Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Sage Email


  • This topic is locked This topic is locked
4 replies to this topic

#1 BoroRobUK

BoroRobUK

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 13 June 2018 - 05:00 AM

Hi,
 
We have just received a Fake Sage phishing email and someone has clicked on the link.
 
I was wondering if someone could help with what it does. There are a lot of Sage Phising emails going round at the minute with Banking Trojans so I would really like to know what this one does.
 
(Email attached)
 
It takes you to a link, then redirects to another page, which has this in the source of the page..
 
<script src=[url=https://mixedcontent.ga]https://mixedcontent.ga[/url]"></script> - Which I have no idea what this does
 
Can anyone help?
 
 
 
Thanks
Rob

Edited by Aura, 13 June 2018 - 08:11 AM.
Disabled potentially malicious link


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,902 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:09 AM

Posted 13 June 2018 - 06:48 AM

Please...post the FRST data requested at https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ .  No need to open new topic, just post the requested data in your next post to this topic.

 

Louis



#3 BoroRobUK

BoroRobUK
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 13 June 2018 - 07:47 AM

​

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by thea.walker (administrator) on PC13122016 (13-06-2018 13:04:32)

Running from C:\Users\Thea.Coleman\Desktop

Loaded Profiles: thea.walker (Available Profiles: defaultuser0 & cbsadmin)

Platform: Windows 10 Pro Version 1709 16299.431 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121026.inf_amd64_d9c66a7a4ae5623d\igfxCUIService.exe

(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe

(ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe

(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe

(COMODO) C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

() C:\Program Files (x86)\COMODO\Comodo ITSM\PmService.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

() C:\Program Files (x86)\COMODO\Comodo ITSM\RmmService.exe

(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV24\sg50CtrlSvc_v24.exe

(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\AccountsServiceV24\sg50svc_v24.exe

(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe

(Sage UK Limited) C:\Program Files (x86)\Common Files\Sage\Shared\AutoUpdateManager\v2\Sage.Central.AutoUpdateManager.Service.exe

(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe

() C:\Program Files (x86)\COMODO\Comodo ITSM\SpmService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121026.inf_amd64_d9c66a7a4ae5623d\igfxEM.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Sage Software, Inc.) C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe

(COMODO) C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe

() C:\Windows\System32\Windows.WARP.JITService.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-05-20] (Realtek Semiconductor)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [445928 2018-06-06] (LogMeIn, Inc.)

HKLM\...\Run: [NetHelpDesk] => C:\Program Files (x86)\NetHelpDesk\nethdclient.exe [112937568 2018-05-23] (NetHelpDesk)

HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [28672 2009-08-24] (Sage Software, Inc.)

HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe [331776 2009-08-24] (Sage Software, Inc.)

HKLM-x32\...\Run: [Comodo ITSM] => C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMAgent.exe [1806528 2017-07-18] (COMODO)

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\...\RunOnce: [Uninstall 18.091.0506.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thea.Coleman\AppData\Local\Microsoft\OneDrive\18.091.0506.0003\amd64"

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\...\RunOnce: [Uninstall 18.091.0506.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thea.Coleman\AppData\Local\Microsoft\OneDrive\18.091.0506.0003"

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\...\RunOnce: [Uninstall 18.095.0510.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thea.Coleman\AppData\Local\Microsoft\OneDrive\18.095.0510.0001"

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\...\Policies\system: [Wallpaper] \\CBSAPPS5\ITPublic\IT General\Cornerstone Business Solutions\Branding\images\CBS Logo.jpg

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\...\Policies\system: [WallpaperStyle] 0

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 172.16.1.17 172.16.1.4 172.16.1.254

Tcpip\..\Interfaces\{0eac79e4-206f-4a6e-b530-564cc04f8e54}: [DhcpNameServer] 172.16.1.17 172.16.1.4 172.16.1.254

 

Internet Explorer:

==================

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/

SearchScopes: HKU\S-1-5-21-3598439084-1869359879-3015854985-14557 -> DefaultScope {883A41DA-2CDD-4160-AFEE-9CE877E62A6F} URL =

