Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constantly Not Responding/Freezing and OTHER issues


  • This topic is locked This topic is locked
32 replies to this topic

#1 MisStone0824

MisStone0824

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 PM

Posted 02 May 2018 - 02:39 AM

Hello,

 

I'd like to give you a little background on this computer first. My Mom bought it quite a few years ago and it was a rushed decision. Unfortunately, it seems like there have been issues while using it from the very beginning - so I realize the issue may be that this just isn't a very good PC - but I find it hard to believe.

 

Also, over the years my brother would use it as well and when issues would arise his answer would always be to restore it to factory default settings. I cannot tell you how many times thats been done at this point. I feel bad because my Mom stopped trying to even save anything on here at all because of it. I've taken it myself from time to time being that I'm a little more knowledgeable at least when it comes to running virus/other programs and removing harmful things that are found. However, nothing has fixed the main issues.

 

I've worked with you guys once a few years ago on an old computer of mine and I told my Mom I wanted to give it a shot again with this PC. I'm hoping that we can determine once and for all if there is something wrong with it and if so, try and fix it so that after all this time, she can finally use this computer as it was intended to be.

 

The major issues all center around freezing/not responding. When going online (both Internet Explorer and Firefox) the browser is constantly freezing/not responding. It usually has to be closed entirely and then reopened. This issue also transfers over to using the computer in other ways. It freezes or stops responding when trying to open Windows Explorer to go to the Documents folder or searching for a program within the PC. If you're lucky enough to find the program you're looking for, like Microsoft Word, after opening the program it too will stop responding - it may start responding again or like the internet browser you may have to close it and reopen it. This can happen with any program, not just Microsoft Word. These issues have been going on for a few years.

 

Also, I do think that you should be made aware of the problem my brother ran into within the last year. He was using the PC and a window popped up stating that the PC was infected and to call whatever number was listed to get help. I apologize that I can't provide the exact words that were written but I do know that it was intimidating enough for him to not realize that the popup window itself was the issue and he called the number.

 

He even went as far as to give them remote access to the PC for a brief time but luckily when they started asking for money that's when he got me involved. After the fact, there was an issue with the internet browser being redirected  I took the PC after that and ran some scans and I was able to fix that issue. However, the problems with the freezing/not responding are still present like always and I'm obviously concerned about what happened with my brother recently and whomever had remote access to this PC at one time - whether or not they did something that added to the issues we were already experiencing or if they added a whole new problem?

 

All of these issues have made the daily use of this PC extremely frustrating and I'm concerned that some of these issues have been going on for so long. I'm sure there are a few more examples of problems that my Mom could give but I at least wanted to get the ball rolling with this post. Obviously, if there are any questions you guys have or any other info you may need that I can't give you I'd be more than happy to check with her - please just let me know. I hope that's okay and that I've at least provided enough info to start the process.

 

Below you'll find the scan info I got from FRST. and thank you for all of your help!

 

 

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2018
Ran by MisStone (administrator) on KARENSPC (02-05-2018 02:26:36)
Running from C:\Users\Hailey\Desktop
Loaded Profiles: MisStone (Available Profiles: Karen & MisStone)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Hailey\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\...\Run: [Spotify Web Helper] => C:\Users\Hailey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-04] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{AC0A8D7B-0501-4116-A82B-1752F5F2A5A1}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{EC366EB2-880C-46AF-AEBF-00CFDC7AFE92}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-01-25] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: hq5128gh.default-1519471866368
FF ProfilePath: C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\hq5128gh.default-1519471866368 [2018-05-02]
FF Homepage: Mozilla\Firefox\Profiles\hq5128gh.default-1519471866368 -> www.google.com
FF Extension: (All Aboard) - C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\hq5128gh.default-1519471866368\Extensions\@all-aboard-v1-5 [2018-02-24] [Legacy]
FF Extension: (All Aboard) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-5 [2016-12-04] [Legacy]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-04-19]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-09] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0294091525241863mcinstcleanup; C:\WINDOWS\TEMP\029409~1.EXE [1031928 2018-05-02] (McAfee, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-09] (Ralink Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S1 MpKslc27b25c4; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9F4684B-A737-4B51-A272-19E527F5898E}\MpKslc27b25c4.sys [X]
S3 NPF; system32\drivers\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-02 02:26 - 2018-05-02 02:27 - 000018010 _____ C:\Users\Hailey\Desktop\FRST.txt
2018-05-02 02:26 - 2018-05-02 02:26 - 000000000 ____D C:\FRST
2018-05-02 02:23 - 2018-05-02 02:23 - 002405888 _____ (Farbar) C:\Users\Hailey\Desktop\FRST64.exe
2018-04-30 17:53 - 2018-04-30 17:53 - 000000563 _____ C:\Users\Karen\Desktop\Power Commander 3 Usb.lnk
2018-04-30 17:53 - 2018-04-30 17:53 - 000000000 ____D C:\pwrcmdr
2018-04-30 17:53 - 2018-04-30 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Commander 3 Usb
2018-04-30 17:52 - 2018-04-30 17:52 - 003294293 _____ C:\Users\Karen\Downloads\PC3Usb 3.2.1 Setup.zip
2018-04-30 17:46 - 2018-04-30 17:47 - 000276707 _____ C:\Users\Karen\Downloads\Ignition 2.3.0.0.dfu
2018-04-30 17:45 - 2018-04-30 17:45 - 000005405 _____ C:\Users\Karen\Downloads\M327-012.djm
2018-04-30 17:40 - 2018-04-30 17:40 - 000000000 ____D C:\Users\Karen\Downloads\Ignition_2.3.0.0(1)
2018-04-30 17:21 - 2018-04-30 17:21 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Apple Computer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-02 02:24 - 2018-03-02 23:08 - 000003182 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMisStone
2018-05-02 02:24 - 2018-03-02 23:07 - 000000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMisStone.job
2018-05-02 02:24 - 2018-02-23 11:50 - 000000000 ____D C:\Users\Hailey
2018-05-02 02:16 - 2017-01-04 19:58 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-05-02 02:15 - 2018-02-23 14:02 - 000000000 ____D C:\Users\Hailey\AppData\LocalLow\Mozilla
2018-05-02 02:14 - 2012-07-26 03:28 - 000941114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-02 02:14 - 2012-07-26 01:37 - 000000000 ____D C:\WINDOWS\Inf
2018-05-02 02:09 - 2013-01-08 18:06 - 000000528 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2018-05-02 02:09 - 2012-08-10 21:45 - 000000821 _____ C:\WINDOWS\SysWOW64\bscs.ini
2018-05-02 02:08 - 2016-12-04 12:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-02 02:08 - 2016-12-04 12:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-02 02:08 - 2012-07-26 03:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-30 18:05 - 2016-12-04 12:34 - 000000000 ____D C:\Users\Karen\AppData\LocalLow\Mozilla
2018-04-30 18:04 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-30 17:48 - 2016-12-04 12:33 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-30 17:27 - 2018-02-21 01:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-04-30 17:18 - 2012-07-26 01:26 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-04-30 17:17 - 2013-01-08 18:06 - 000000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2018-04-19 23:05 - 2016-12-06 19:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-19 22:59 - 2017-10-12 22:01 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-19 22:59 - 2016-12-06 19:38 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-17 09:22 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
2018-04-17 09:21 - 2012-07-26 04:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-06 15:50 - 2018-03-04 16:52 - 000000000 ____D C:\Users\Hailey\AppData\Roaming\Apple Computer

