ed54423fd0407a3d120fe6064437244ca29c06ed5f968755

:step3:
Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs for my review.

Let me know what problems persists.
==============================

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 29 March 2018 - 07:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users