SearchScopes: HKU\S-1-5-21-3598439084-1869359879-3015854985-14557 -> {883A41DA-2CDD-4160-AFEE-9CE877E62A6F} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-14] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-14] (Microsoft Corporation)

BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-14] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-14] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-14] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-14] (Microsoft Corporation)

 

FireFox:

========

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-14] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-05-14] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

 

Chrome:

=======

CHR Profile: C:\Users\Thea.Coleman\AppData\Local\Google\Chrome\User Data\Default [2018-06-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Thea.Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-03]

CHR Extension: (Chrome Media Router) - C:\Users\Thea.Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 ACT! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [81920 2009-08-24] (Sage Software, Inc.) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-19] (Microsoft Corporation)

S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [51872 2016-05-24] (ESET)

R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1648224 2016-05-24] (ESET)

R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1708192 2016-07-01] (ESET)

S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [193696 2016-05-24] (ESET)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)

S3 ItsmRsp; C:\Program Files (x86)\COMODO\Comodo ITSM\ItsmRsp.exe [1620160 2017-07-18] (COMODO)

R2 ITSMService; C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMService.exe [6619328 2017-07-18] (COMODO)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2018-06-06] (LogMeIn, Inc.)

R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [585704 2018-06-06] (LogMeIn, Inc.)

R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)

R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)

R2 PmService; C:\Program Files (x86)\COMODO\Comodo ITSM\PmService.exe [691392 2017-07-18] ()

R2 RmmService; C:\Program Files (x86)\COMODO\Comodo ITSM\RmmService.exe [120000 2017-07-18] ()

R2 Sage 50 Accounts Control v24; C:\Program Files (x86)\Sage\AccountsServiceV24\sg50CtrlSvc_v24.exe [2782208 2017-12-07] (Sage (UK) Ltd.) [File not signed]

R2 Sage 50 Accounts Service v24; C:\Program Files (x86)\Sage\AccountsServiceV24\sg50svc_v24.exe [4569088 2017-12-07] (Sage (UK) Ltd.) [File not signed]

R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]

R2 Sage AutoUpdate Manager Service v2; C:\Program Files (x86)\Common Files\Sage\Shared\AutoUpdateManager\v2\Sage.Central.AutoUpdateManager.Service.exe [8192 2017-10-12] (Sage UK Limited) [File not signed]

R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [43008 2017-06-30] (Sage (UK) Limited) [File not signed]

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-14] (Microsoft Corporation)

R2 SpmService; C:\Program Files (x86)\COMODO\Comodo ITSM\SpmService.exe [675520 2017-07-18] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [264864 2016-05-23] (ESET)

R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196768 2016-05-23] (ESET)

R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [180384 2016-05-23] (ESET)

R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)

S4 LMIRfsClientNP; no ImagePath

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )

R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [404184 2015-08-18] (Realsil Semiconductor Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-06-13 13:04 - 2018-06-13 13:05 - 000036842 _____ C:\Users\Thea.Coleman\Desktop\FRST.txt

2018-06-13 13:03 - 2018-06-13 13:04 - 000000000 ____D C:\FRST

2018-06-13 13:03 - 2018-06-13 13:03 - 002413056 _____ (Farbar) C:\Users\Thea.Coleman\Desktop\FRST64.exe

2018-06-13 10:35 - 2018-06-13 10:35 - 000100352 _____ C:\Users\Thea.Coleman\Desktop\Your Sage subscription invoice is ready.msg

2018-05-23 23:37 - 2018-05-23 23:37 - 000001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetHelpDesk.lnk

2018-05-23 23:37 - 2018-05-23 23:37 - 000001197 _____ C:\Users\Public\Desktop\NetHelpDesk.lnk

2018-05-23 23:36 - 2018-05-23 23:36 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3598439084-1869359879-3015854985-500

2018-05-23 23:35 - 2018-05-23 23:37 - 000000000 ____D C:\Program Files (x86)\NetHelpDesk