==================== Files in the root of some directories =======

2017-02-24 15:05 - 2017-02-25 23:40 - 000000299 ____H () C:\ProgramData\emopts.dat
2002-05-16 00:41 - 2017-02-25 23:41 - 000001477 ____H () C:\ProgramData\saopts.dat
2018-02-24 21:50 - 2018-02-24 21:50 - 000000017 _____ () C:\Users\Hailey\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-02-26 09:10 - 2010-03-11 23:13 - 000149352 ____R (Microsoft Corporation) C:\Users\Hailey\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-30 18:03

==================== End of FRST.txt ============================

 

ADDITION

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by MisStone (02-05-2018 02:28:03)
Running from C:\Users\Hailey\Desktop
Windows 8 (X64) (2016-11-22 10:42:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2955528323-925661285-4188420177-500 - Administrator - Disabled)
Guest (S-1-5-21-2955528323-925661285-4188420177-501 - Limited - Disabled)
Karen (S-1-5-21-2955528323-925661285-4188420177-1002 - Administrator - Enabled) => C:\Users\Karen
MisStone (S-1-5-21-2955528323-925661285-4188420177-1003 - Administrator - Enabled) => C:\Users\Hailey

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Hewlett-Packard ACLM.NET v1.2.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
McAfee All Access – Internet Security (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.190 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.3.6691 - Mozilla)
Power Commander Control Center 3.2.0 (Test Build 1) (HKLM-x32\...\Power Commander 3 Usb_is1) (Version:  - Dynojet Research, Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2955528323-925661285-4188420177-1003\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\Windows\system32\BSAppShlExt.dll [2012-08-02] (TODO: <公司名>)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-08] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EA7BD74-565A-4F86-893B-D568864D5D05} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {1337271D-0974-4A5C-801E-630EB0D589E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {52BE4EA4-541B-45C7-A420-B56FF8CABDBB} - System32\Tasks\HPCeeScheduleForMisStone => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5B44F8C5-72A2-4803-95BA-CAC502FF9114} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {687B57FB-79AE-447A-8073-B917E2505B9A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
Task: {78A5ACB8-96CB-4558-9BB0-FECFDB9C3EB2} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {7EA9BE34-8E59-45D4-8A2F-88F07C10AA0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {8275416D-EB59-4138-8E5F-AA8BC77399B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {A3711A84-F3E7-4FBB-958B-9BCE53FD770C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {A4BBD625-FDDF-4910-BE04-DA82D4818ED4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {A8187879-0AB8-4738-920E-4A2EA5B319CC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {DE2417D2-3006-42E6-A4DE-02653725CDC2} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {DE9CC102-6DBA-4589-B66E-EE503A41EA16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {E8834C2D-1CFE-4AFC-99E5-4386B2DCC11F} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.160\DADUpdater.exe [2018-04-17] (McAfee, Inc.)
Task: {EDE1C462-BE2A-4B3B-BA93-C766A9238E45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForMisStone.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-08-08 14:36 - 2012-08-08 14:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-10 22:11 - 2012-07-10 22:11 - 000009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2018-02-21 01:59 - 2018-01-05 18:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2018-02-21 01:59 - 2018-01-05 18:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2012-08-08 14:36 - 2012-08-08 14:36 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-08 14:22 - 2012-08-08 14:22 - 000369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 004254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2017-01-04 20:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2955528323-925661285-4188420177-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{76104D3B-BA28-462A-83C8-64346241E36E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1B72A1B9-5E3C-44CC-A547-23BD6C388A7C}] => (Allow) LPort=2869
FirewallRules: [{4B866E97-3F76-4FB7-A518-B748F685D26F}] => (Allow) LPort=1900
FirewallRules: [{DFA99FAA-CD29-47F9-9E9D-E1C5D3F1C090}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{C0260DE4-4B24-429E-AF8C-E56590920978}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{2D6B5DCF-2F69-4EC1-B5EA-9A3C643DD481}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED2C5A12-DC4B-4A9A-9339-23DA19D72189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DE54D24-39AE-4464-8101-1B47E5CCC13F}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9ABBB7C1-C424-4842-8006-EE5C1F6A73B1}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4DE28304-9A25-4ECD-9EE7-F0E9792A685E}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F1068CE1-69DE-4C51-949A-33EEA6CF0D70}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{589904E8-D58C-4DD9-B44F-8FFFF1C3F90F}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{49CC7C01-86AB-4D12-BE21-0E628276ADE6}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3E604B6C-7E3D-4C92-A43D-B34A91B5856E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{554D610E-A63E-4F76-AA1F-94AAD672E87B}C:\users\karen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\karen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{EFE83544-F9E1-49BA-9AA5-D537A609E474}C:\users\karen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\karen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{FE2AEA71-B7B7-4BAC-B53F-AFA355D4BB7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05D6EF03-C625-406B-B4B4-198BC314E2BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A1C66E84-550B-4066-A75D-AC8455D47B79}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1C6D9C5A-7459-4430-B9B4-1FCFC0F6BB73}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{342B6059-BFDC-4141-A3AD-5D926B3ABC31}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{9A27C26B-68D8-4DE5-BB11-A3C068DCE3CF}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{1F2C8C7F-ED91-4055-9AB6-134D49F8B1C3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C38A7934-6D5A-474B-AFD9-6D59B7497A8B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{7E6D9806-FFB1-42E9-A385-D7DB3D35AF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF00BABE-BEED-4B3B-82CA-DFC8A2266AD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95BC7BC1-8A0A-42D3-91D9-58EE68708029}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{282DC274-2975-45D4-AEC8-43A04D0EE315}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17801A7A-B89E-4EF5-B1DF-6EF8444BB012}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

29-03-2018 23:31:21 Windows Modules Installer
06-04-2018 04:03:35 Windows Update
17-04-2018 09:58:04 Windows Update
19-04-2018 22:53:09 Windows Modules Installer
30-04-2018 18:00:32 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2018 02:09:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll_unloaded, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x1000d53d
Faulting process id: 0x754
Faulting application start time: 0x01d3e1dc18621af4
Faulting application path: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Faulting module path: tl_filter.dll
Report Id: 645bb281-4dcf-11e8-beaa-9c2a706a2fa4
Faulting package full name:
Faulting package-relative application ID:

Error: (04/30/2018 06:07:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 144255

Error: (04/30/2018 06:07:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 144255

Error: (04/30/2018 06:07:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/30/2018 06:07:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 128389

Error: (04/30/2018 06:07:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 128389

Error: (04/30/2018 06:07:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/30/2018 06:07:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 112774


System errors:
=============
Error: (05/02/2018 02:10:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/02/2018 02:08:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:55:53 PM on ‎4/‎30/‎2018 was unexpected.