2018-05-23 23:35 - 2018-05-23 23:36 - 000002394 _____ C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2018-05-23 23:35 - 2018-05-23 23:36 - 000000000 ___RD C:\Users\administrator\OneDrive

2018-05-23 23:33 - 2018-05-23 23:35 - 000000000 ____D C:\Users\administrator\AppData\Local\PlaceholderTileLogoFolder

2018-05-23 23:33 - 2018-05-23 23:33 - 000000000 ____D C:\Users\administrator\AppData\Roaming\IsolatedStorage

2018-05-23 23:33 - 2018-05-23 23:33 - 000000000 ____D C:\Users\administrator\AppData\Roaming\ACT

2018-05-23 23:33 - 2018-05-23 23:33 - 000000000 ____D C:\Users\administrator\AppData\Local\LogMeIn

2018-05-23 23:33 - 2018-05-23 23:33 - 000000000 ____D C:\Users\administrator\AppData\Local\IsolatedStorage

2018-05-23 23:32 - 2018-05-23 23:34 - 000000000 ____D C:\Users\administrator\AppData\Local\Packages

2018-05-23 23:32 - 2018-05-23 23:32 - 000003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask

2018-05-23 23:32 - 2018-05-23 23:32 - 000000000 __SHD C:\Users\administrator\IntelGraphicsProfiles

2018-05-23 23:32 - 2018-05-23 23:32 - 000000000 ___RD C:\Users\administrator\3D Objects

2018-05-23 23:32 - 2018-05-23 23:32 - 000000000 ____D C:\Users\administrator\AppData\Roaming\Adobe

2018-05-23 23:32 - 2018-05-23 23:32 - 000000000 ____D C:\Users\administrator\AppData\Local\Publishers

2018-05-23 23:32 - 2018-05-23 23:32 - 000000000 ____D C:\Users\administrator\AppData\Local\Google

2018-05-23 23:32 - 2018-05-23 23:32 - 000000000 ____D C:\Users\administrator\AppData\Local\ConnectedDevicesPlatform

2018-05-23 23:31 - 2018-05-23 23:35 - 000000000 ____D C:\Users\administrator

2018-05-23 23:31 - 2018-05-23 23:31 - 000000812 __RSH C:\Users\administrator\ntuser.pol

2018-05-23 23:31 - 2018-05-23 23:31 - 000000020 ___SH C:\Users\administrator\ntuser.ini

2018-05-23 23:31 - 2016-12-14 15:41 - 000000000 ____D C:\Users\administrator\AppData\Local\Microsoft Help

2018-05-23 16:54 - 2018-05-23 16:54 - 000000000 ____D C:\Program Files\KeyboardNotification

2018-05-19 12:46 - 2018-05-19 12:47 - 000000000 ___HD C:\$WINDOWS.~BT

2018-05-18 11:29 - 2018-05-18 11:34 - 000000000 ____D C:\WINDOWS\NetworkDetectivePushDeploy

2018-05-14 20:32 - 2018-05-14 20:32 - 000176624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WirelessKB850NotificationService.exe

2018-05-14 16:03 - 2018-05-14 16:03 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk

2018-05-14 16:03 - 2018-05-14 16:03 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk

2018-05-14 16:03 - 2018-05-14 16:03 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk

2018-05-14 16:03 - 2018-05-14 16:03 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk

2018-05-14 16:03 - 2018-05-14 16:03 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk

2018-05-14 16:03 - 2018-05-14 16:03 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk

2018-05-14 16:03 - 2018-05-14 16:03 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk

2018-05-14 16:03 - 2018-05-14 16:03 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

2018-05-14 16:03 - 2018-05-14 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

2018-05-14 15:56 - 2018-06-07 10:13 - 000002395 _____ C:\Users\Thea.Coleman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2018-05-14 15:50 - 2018-05-14 15:50 - 000000000 ____D C:\Program Files\Microsoft Office 15

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-06-13 13:00 - 2016-12-14 16:28 - 000000120 _____ C:\WINDOWS\system32\config\netlogon.ftl