Error: (04/30/2018 05:33:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (04/30/2018 05:16:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:22:58 AM on ‎4/‎20/‎2018 was unexpected.

Error: (04/19/2018 11:14:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

Error: (04/19/2018 10:59:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 8 for x64-based Systems (KB3071756).

Error: (04/17/2018 10:04:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:00:47 AM on ‎4/‎17/‎2018 was unexpected.

Error: (04/17/2018 09:07:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.


Windows Defender:
===================================
Date: 2017-06-04 19:38:34.113
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!dtc&threatid=2147638124&enterprise=0
Name: Trojan:Win32/Dynamer!dtc
ID: 2147638124
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\sassr.dat
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.245.444.0, AS: 1.245.444.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.13804.0, NIS: 0.0.0.0

Date: 2017-06-04 19:38:01.481
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=MonitoringTool:Win32/TotalSpy!rfn&threatid=234722&enterprise=0
Name: MonitoringTool:Win32/TotalSpy!rfn
ID: 234722
Severity: Severe
Category: Monitoring Software
Path: file:_C:\Users\Karen\AppData\Local\Temp\fkktmpr\setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.245.444.0, AS: 1.245.444.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.13804.0, NIS: 0.0.0.0

Date: 2017-05-31 22:44:48.190
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {81AC6D65-51BB-48A5-9576-3FCB9E26AB67}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-05-31 07:15:03.050
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6C6882FB-E8C2-40C1-8F18-41192645434B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-05-27 22:23:56.624
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {4053AC61-4A8D-41C3-AFC9-2534F2E78D34}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-04 06:32:12.026
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.431.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-04 06:32:12.026
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.431.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-04 06:32:11.548
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-04 06:32:11.545
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-04 06:32:02.989
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.431.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-05-02 02:26:02.134
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-02 02:26:01.281
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-02 02:23:58.114
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-30 17:53:45.270
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-20 00:20:07.216
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-20 00:19:47.618
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-20 00:19:41.013
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-20 00:19:34.486
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 58%
Total physical RAM: 3554.26 MB
Available physical RAM: 1484.58 MB
Total Virtual: 5090.26 MB
Available Virtual: 2096.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:672.02 GB) (Free:582.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.41 GB) (Free:2.99 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{f4c3dfbc-9ae1-48d6-9713-2d9a7c74261d}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{a7a18fd1-0d28-40a4-88ea-ba7bf090e2dc}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3D867707)

Partition: GPT.

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:59 PM

Posted 02 May 2018 - 05:50 AM

MisStone0824:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:59 PM

Posted 02 May 2018 - 11:26 AM

MisStone0824:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: The computer is running an unsupported version of Windows and using an old version of Internet Explorer. Windows 8 has not been supported for over two years. Please see this link for more information.
 

Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)


This poses significant security vulnerabilities to the computer. Why have you not updated this computer to Windows 8.1 and Internet Explorer 11?

Once we get the computer declared free of malware, I will be strongly recommeding that you update to Windows 8.1 and Internet Explorer 11.

.

:step2: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
U3 mfeavfk01; no ImagePath
S1 MpKslc27b25c4; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9F4684B-A737-4B51-A272-19E527F5898E}\MpKslc27b25c4.sys [X]
S3 NPF; system32\drivers\npf.sys [X]
FirewallRules: [{4DE54D24-39AE-4464-8101-1B47E5CCC13F}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9ABBB7C1-C424-4842-8006-EE5C1F6A73B1}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4DE28304-9A25-4ECD-9EE7-F0E9792A685E}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F1068CE1-69DE-4C51-949A-33EEA6CF0D70}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{589904E8-D58C-4DD9-B44F-8FFFF1C3F90F}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{49CC7C01-86AB-4D12-BE21-0E628276ADE6}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
File: C:\Windows\System32\EEL64A.dll
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 MisStone0824

MisStone0824
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 PM

Posted 03 May 2018 - 08:45 AM

Hi Phil,

 

Thank you for your reply. To answer your question regarding why the computer hasn't been updated to the newest Windows OS or version of Internet Explorer - as I mentioned in my initial post this PC belongs to my Mom - she and my brother are the primary users. When the computer was showing any signs of an issue, right from the beginning, my brother's answer was always to restore the PC to factory settings.

 

I have stepped in from time to time when I could but I cannot tell you how many times its actually been reset to its default state. I'm assuming that may be part of the reason why it isn't updated properly. I will be more than happy to update the OS and any other necessary programs when you give me the okay to proceed with that step. I will also make sure that when my Mom finally gets this PC back she is aware of making sure all programs are up to date going forward.

 

Below you will find the data I received from running the FRST fix. Thanks again for all of your help!

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by MisStone (03-05-2018 09:22:58) Run:2
Running from C:\Users\Hailey\Desktop\BLEEPING
Loaded Profiles: MisStone (Available Profiles: Karen & MisStone)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
U3 mfeavfk01; no ImagePath
S1 MpKslc27b25c4; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9F4684B-A737-4B51-A272-19E527F5898E}\MpKslc27b25c4.sys [X]
S3 NPF; system32\drivers\npf.sys [X]
FirewallRules: [{4DE54D24-39AE-4464-8101-1B47E5CCC13F}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9ABBB7C1-C424-4842-8006-EE5C1F6A73B1}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4DE28304-9A25-4ECD-9EE7-F0E9792A685E}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F1068CE1-69DE-4C51-949A-33EEA6CF0D70}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{589904E8-D58C-4DD9-B44F-8FFFF1C3F90F}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{49CC7C01-86AB-4D12-BE21-0E628276ADE6}] => (Allow) C:\Users\Karen\AppData\Roaming\BitTorrent\BitTorrent.exe
File: C:\Windows\System32\EEL64A.dll

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
mfeavfk01 => service not found.
MpKslc27b25c4 => service not found.
NPF => service not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DE54D24-39AE-4464-8101-1B47E5CCC13F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ABBB7C1-C424-4842-8006-EE5C1F6A73B1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DE28304-9A25-4ECD-9EE7-F0E9792A685E}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1068CE1-69DE-4C51-949A-33EEA6CF0D70}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{589904E8-D58C-4DD9-B44F-8FFFF1C3F90F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49CC7C01-86AB-4D12-BE21-0E628276ADE6}" => not found

========================= File: C:\Windows\System32\EEL64A.dll ========================

C:\Windows\System32\EEL64A.dll
File is digitally signed
MD5: E0B4052B55114ACD0BFE627AE050E751
Creation and modification date: 2013-01-08 17:57 - 2011-05-02 18:27
Size: 000136024
Attributes: ----A
Company Name: Dolby Laboratories
Internal Name: EEL64A.DLL
Original Name: EEL64A.DLL
Product: Dolby PCEE4 LFX APO
Description: Dolby PCEE4 LFX APO x64
File Version: 7.2.7000.6
Product Version: 7.2.7000.6
Copyright: ©2010 Dolby Laboratories. All rights reserved.
VirusTotal: https://www.virustotal.com/file/7fc7d53ee66e0d5fac48da227a148c80fee39803d749b2e12578b11dc9dcc6fa/analysis/1524452565/

====== End of File: ======



The system needed a reboot.

==== End of Fixlog 09:23:38 ====



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:59 PM

Posted 03 May 2018 - 09:02 AM

MisStone0824:
 
Thank you for running the FRST "fixlist" script and posting the results.  Thank you also for the explanation as to why the computer is still running Windows 8.  We will deal with that when we are sure that there is no malware lurking on the computer.
 
I want to run some standard anti-malware scans.   FRST does not detect everything, but it is really good at "sniffing" out the really nefarious malware, but there are all kinds of "nuisance" malware.  Let's start with the following two scans:
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 MisStone0824

MisStone0824
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 PM

Posted 05 May 2018 - 03:13 AM

Hi Phil,

I apologize for the delay in my response. Ive ran into a slight problem when attempting to run the programs that you requested. I downloaded both ESET and Malewarebytes. I disabled the McAfee virus protection on my Moms PC before beginning the process.

I began with ESET first. I took a picture of right where the scan became frozen (at about 47%). Ive attached it to this post. If the file is too big let me know and I can adjust it, I can also change the file type from .png to .jpeg if necessary.

I did not do anything further or run Malewarebytes yet because I wanted to touch base with you first and find out what I should do as far as the ESET scan. I am more than happy to try and run it for a second time - I just felt it was better to let you know about the issues I ran into before proceeding with anything.

Let me know what I should do next as soon as you can. Thanks!

Attached Files



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:59 PM

Posted 05 May 2018 - 11:59 AM

MisStone0824:
 
Thank you for your post.  I would like you to try and run the ESET again.
 
Before you do so, please do a "power reset" of your computer.
 
.
 
:step1: Warm booting does not completely clear the computer and reset everything. See this article. It is amazing to me how many really weird problems are resolved by a power reset of your computer. Power resets are my first diagnostic step. If you launch the "Windows Repair (All In One)" tool by Tweaking.com, you will see that power resets is the first of their preliminary diagnostic steps. That tool is available for download here at Bleeping Computer.

With laptops, it also necessary not just to unplug them, but also to remove the battery to ensure that the motherboard loses power, causing components to reset to their default state. Press and hold the "Power" button down for 10 to 20 seconds, when all power sources have been unplugged from the computer/laptop. This ensures that the capacitors on the motherboard, and other boards, such as GPU, drive controllers, etc., also lose any residual electrical power and are reset back to default states. The only thing that doesn't lose power is the BIOS CMOS, because it has its own battery, and removing that is not usually desirable, since the BIOS loses any custom configuration information, as well as the date and time.

Once you have done the power reset, then reinsert the laptop battery, if you have a laptop, and plug the computer back in. Press the "Power" button and the computer should boot normally, with all memory and capacitors cleared by the power reset. This often solves a lot of computer issues by itself.

.

:step2: If the ESET scan hangs again and won't complete, I would like you to try scanning with the Emsisoft Emergency Kit. If the ESET scan completes successfully, please ignore this step.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

.

:step3: Please run the Malwarebytes scan regardless of whether the ESET and Emsisoft Emergency Kit scans do, or do not, complete successfully. Please ensure that the Malwarebytes scanning options are enabled, as I requested, in this post.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 MisStone0824

MisStone0824
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 PM

Posted 06 May 2018 - 06:20 AM

Hi Phil,

 

I followed your instructions above and I was able to successfully run ESET on my 2nd attempt. After the ESET scan I re-enabled my Mom's McAfee anti-virus software and then scanned the PC with Malwarebytes. Below you will find the logs for both scans. Please let me know how to proceed from here - and again thank you for your help!

 

ESET Scan Results:

 

C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8FAU1T3\YahooDLL[1].dll    a variant of Win32/Monitor.Spyagent.NAH potentially unsafe application    cleaned by deleting
C:\Users\Karen\AppData\Local\Temp\HYD9F7A.tmp.1483981596\HTA\install.1483981596.zip    a variant of Win32/FusionCore.K potentially unwanted application    deleted
C:\Users\Karen\AppData\Local\Temp\HYD9F7A.tmp.1483981596\HTA\3rdparty\FS.dll    a variant of Win32/FusionCore.K potentially unwanted application    cleaned by deleting
C:\Users\Karen\AppData\Local\Temp\HYDF6AE.tmp.1483981880\HTA\install.1483981880.zip    a variant of Win32/FusionCore.K potentially unwanted application    deleted
C:\Users\Karen\AppData\Local\Temp\HYDF6AE.tmp.1483981880\HTA\3rdparty\FS.dll    a variant of Win32/FusionCore.K potentially unwanted application    cleaned by deleting

 

Malwarebytes Scan Results:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/6/18
Scan Time: 6:47 AM
Log File: d7e0f4f2-511a-11e8-b2cf-9c2a706a2fa4.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5006
License: Trial

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: KarensPC\MisStone

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 292726
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 12 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Spigot, C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CL3PSCYT.DEFAULT\PREFS.JS, Replaced, [173], [301667],1.0.5006

Physical Sector: 0
(No malicious items detected)


(end)
 



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:59 PM

Posted 06 May 2018 - 06:30 AM

MisStone0824:
 
Thank you for running the ESET and Malwarebytes scans and for posting the results.  That all looks great! :thumbup2:
 
There are a couple of more standard anti-malware scans that I would like you to run.  Once they have completed, please reboot your computer and please provide me with an update as to how the computer is running.
 
.
 
:step1: zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop.
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button.
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so.
  • After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.

.

:step2: RogueKiller Scan

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit).
  • Move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Click on the Start Scan button in the right panel, which will bring up another tab, and click on it again (this time it'll be in the bottom right corner).
  • Wait for the scan to complete.
  • On the completion of the scan, the results will be displayed.
  • Check every single entry (threat found), and click on the Remove Selected button.
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner).
  • This will open the report in Notepad. Please copy and paste the contents of the report into your next reply.

.

:step3: Reboot the computer, after you have saved the scan logs, and please copy and paste them into your next reply. Please provide me with an update on how the computer is working. If there are still issues, please describe them in as much detail as possible, including any possible error messages or numbers.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:59 PM

Posted 09 May 2018 - 06:15 AM

MisStone0824:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#11 MisStone0824

MisStone0824
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 PM

Posted 10 May 2018 - 09:35 PM

Hi Phil,

I truly apologize for the delayed response, Ive been sick with a cold (always happens when the weather changes!) Im feeling far better now and I promise I will run the programs/scans you requested above tomorrow. I will get back to you with my reply as soon as theyre done. I apologize for the inconvenience and I youll be hearing from me soon. :)

Thanks again!