2018-06-13 12:56 - 2018-03-27 18:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2018-06-13 12:14 - 2016-12-13 17:54 - 000000000 ____D C:\ProgramData\LogMeIn

2018-06-13 10:18 - 2016-12-21 12:11 - 000001682 _____ C:\ProgramData\KGyGaAvL.sys

2018-06-13 09:40 - 2018-03-27 18:43 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E44F5C9-F373-42F8-8425-F13BB4F0A23A}

2018-06-13 07:03 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization

2018-06-12 07:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness

2018-06-11 10:44 - 2018-03-27 18:20 - 000000000 ____D C:\Users\Thea.Coleman\AppData\Local\Packages

2018-06-11 09:57 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps

2018-06-09 08:55 - 2018-03-27 09:19 - 000000000 ___DC C:\WINDOWS\Panther

2018-06-09 03:00 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp

2018-06-07 10:13 - 2018-03-27 18:43 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3598439084-1869359879-3015854985-14557

2018-06-07 10:13 - 2016-12-14 16:40 - 000000000 ___RD C:\Users\Thea.Coleman\OneDrive

2018-06-06 13:35 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF

2018-06-06 09:05 - 2016-12-13 17:54 - 000001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk

2018-06-06 09:05 - 2016-12-13 17:54 - 000000000 ____D C:\Program Files (x86)\LogMeIn

2018-06-06 09:04 - 2016-12-13 17:54 - 000114688 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll

2018-06-06 09:04 - 2016-12-13 17:54 - 000108512 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll

2018-06-06 00:24 - 2017-09-29 14:49 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2018-06-06 00:24 - 2017-09-29 14:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2018-05-30 09:25 - 2016-12-14 16:29 - 000003666 __RSH C:\ProgramData\ntuser.pol

2018-05-30 09:07 - 2018-03-28 08:59 - 000001616 __RSH C:\Users\Thea.Coleman\ntuser.pol

2018-05-30 09:07 - 2018-03-27 18:18 - 000000000 ____D C:\Users\Thea.Coleman

2018-05-23 23:32 - 2018-04-10 14:29 - 000000218 _____ C:\WINDOWS\system32\ricdb.ini

2018-05-23 23:32 - 2016-07-29 18:27 - 000000000 __RHD C:\Users\Public\AccountPictures

2018-05-23 17:02 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2018-05-23 17:00 - 2016-11-01 03:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2018-05-21 09:25 - 2018-03-27 18:14 - 000413152 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2018-05-21 09:24 - 2018-03-27 18:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2018-05-21 09:23 - 2017-09-29 09:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI

2018-05-17 03:29 - 2018-03-27 18:43 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2018-05-17 03:29 - 2018-03-27 18:43 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2018-05-16 13:01 - 2018-03-27 18:43 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2018-05-16 13:01 - 2016-12-14 14:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2018-05-15 21:30 - 2016-12-14 17:00 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-05-15 21:30 - 2016-12-14 17:00 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2018-05-14 15:50 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2018-05-14 15:36 - 2018-03-27 10:04 - 000000000 ____D C:\Program Files (x86)\MSBuild

2018-05-14 15:17 - 2016-07-16 12:47 - 000000151 _____ C:\WINDOWS\win.ini

 

==================== Files in the root of some directories =======

 

2016-12-21 12:11 - 2016-12-21 12:11 - 000000000 ____H () C:\Users\Thea.Coleman\AppData\Roaming\ActUpdate.log

2016-12-21 11:53 - 2016-12-21 11:53 - 000030571 _____ () C:\Users\Thea.Coleman\AppData\Roaming\NGEN_AppLog_Install.txt

2018-02-06 17:46 - 2018-02-06 17:46 - 000007623 _____ () C:\Users\Thea.Coleman\AppData\Local\Resmon.ResmonCfg

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2018-06-06 01:24

 

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by thea.walker (13-06-2018 13:06:07)