#12 MisStone0824

MisStone0824
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 PM

Posted 11 May 2018 - 05:24 AM

Hi Phil,

 

I have some good news to report at least - both scans came up with ZERO detection's. I wasn't positive whether or not you'd still want to see the .txt files so I have included them below in order to be as thorough as possible. As for how the computer is running - I haven't been using it for too long yet since running those scans. I'd be more than happy to report back to you later on today just to give you a better idea of how it's functioning after using it a bit (only if you feel it's necessary).

 

What I can tell you is (at least so far) navigating to this website I didn't experience any not responding errors like I have in the past. However, I did experience the (not responding) message twice while running the two scans below - both of the programs briefly stopped responding. Luckily, the computer didn't freeze  up like we ran into with running ESET.  I have tried opening a few other programs and I didn't see it come up - but it can be very hit and miss when it comes to that specific message.

 

However, as we discussed in the beginning this PC is not updated to the proper/current version of Windows OS or Internet Explorer. Is there any reason why this could've caused both of those programs to stop responding at one point? I know that regardless it's crucial this computer gets updated but I don't want to move forward with any of that without further instruction from you.

 

Lastly, this is just a brief question more out of curiosity I don't want to take up too much of your time! - I hope you don't mind it's just something I want to confirm if possible. Over the years in my basic knowledge of PC's I've heard or seen entries in scans of multiple partitions in a PC. I honestly don't know the indepth reasoning behind them - but the reason it came to mind is because the RogueKiller scan briefly lists this PC's partitions at the end of it's scan log. I'm not sure how much you'd be able to tell from the info provided in the log - but I just wanted to confirm if that looks like a normal amount as far as how many there are and the space that's distributed?

 

- I hope that question isn't weird or too far outside of the scope of assistance that I had asked for. :)

 

With that said, please let me know what my next steps should be. If you feel that the brief experience of programs not responding after all the steps/scans isn't something I should be too concerned about I trust you! Again, I still don't plan to update the OS or browser until I get the go ahead from you - so let me know.

 

Once again, I apologize that I disappeared for a few days there and I do look forward to hearing from you!

 

 

AdwCleaner:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-10.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-11-2018
# Duration: 00:00:36
# OS:       Windows 8
# Scanned:  40842
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 

RogueKiller:

 

RogueKiller V12.12.16.0 (x64) [May  4 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : MisStone [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/11/2018 00:53:08 (Duration : 00:37:47)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM0 22 HN-M750MBB SATA Disk Device +++++
--- User ---
[MBR] 6a8a38097d81e5e8990821d5ff0e2ef9
[BSP] fb924ff2fd824482cb78262ff6ca589e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 688150 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1410947072 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1411868672 | Size: 26015 MB
User = LL1 ... OK
User = LL2 ... OK



 



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:59 PM

Posted 11 May 2018 - 11:23 AM

MisStone0824:
 
Thank you for running those scans.  I see nothing in the RogueKiller scan log that causes me concern.
 
OK, before we update your computer to Windows 8.1, which could resolve some or all of the issues you are experiencing, I would like to clean up your computer.

.

:step1: If there are any anti-malware tools that you want to keep, please let me know, although it is always advisable to download the latest versions of those tools, since they are updated so frequently.

If you have ESET installed on your computer, you may keep it, or you can go to the Control Panel and uninstall that program. Please let me know what you decide to do.

If you have Malwarebytes installed, I would suggest that you keep it. If you don't want to keep Malwarebytes installed on your computer, please go to this link to download the latest version of MB-Clean.exe and run it to remove all traces of Malwarebytes. Please let me know if you did uninstall Malwarebytes. Once you have run the MB-Clean.exe tool successfully, you can manually delete that file as well.

If you want to keep RogueKiller, please let me know; otherwise, please uninstall it and confirm that it was uninstalled successfully.

.

:step2: Please provide me with a fresh set of FRST logs. I would like to make a final reconnaissance of your computer and I also want to identify the anti-malware scanners and cleaners that we used, so that we can delete the anti-malware applications, and remnants thereof, that you don't want to keep, in the next post.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 MisStone0824

MisStone0824
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 PM

Posted 14 May 2018 - 02:00 AM

Hi Phil,

 

First, I wanted to make you aware that when starting the above directions you gave me. I opened a folder on my desktop that I had created and went to right click a file in it - at that point, it said not responding and the mouse/arrow turned into a spinning circle like it usually does. It kept spinning for awhile but it did begin to respond again on its own so I didn't have to force anything closed and then reopen it. I just wanted to make you aware of this issue happening again.

 

Secondly, I'm going to keep Malewarebytes (the current version downloaded on my PC is the premium trial - it's valid for 4 more days) I wanted to let you know about the trial and the remaining time left in case that info is relevant. I'm also going to keep AdwCleaner and then of course my McAfee Security.

 

The two programs I chose to remove are ESET and RogueKiller. I also ran FRST again as you requested and incase this is relevant as well - when I ran FRST I noticed that a new folder was automatically created and labeled FRST-Older Version - it is the initial version of FRST that I downloaded back on 5/2/18. The results of the FRST scan are below, the FRST.txt file and Addition.txt file:

 

Please let me know how to proceed from here after reviewing all of the information. Thanks!