Running from C:\Users\Thea.Coleman\Desktop

Windows 10 Pro Version 1709 16299.431 (X64) (2018-03-27 17:45:25)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1752676497-1782322855-2452254022-500 - Administrator - Disabled)

cbsadmin (S-1-5-21-1752676497-1782322855-2452254022-1001 - Administrator - Enabled) => C:\Users\cbsadmin

DefaultAccount (S-1-5-21-1752676497-1782322855-2452254022-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-1752676497-1782322855-2452254022-1000 - Limited - Disabled) => C:\Users\defaultuser0

Guest (S-1-5-21-1752676497-1782322855-2452254022-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-1752676497-1782322855-2452254022-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: ESET Endpoint Antivirus 6.4.2014.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET Endpoint Antivirus 6.4.2014.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ACT! by Sage Premium 2010 (HKLM-x32\...\{565BA335-F3D6-466F-9AF8-B4A69A7F1300}) (Version: 12.0.0.0 - Sage Software, Inc.) Hidden

ACT! by Sage Premium 2010 (HKLM-x32\...\InstallShield_{565BA335-F3D6-466F-9AF8-B4A69A7F1300}) (Version: 12.0.0.0 - Sage Software, Inc.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)

COMODO Client - Communication (HKLM-x32\...\{3BB8CDDD-FF73-4A99-BC0B-EFEFFA0706C9}) (Version: 6.9.7380.17080 - COMODO Security Solutions Inc.)

ConnectWise Internet Client 64-bit (HKLM\...\{E8568185-1CB3-4F18-87A1-A4DBDF50DD7B}) (Version: 15.4.1 - ConnectWise)

Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.12.0510 - Lenovo)

ESET Endpoint Antivirus (HKLM\...\{A4B1B494-E6D4-4D4F-B87B-028A4B550079}) (Version: 6.4.2014.0 - ESET, spol. s r.o.)

ESET Remote Administrator Agent (HKLM\...\{94FB5797-B020-44BC-BCAB-DBB35366B9B0}) (Version: 6.4.283.0 - ESET, spol. s r.o.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation)

Lenovo App Explorer (HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\...\Host App Service) (Version: 0.271.1.400 - SweetLabs for Lenovo) <==== ATTENTION

LogMeIn (HKLM-x32\...\{F207DD0F-4C1B-44F5-8E68-176078DE0545}) (Version: 4.1.8832 - LogMeIn, Inc.)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9330.2073 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\...\OneDriveSetup.exe) (Version: 18.101.0520.0002 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

NetHelpDesk (HKLM\...\NetHelpDesk) (Version: 10.15.06 - NetHelpDesk Ltd)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2073 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2073 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2073 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2073 - Microsoft Corporation) Hidden

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7824 - Realtek Semiconductor Corp.)

Sage 50 Accounts (HKLM-x32\...\{3590aa65-fcaa-4824-a0fb-bea717bdbbbd}) (Version: 24.1.141.0 - Sage (UK) Ltd.)

Sage 50 Accounts (HKLM-x32\...\{7ECBAB60-486B-4CE6-A727-05B0149B3DDC}) (Version: 24.1.141.0 - Sage (UK) Ltd) Hidden

Sage 50 Accounts (HKLM-x32\...\{984d9724-7dcd-4296-8463-cf2cceab0a15}) (Version: 23.0.3.140 - Sage (UK) Ltd.) Hidden

Sage 50 Accounts Data Access Components (HKLM-x32\...\{D59AB1C7-AE84-44BF-AF19-EFCFA87D6DD1}) (Version: 24.1.141.0 - Sage (UK) Ltd) Hidden

Sage 50 Accounts ODBC 64 bit (HKLM\...\{2F117DD5-6206-436D-8154-94CF4A44F3A7}) (Version: 24.1.141.0 - Sage (UK) Ltd) Hidden

Sage 50 Accounts Report Pack (HKLM-x32\...\{48BD7141-1008-4FFF-952B-4B3D99A76175}) (Version: 24.1.141.0 - Sage (UK) Ltd) Hidden