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by MisStone (administrator) on KARENSPC (14-05-2018 02:46:00)
Running from C:\Users\Hailey\Desktop\BLEEPING
Loaded Profiles: MisStone &  (Available Profiles: Karen & MisStone)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\McCSPServiceHost.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Hailey\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\...\Run: [Spotify Web Helper] => C:\Users\Hailey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-04] (Spotify Ltd)
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-2955528323-925661285-4188420177-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023046261\...\Run: [Spotify Web Helper] => C:\Users\Hailey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-04] (Spotify Ltd)
HKU\S-1-5-21-2955528323-925661285-4188420177-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023046261\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{AC0A8D7B-0501-4116-A82B-1752F5F2A5A1}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{EC366EB2-880C-46AF-AEBF-00CFDC7AFE92}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2955528323-925661285-4188420177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023027320\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2955528323-925661285-4188420177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023027320\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2955528323-925661285-4188420177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023027320\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2955528323-925661285-4188420177-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023046261\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2955528323-925661285-4188420177-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023046261\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023027320 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023046261 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2955528323-925661285-4188420177-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023046261 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-04-26] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-04-26] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-04-26] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-03-16] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-03-16] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: hq5128gh.default-1519471866368
FF ProfilePath: C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\hq5128gh.default-1519471866368 [2018-05-14]
FF Homepage: Mozilla\Firefox\Profiles\hq5128gh.default-1519471866368 -> www.google.com
FF Extension: (All Aboard) - C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\hq5128gh.default-1519471866368\Extensions\@all-aboard-v1-5 [2018-02-24] [Legacy]
FF Extension: (All Aboard) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-5 [2016-12-04] [Legacy]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-06]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-05-06] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-03-16] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-03-16] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-03-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe [2141912 2018-03-01] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-29] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-29] (McAfee, LLC)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [472016 2018-01-29] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-03-16] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-09] (Ralink Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-02] (McAfee, LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-05-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-05-14] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-02] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357784 2018-02-02] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-02] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-02] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [951200 2018-02-02] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-02] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-02] (McAfee, LLC)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 02:34 - 2018-05-14 02:34 - 000000000 ____D C:\Program Files (x86)\ESET
2018-05-11 00:56 - 2018-05-11 04:37 - 000003522 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-05-09 03:56 - 2018-05-11 01:03 - 000000000 ____D C:\Users\Hailey\AppData\Local\CrashDumps
2018-05-09 03:45 - 2018-05-11 00:53 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-09 03:44 - 2018-05-11 05:51 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-09 03:26 - 2018-05-09 03:31 - 000000000 ____D C:\AdwCleaner
2018-05-09 03:24 - 2018-05-09 03:24 - 000000000 ____D C:\Users\Hailey\AppData\LocalLow\Adobe
2018-05-09 03:24 - 2018-05-09 03:24 - 000000000 ____D C:\Users\Hailey\AppData\Local\CEF
2018-05-09 03:19 - 2018-05-11 00:37 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-09 03:17 - 2018-05-11 00:41 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-09 03:17 - 2018-05-09 03:18 - 036639176 _____ (Adlice Software ) C:\Users\Hailey\Downloads\RogueKiller_setup.exe
2018-05-09 03:17 - 2018-05-09 03:17 - 000002007 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-05-09 03:12 - 2018-05-09 03:24 - 000000000 ____D C:\Users\Hailey\AppData\Local\Adobe
2018-05-06 06:41 - 2018-05-06 06:41 - 000002044 _____ C:\Users\Public\Desktop\McAfee All Access – Internet Security.lnk
2018-05-06 06:41 - 2018-05-06 06:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-05-06 06:39 - 2017-10-09 23:14 - 000218336 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2018-05-06 06:36 - 2018-05-06 06:36 - 000003084 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-05-06 06:35 - 2018-05-06 06:39 - 000000000 ____D C:\Program Files\McAfee
2018-05-06 06:35 - 2018-05-06 06:35 - 000000000 ____D C:\Program Files\McAfee.com
2018-05-06 06:34 - 2018-05-06 07:34 - 000003312 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-05-06 06:34 - 2018-05-06 06:40 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-05-06 06:34 - 2018-05-06 06:34 - 000000000 ____D C:\Program Files\Common Files\AV
2018-05-06 06:29 - 2018-05-06 06:40 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-05-06 06:29 - 2018-01-29 14:34 - 000472016 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2018-05-06 06:27 - 2018-05-06 06:28 - 013039096 _____ (McAfee, Inc.) C:\Users\Hailey\Downloads\Setup_serial_A-7FR59hqPs0KmDw24OzbQ2_key_affid_910_akey.exe
2018-05-04 02:25 - 2018-05-11 00:50 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-04 02:24 - 2018-05-14 02:27 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-04 02:24 - 2018-05-11 00:49 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-04 02:24 - 2018-05-11 00:49 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-04 02:24 - 2018-05-04 02:24 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-04 02:24 - 2018-05-04 02:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-04 02:24 - 2018-05-04 02:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-04 02:24 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-04 02:22 - 2018-05-04 02:23 - 071942408 _____ (Malwarebytes ) C:\Users\Hailey\Downloads\mb3-setup-1878.1878-3.4.5.2467.exe
2018-05-03 09:17 - 2018-05-14 02:46 - 000000000 ____D C:\Users\Hailey\Desktop\BLEEPING
2018-05-02 02:26 - 2018-05-14 02:46 - 000000000 ____D C:\FRST
2018-04-30 17:53 - 2018-04-30 17:53 - 000000563 _____ C:\Users\Karen\Desktop\Power Commander 3 Usb.lnk
2018-04-30 17:53 - 2018-04-30 17:53 - 000000000 ____D C:\pwrcmdr
2018-04-30 17:53 - 2018-04-30 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Commander 3 Usb
2018-04-30 17:52 - 2018-04-30 17:52 - 003294293 _____ C:\Users\Karen\Downloads\PC3Usb 3.2.1 Setup.zip
2018-04-30 17:46 - 2018-04-30 17:47 - 000276707 _____ C:\Users\Karen\Downloads\Ignition 2.3.0.0.dfu
2018-04-30 17:45 - 2018-04-30 17:45 - 000005405 _____ C:\Users\Karen\Downloads\M327-012.djm
2018-04-30 17:40 - 2018-04-30 17:40 - 000000000 ____D C:\Users\Karen\Downloads\Ignition_2.3.0.0(1)
2018-04-30 17:21 - 2018-04-30 17:21 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Apple Computer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 02:37 - 2012-08-10 21:45 - 000000821 _____ C:\WINDOWS\SysWOW64\bscs.ini
2018-05-14 02:34 - 2013-01-08 18:06 - 000000527 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2018-05-14 02:34 - 2013-01-08 18:06 - 000000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2018-05-14 02:29 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-14 02:19 - 2018-02-23 14:02 - 000000000 ____D C:\Users\Hailey\AppData\LocalLow\Mozilla
2018-05-11 02:24 - 2018-03-02 23:08 - 000003182 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMisStone
2018-05-11 02:24 - 2018-03-02 23:07 - 000000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMisStone.job
2018-05-11 02:24 - 2018-02-23 11:50 - 000000000 ____D C:\Users\Hailey
2018-05-11 01:44 - 2016-12-06 19:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-11 01:44 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
2018-05-11 01:43 - 2012-07-26 04:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-11 01:34 - 2017-10-12 22:01 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-11 01:34 - 2016-12-06 19:38 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-11 00:49 - 2012-07-26 03:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-09 03:38 - 2012-07-26 01:26 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-05-09 03:24 - 2018-02-23 13:54 - 000000000 ____D C:\Users\Hailey\AppData\Roaming\Adobe
2018-05-09 03:15 - 2017-03-28 16:51 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-05-06 07:00 - 2017-01-04 19:49 - 000000000 ____D C:\ProgramData\McAfee
2018-05-06 06:52 - 2018-02-21 01:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-05-06 06:30 - 2012-07-26 04:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-05-04 02:04 - 2012-07-26 03:28 - 000941114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-04 02:04 - 2012-07-26 01:37 - 000000000 ____D C:\WINDOWS\Inf
2018-05-04 02:00 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-02 02:08 - 2016-12-04 12:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-02 02:08 - 2016-12-04 12:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-30 18:05 - 2016-12-04 12:34 - 000000000 ____D C:\Users\Karen\AppData\LocalLow\Mozilla
2018-04-30 17:48 - 2016-12-04 12:33 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

==================== Files in the root of some directories =======

2017-02-24 15:05 - 2017-02-25 23:40 - 000000299 ____H () C:\ProgramData\emopts.dat
2002-05-16 00:41 - 2017-02-25 23:41 - 000001477 ____H () C:\ProgramData\saopts.dat
2018-02-24 21:50 - 2018-02-24 21:50 - 000000017 _____ () C:\Users\Hailey\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-05-09 03:44 - 2015-11-16 12:10 - 001821192 _____ (Microsoft Corporation) C:\Users\Hailey\AppData\Local\Temp\dllnt_dump.dll
2018-02-26 09:10 - 2010-03-11 23:13 - 000149352 ____R (Microsoft Corporation) C:\Users\Hailey\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-03 08:45

==================== End of FRST.txt ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by MisStone (14-05-2018 02:47:28)
Running from C:\Users\Hailey\Desktop\BLEEPING
Windows 8 (X64) (2016-11-22 10:42:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2955528323-925661285-4188420177-500 - Administrator - Disabled)
Guest (S-1-5-21-2955528323-925661285-4188420177-501 - Limited - Disabled)
Karen (S-1-5-21-2955528323-925661285-4188420177-1002 - Administrator - Enabled) => C:\Users\Karen
MisStone (S-1-5-21-2955528323-925661285-4188420177-1003 - Administrator - Enabled) => C:\Users\Hailey

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-2955528323-925661285-4188420177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023027320\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
McAfee All Access – Internet Security (HKLM-x32\...\MSC) (Version: 16.0 R10 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.190 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.3.6691 - Mozilla)
Power Commander Control Center 3.2.0 (Test Build 1) (HKLM-x32\...\Power Commander 3 Usb_is1) (Version:  - Dynojet Research, Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2955528323-925661285-4188420177-1003\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Spotify (HKU\S-1-5-21-2955528323-925661285-4188420177-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023046261\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\Windows\system32\BSAppShlExt.dll [2012-08-02] (TODO: <公司名>)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-03-16] (McAfee, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-08] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-03-16] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1337271D-0974-4A5C-801E-630EB0D589E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {1C87FB2F-AA76-40CE-B19F-49F5ACD596B4} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-05-06] (McAfee, LLC.)
Task: {40A587FA-DCED-4A58-AA1E-731374072789} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {52BE4EA4-541B-45C7-A420-B56FF8CABDBB} - System32\Tasks\HPCeeScheduleForMisStone => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5B44F8C5-72A2-4803-95BA-CAC502FF9114} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {7EA9BE34-8E59-45D4-8A2F-88F07C10AA0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {8275416D-EB59-4138-8E5F-AA8BC77399B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {9DD697AD-C3F7-41D4-90CB-40B2AFF1C4AB} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
Task: {A23F1A03-E34F-444B-B76E-8B39F8A561DC} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A3711A84-F3E7-4FBB-958B-9BCE53FD770C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {A4BBD625-FDDF-4910-BE04-DA82D4818ED4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {B3177091-136C-4107-BAEB-3D6399FD2577} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {BFC182D6-C0F6-4604-8AFD-2DB6DDA093AD} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.160\DADUpdater.exe [2018-05-06] (McAfee, Inc.)
Task: {CB847C9E-FA30-4B25-9223-E5D624B3CF1C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {DE2417D2-3006-42E6-A4DE-02653725CDC2} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {DE9CC102-6DBA-4589-B66E-EE503A41EA16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {EDE1C462-BE2A-4B3B-BA93-C766A9238E45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForMisStone.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-08-08 14:36 - 2012-08-08 14:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-04 02:24 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-04 02:24 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-07-10 22:11 - 2012-07-10 22:11 - 000009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2018-03-01 05:18 - 2018-03-01 05:18 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\McCSPMsgBusDLL.dll
2012-07-10 22:11 - 2012-07-10 22:11 - 000052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-07-27 18:51 - 2012-07-27 18:51 - 000346112 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-07-10 22:09 - 2012-07-10 22:09 - 000022528 _____ () C:\Windows\system32\BsTrace.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2012-08-08 14:36 - 2012-08-08 14:36 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-08 14:22 - 2012-08-08 14:22 - 000369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-10 14:55 - 2012-08-10 14:55 - 000323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 21:28 - 2012-05-02 21:28 - 000012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2017-01-04 20:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2955528323-925661285-4188420177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023027320\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2955528323-925661285-4188420177-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2955528323-925661285-4188420177-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023046261\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{76104D3B-BA28-462A-83C8-64346241E36E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1B72A1B9-5E3C-44CC-A547-23BD6C388A7C}] => (Allow) LPort=2869
FirewallRules: [{4B866E97-3F76-4FB7-A518-B748F685D26F}] => (Allow) LPort=1900
FirewallRules: [{DFA99FAA-CD29-47F9-9E9D-E1C5D3F1C090}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{C0260DE4-4B24-429E-AF8C-E56590920978}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{2D6B5DCF-2F69-4EC1-B5EA-9A3C643DD481}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED2C5A12-DC4B-4A9A-9339-23DA19D72189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E604B6C-7E3D-4C92-A43D-B34A91B5856E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{554D610E-A63E-4F76-AA1F-94AAD672E87B}C:\users\karen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\karen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{EFE83544-F9E1-49BA-9AA5-D537A609E474}C:\users\karen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\karen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{FE2AEA71-B7B7-4BAC-B53F-AFA355D4BB7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05D6EF03-C625-406B-B4B4-198BC314E2BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A1C66E84-550B-4066-A75D-AC8455D47B79}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1C6D9C5A-7459-4430-B9B4-1FCFC0F6BB73}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{342B6059-BFDC-4141-A3AD-5D926B3ABC31}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{9A27C26B-68D8-4DE5-BB11-A3C068DCE3CF}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{C38A7934-6D5A-474B-AFD9-6D59B7497A8B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{7E6D9806-FFB1-42E9-A385-D7DB3D35AF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF00BABE-BEED-4B3B-82CA-DFC8A2266AD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95BC7BC1-8A0A-42D3-91D9-58EE68708029}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{282DC274-2975-45D4-AEC8-43A04D0EE315}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17801A7A-B89E-4EF5-B1DF-6EF8444BB012}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA3FEA96-B084-47E6-AFD2-E24ADD96C3AB}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

==================== Restore Points =========================

19-04-2018 22:53:09 Windows Modules Installer
30-04-2018 18:00:32 Windows Update
03-05-2018 09:09:11 Restore Point Created by FRST
03-05-2018 09:22:59 Restore Point Created by FRST
09-05-2018 02:57:04 Windows Update
14-05-2018 02:17:49 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2018 02:34:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Hailey\Desktop\BLEEPING\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.

Error: (05/14/2018 02:34:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Hailey\Desktop\BLEEPING\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.

Error: (05/14/2018 02:32:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Hailey\Desktop\BLEEPING\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.