Sage Data Exchange (HKLM-x32\...\{8FC1714D-E15D-446E-AF21-50FC06E4EA1F}) (Version: 1.0.0.0 - Sage) Hidden

Sage Data Exchange (HKLM-x32\...\{D5DF25E1-DB67-4311-BFEB-ECF806DD87FE}) (Version: 1.0.0.0 - Sage) Hidden

Sage Data Exchange Excel Connectivity Adapter (HKLM-x32\...\{2AB2EC65-05BA-456E-A638-075826517AEC}) (Version: 1.0.0.0 - Sage) Hidden

Sage Data Exchange Excel Connectivity Adapter (HKLM-x32\...\{E57D18B4-C757-4AD8-B82A-323BA4C4DF6C}) (Version: 1.0.0.0 - Sage) Hidden

Sage50AccountsV23ReportDesigner (HKLM-x32\...\{A2F33449-F0CF-452C-AB2F-6DF6FFAA6BA1}) (Version: 23.2.3.276 - Sage (UK) Ltd)

SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{8D6181F3-CACB-4B48-8B08-981F3A7F318B}) (Version: 13.0.0.99 - SAP)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AAB396C1-4338-4825-BFA1-A085F3C55781}) (Version: 2.19.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{7819341C-57E0-4F2B-A746-8F3EF9971A29}) (Version: 1.14.0.0 - Microsoft Corporation) Hidden

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)

Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET)

ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki121026.inf_amd64_d9c66a7a4ae5623d\igfxDTCM.dll [2017-03-07] (Intel Corporation)

ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0798C895-9934-4E46-B479-1117F1EC222E} - System32\Tasks\Sage.Global.Services.OverDrive.Core#Housekeeping => C:\Program Files (x86)\Common Files\Sage Data Exchange\Sage.Data.Exchange.Client.exe [2017-11-08] ()

Task: {0B1D2F54-57CC-44C6-8404-4D91A3D69CD6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Task: {0F8D5881-565E-464D-8FC1-6999EDF9A666} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-22] (Microsoft Corporation)

Task: {0FBD62A9-78DC-4C23-8236-48FB0894204E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-14] (Google Inc.)

Task: {1202D0AD-2260-4030-AB34-CC4E25906805} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-22] (Microsoft Corporation)

Task: {3FA23452-1885-42B7-9A2A-7EACEF84E127} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK

Task: {50FD50F2-D99F-4982-BA1D-D563E6D09D68} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [2017-09-29] (Microsoft Corporation)

Task: {63424D7F-D139-444E-8512-E9C30C707C9F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-22] (Microsoft Corporation)

Task: {740E2EE1-0AB7-472B-A691-833010F937E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-14] (Google Inc.)

Task: {B01A4210-BC31-41E7-B5B7-D126BDE02DCE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-22] (Microsoft Corporation)

Task: {D1A60C9B-83F3-495E-9B2E-9DFDFE3358F3} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-05-22] (Microsoft Corporation)

Task: {D6EB7C57-086C-4C5B-8FFD-39D0A5264A84} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-22] (Microsoft Corporation)

Task: {DC0D00A0-E596-48E3-84D0-00E961412A91} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-19] (Microsoft Corporation)

Task: {DD56ED20-43F1-471F-96F6-C1AAE97D3DEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

Task: {E75D0887-B35B-46A8-891D-A4F84D605DFD} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}

Task: {FC50679D-971A-496B-A702-A55D3E51F1C7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-19] (Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2017-07-18 13:26 - 2017-07-18 13:26 - 000691392 _____ () C:\Program Files (x86)\COMODO\Comodo ITSM\PmService.exe

2017-07-18 13:26 - 2017-07-18 13:26 - 000120000 _____ () C:\Program Files (x86)\COMODO\Comodo ITSM\RmmService.exe

2017-07-18 13:26 - 2017-07-18 13:26 - 000675520 _____ () C:\Program Files (x86)\COMODO\Comodo ITSM\SpmService.exe

2018-05-10 09:18 - 2018-04-15 21:08 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll

2018-03-29 03:04 - 2018-02-22 01:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2018-03-29 03:04 - 2018-02-22 01:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2018-05-22 07:26 - 2018-05-22 07:26 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2018-05-22 07:26 - 2018-05-22 07:26 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2018-05-22 07:26 - 2018-05-22 07:26 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2018-05-22 07:26 - 2018-05-22 07:26 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll

2017-06-20 10:12 - 2018-06-06 09:03 - 002923000 _____ () C:\Program Files (x86)\LogMeIn\x64\ksu.dll

2018-05-15 21:30 - 2018-05-15 04:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll

2018-05-15 21:30 - 2018-05-15 04:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll

2017-09-29 14:41 - 2017-09-29 14:41 - 000030208 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe

2017-07-18 12:34 - 2017-07-18 12:34 - 000070144 _____ () C:\Program Files (x86)\COMODO\Comodo ITSM\qhttpserver.dll

2017-06-14 21:17 - 2017-06-14 21:17 - 000108544 _____ () C:\Program Files (x86)\COMODO\Comodo ITSM\rmmproxy.dll

2017-07-11 11:56 - 2017-07-11 11:56 - 000977920 _____ () C:\Program Files (x86)\COMODO\Comodo ITSM\pmagent.dll

2017-07-05 17:13 - 2017-07-05 17:13 - 000823296 _____ () C:\Program Files (x86)\COMODO\Comodo ITSM\rmm.dll

2017-07-11 11:56 - 2017-07-11 11:56 - 000896000 _____ () C:\Program Files (x86)\COMODO\Comodo ITSM\spmagent.dll

2015-09-05 04:34 - 2015-09-05 04:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2018-05-14 15:54 - 2018-05-14 15:59 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ClientTelemetry.dll

2018-05-14 15:50 - 2018-05-14 15:51 - 000302256 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\IEAWSDC.DLL

2018-05-14 15:52 - 2018-05-14 15:52 - 000164528 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll

2018-05-14 15:51 - 2018-05-14 15:53 - 001754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll

2018-05-14 15:51 - 2018-05-14 15:51 - 001030312 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\...\sharepoint.com -> hxxps://cornerstone341-files.sharepoint.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3598439084-1869359879-3015854985-14557\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg

DNS Servers: 172.16.1.17 - 172.16.1.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{461671C7-42E2-479F-98F0-6B48EC6B2FC0}] => (Allow) C:\Program Files (x86)\Common Files\Sage SBD\SbdDesktop\V14\SBDDesktop.exe

FirewallRules: [{63924CDE-C333-4999-AD3F-BEFCEF81BAE3}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV24\sg50CtrlSvc_v24.exe

FirewallRules: [{2C783235-983F-4D07-92A8-69C8315D870D}] => (Allow) C:\Program Files (x86)\Sage\AccountsServiceV24\sg50svc_v24.exe

FirewallRules: [{680D427C-4682-48B1-887F-E50B4F36CE32}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{F39EFCA0-DEFB-4CB3-AAB9-CDD38D77FF7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{AC907FC2-7199-4F7C-9D98-454527009A35}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{6AF2E4E9-90E6-4EDB-9DE0-13573A4710E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{70659391-A6A7-49A1-9DD4-F3F7DD425140}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{2F47BBEF-07BF-4F29-B995-54D977164BFE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

 

==================== Restore Points =========================

 

01-06-2018 01:24:22 Scheduled Checkpoint

09-06-2018 03:00:10 Windows Update

09-06-2018 03:00:58 Windows Update

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/13/2018 11:46:54 AM) (Source: Microsoft Office 16) (EventID: 1000) (User: )

Description: Faulting application outlook.exe, version 16.0.9330.2073, stamp 5af78454, faulting module mso20win32client.dll, version 16.0.9330.2073, stamp 5aff7102, debug? 0, fault address 0x0016a930.

 

Error: (06/13/2018 11:36:07 AM) (Source: Outlook) (EventID: 35) (User: )

Description: Failed to determine if the store is in the crawl scope (error=0x80070008).

 

Error: (06/13/2018 11:36:07 AM) (Source: Outlook) (EventID: 34) (User: )

Description: Failed to get the Crawl Scope Manager with error=0x80070008.

 

Error: (06/13/2018 11:16:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CBSLTD)

Description: Package Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

 

Error: (06/13/2018 04:39:06 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Event-ID 0

 

Error: (06/12/2018 04:39:04 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Event-ID 0

 

Error: (06/11/2018 10:16:26 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program OUTLOOK.EXE version 16.0.9330.2073 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: 8ba4

 

Start Time: 01d3feffbf544851

 

Termination Time: 70

 

Application Path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

 

Report Id: f36877cc-eeb8-42dd-b7ee-e02ffdbc77bf

 

Faulting package full name:

 

Faulting package-relative application ID:

 

Error: (06/11/2018 04:39:04 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Event-ID 0

 

 

System errors:

=============

Error: (06/13/2018 01:04:04 PM) (Source: DCOM) (EventID: 10016) (User: CBSLTD)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{9BA05972-F6A8-11CF-A442-00A0C90A8F39}

and APPID

{9BA05972-F6A8-11CF-A442-00A0C90A8F39}

to the user CBSLTD\thea.walker SID (S-1-5-21-3598439084-1869359879-3015854985-14557) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (06/13/2018 01:02:05 PM) (Source: DCOM) (EventID: 10016) (User: CBSLTD)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8BC3F05E-D86B-11D0-A075-00C04FB68820}

and APPID

{8BC3F05E-D86B-11D0-A075-00C04FB68820}

to the user CBSLTD\thea.walker SID (S-1-5-21-3598439084-1869359879-3015854985-14557) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

 

Error: (06/13/2018 01:01:46 PM) (Source: DCOM) (EventID: 10016) (User: CBSLTD)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{9BA05972-F6A8-11CF-A442-00A0C90A8F39}

and APPID

{9BA05972-F6A8-11CF-A442-00A0C90A8F39}

to the user CBSLTD\thea.walker SID (S-1-5-21-3598439084-1869359879-3015854985-14557) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (06/13/2018 12:37:26 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (06/13/2018 11:57:06 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CBSLTD)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (06/13/2018 11:01:26 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (06/13/2018 10:22:05 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CBSLTD)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (06/13/2018 09:17:18 AM) (Source: DCOM) (EventID: 10016) (User: CBSLTD)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8BC3F05E-D86B-11D0-A075-00C04FB68820}

and APPID

{8BC3F05E-D86B-11D0-A075-00C04FB68820}

to the user CBSLTD\thea.walker SID (S-1-5-21-3598439084-1869359879-3015854985-14557) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

 

 

CodeIntegrity:

===================================

 

Date: 2018-05-14 17:22:36.767

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

 

Date: 2018-05-14 17:17:36.773

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

 

Date: 2018-05-14 17:12:36.769

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

 

Date: 2018-05-14 17:07:36.774

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

 

Date: 2018-05-14 17:02:36.763

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

 

Date: 2018-05-14 16:57:36.744

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

 

Date: 2018-05-14 16:52:36.733

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

 

Date: 2018-05-14 16:47:36.739

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i3-6100 CPU @ 3.70GHz

Percentage of memory in use: 84%

Total physical RAM: 8102.79 MB

Available physical RAM: 1218.48 MB

Total Virtual: 25151.09 MB

Available Virtual: 9479.4 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:433.92 GB) (Free:311.83 GB) NTFS

 

\\?\Volume{aa39ed33-2f44-4684-883e-5820b1af222d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

\\?\Volume{7ccfec8a-0793-4de8-825c-334e251b1fd8}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.58 GB) NTFS

\\?\Volume{63e96408-6d55-4303-ab25-cf4e552b1165}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:21.04 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 4981916E)

 

Partition: GPT.

 

==================== End of Addition.txt ============================


Edited by BoroRobUK, 13 June 2018 - 07:50 AM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 18 June 2018 - 05:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/679031 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 23 June 2018 - 05:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users