Error: (05/11/2018 05:49:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x684
Faulting application start time: 0x01d3e8e3c6bfd191
Faulting application path: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Faulting module path: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
Report Id: 9a6b7234-5500-11e8-beb0-9c2a706a2fa4
Faulting package full name:
Faulting package-relative application ID:

Error: (05/11/2018 01:03:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: combase.dll, version: 6.2.9200.16420, time stamp: 0x505a9af2
Exception code: 0xc0000005
Fault offset: 0x0000000000008858
Faulting process id: 0x1060
Faulting application start time: 0x01d3e8e3a381cfe1
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\combase.dll
Report Id: 934941b7-54d8-11e8-beb0-9c2a706a2fa4
Faulting package full name:
Faulting package-relative application ID:

Error: (05/11/2018 12:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x814
Faulting application start time: 0x01d3e8e3bc0738e0
Faulting application path: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Faulting module path: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
Report Id: ffddf77f-54d6-11e8-beb0-9c2a706a2fa4
Faulting package full name:
Faulting package-relative application ID:

Error: (05/11/2018 12:49:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x744
Faulting application start time: 0x01d3e8e36f90f19f
Faulting application path: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Faulting module path: C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
Report Id: b3fb3fd6-54d6-11e8-beb0-9c2a706a2fa4
Faulting package full name:
Faulting package-relative application ID:

Error: (05/11/2018 12:04:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1429, time stamp: 0x5ab555d5
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x1040
Faulting application start time: 0x01d3e8dd11f71810
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: KERNELBASE.dll
Report Id: 71db750f-54d0-11e8-beaf-9c2a706a2fa4
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (05/14/2018 02:29:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (05/14/2018 02:29:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 8 for x64-based Systems (KB3071756).

Error: (05/11/2018 05:49:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 3 time(s).

Error: (05/11/2018 04:10:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 8 for x64-based Systems (KB3071756).

Error: (05/11/2018 03:40:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 8 for x64-based Systems (KB3071756).

Error: (05/11/2018 12:51:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 2 time(s).

Error: (05/11/2018 12:49:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/11/2018 12:48:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IconMan_R service failed to start due to the following error:
%%109 = The pipe has been ended.


Windows Defender:
===================================
Date: 2018-05-06 06:21:12.502
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {E4820645-9F75-48D6-A55A-D0C5A6200B9F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-04 19:38:34.113
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!dtc&threatid=2147638124&enterprise=0
Name: Trojan:Win32/Dynamer!dtc
ID: 2147638124
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\sassr.dat
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.245.444.0, AS: 1.245.444.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.13804.0, NIS: 0.0.0.0

Date: 2017-06-04 19:38:01.481
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=MonitoringTool:Win32/TotalSpy!rfn&threatid=234722&enterprise=0
Name: MonitoringTool:Win32/TotalSpy!rfn
ID: 234722
Severity: Severe
Category: Monitoring Software
Path: file:_C:\Users\Karen\AppData\Local\Temp\fkktmpr\setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.245.444.0, AS: 1.245.444.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.13804.0, NIS: 0.0.0.0

Date: 2017-05-31 22:44:48.190
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {81AC6D65-51BB-48A5-9576-3FCB9E26AB67}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-05-31 07:15:03.050
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6C6882FB-E8C2-40C1-8F18-41192645434B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-06 04:21:28.958
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-06 04:16:45.511
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.812.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-06 04:16:45.511
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.812.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-06 04:16:45.480
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.812.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-06 03:27:55.176
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80508007
Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
Signature version: 1.267.815.0;1.267.815.0
Engine version: 1.1.14800.3

CodeIntegrity:
===================================

Date: 2018-05-14 02:44:00.288
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-14 02:43:20.450
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-14 02:39:38.982
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-14 02:35:00.128
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-14 02:34:26.569
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-14 02:30:46.261
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-11 06:16:23.041
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-11 05:52:06.821
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 61%
Total physical RAM: 3554.26 MB
Available physical RAM: 1373.33 MB
Total Virtual: 4898.26 MB
Available Virtual: 1586.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:672.02 GB) (Free:578.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.41 GB) (Free:2.99 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{f4c3dfbc-9ae1-48d6-9713-2d9a7c74261d}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{a7a18fd1-0d28-40a4-88ea-ba7bf090e2dc}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3D867707)

Partition: GPT.

==================== End of Addition.txt ============================



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:59 PM

Posted 14 May 2018 - 12:35 PM

MisStone0824:

Thank you for the fresh set of FRST scan logs. Thank you also for the update on your computer's condition. Once we clean up your computer of unwanted anti-malware tools and anything else that I find, we will move on to updating your computer to Windows 8.1, which might resolve some of your remaining computer issues.
.

:step1: The ESET Online Scanner is still shown as installed.

 

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )



You said:
 

The two programs I chose to remove are ESET and RogueKiller.


Please uninstall the ESET Online Scanner program via the Control Panel, Programs, Uninstall a Program, if you do not want to keep it.

.

:step2: In going over your logs I noticed that you have BitTorrent installed, which was not shown in the first set of FRST scan logs.
 

BitTorrent (HKU\S-1-5-21-2955528323-925661285-4188420177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142018023027320\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)


Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step3: We will now remove the anti-malware tools that we used to scan and clean your computer that you do not want to keep using a final FRST "fixlist" script.

Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CloseProcesses:
U3 mfeavfk01; no ImagePath
2018-05-09 03:44 - 2018-05-11 05:51 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-09 03:17 - 2018-05-09 03:18 - 036639176 _____ (Adlice Software ) C:\Users\Hailey\Downloads\RogueKiller_setup.exe
File: C:\Users\Hailey\Downloads\Setup_serial_A-7FR59hqPs0KmDw24OzbQ2_key_affid_910_akey.exe
DeleteQuarantine:
CreateRestorePoint:
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply, before deleting it in the next step.

.

:step4: Please rename FRST64.exe to uninstall.exe. Please right-click the program and select "Run as Administrator". When the program has completed uninstalling itself, it will request a reboot. Please reboot your computer. All FRST program files, folders, logs, etc., should be deleted when your computer reboots successfully.

.

:step5: . . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated software tools, such as Adlice Software UCheck. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; later versions of Windows Defender provide perfectly acceptable protection for free. If for some reason you don't like Windows Defender, there are other free products available as well or you can purchase a security product or products.

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

Personally I use Bitdefender 2018 Total Security, along with Malwarebytes Premium. Another paid product worth considering is Emsisoft Anti-Malware, which combines the Bitdefender virus scanning engine with their own anti-malware engine, so that you essentially get two computer security products, totally integrated, for the price of one. Please consult this link for more information on choosing a computer security product.

If you want more information about the methods that malware uses to infect your computer, please consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

.

On behalf of the Bleeping Computer (BC) community, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day. I will await the final FRST "fixlog.txt" results before we move on to updating your computer to Windows 8.1 and installing of the associated Windows updates and dealing with any other outstanding computer issues that you might be experiencing.

Regards,
-Phil


Edited by garioch7, 14 May 2018 - 12:36 PM.
Fix type

Graduate of the Bleeping Computer Malware Removal Study Hall





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users