[RESOLVED] Infected Computer
Page 1 of 4 123 ... LastLast
Results 1 to 15 of 47

Thread: [RESOLVED] Infected Computer

  1. #1
    Join Date
    Mar 2018
    Posts
    38

    Resolved [RESOLVED] Infected Computer

    I have an infected computer and would like to know how to clean it up. Things like typing in word and the font automatically changes, while I am typing pages keep popping up and constantly freezing. Please help!

  2. #2
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    Please read the forum rules first: ALL-MEMBERS-PLEASE-READ-Rules-for-this-forum-(Updated-3-21-2015)

    Copy/paste the FRST.txt and Addition.txt text as replies to this thread. Split the text across multiple replies if necessary.

  3. #3
    Join Date
    Mar 2018
    Posts
    38
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
    Ran by imanetter2 (administrator) on DESKTOP-A3ERS1F (29-03-2018 17:16:02)
    Running from C:\Users\imanetter2\Downloads
    Loaded Profiles: imanetter2 (Available Profiles: defaultuser0 & imanetter2)
    Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
    (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
    (McAfee LLC) C:\Windows\System32\mfevtps.exe
    (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010\Planner\PLNRnote.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    () C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    () C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.0.0_x86__7kk3kr9e0p1np\RoboFormCompanion.exe
    (Siber Systems Inc.) C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.0.0_x86__7kk3kr9e0p1np\DesktopBridge\rf-edge-nm-host.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Farbar) C:\Users\imanetter2\Downloads\FRST64 (1).exe

  4. #4
    Join Date
    Mar 2018
    Posts
    38
    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [307184 2010-07-16] (Sonic Solutions)
    HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe [84464 2010-07-13] ()
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe [477680 2010-06-30] ()
    HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
    HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [4871680 2017-09-06] (Sanford, L.P.)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-22] (SUPERAntiSpyware)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3770504 2017-02-08] (HP Inc.)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2018-02-19] (Siber Systems)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\MountPoints2: {29d0244a-0a99-11e8-a059-1c1b0d4ba688} - "K:\windows\AutoRun.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk [2017-03-21]
    ShortcutTarget: Event Planner Reminder 2010.lnk -> C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Acresso Software Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{77ddc069-532e-4e24-a781-a99b86c45bc1}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.att.net/
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    SearchScopes: HKU\S-1-5-21-307245717-3383863141-3362516440-1005 -> {28E92F34-068D-4637-8DBF-372154D4553D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-02-19] (Siber Systems Inc.)
    BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-02-19] (Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-23] (Oracle Corporation)
    BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-23] (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-02-19] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-02-19] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-307245717-3383863141-3362516440-1005 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-02-19] (Siber Systems Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-01-25] (McAfee, Inc.)

    Edge:
    ======
    Edge Extension: (RoboForm) -> EdgeExtension_SiberSystemsIncRoboFormEdge_7kk3kr9e0p1np => C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.0.0_x86__7kk3kr9e0p1np [2018-02-20]

    FireFox:
    ========
    FF DefaultProfile: 8t4mtusf.default
    FF ProfilePath: C:\Users\imanetter2\AppData\Roaming\Mozilla\Firefox\Profiles\8t4mtusf.default [2018-03-29]
    FF Extension: (leethax.net extension) - C:\Users\imanetter2\AppData\Roaming\Mozilla\Firefox\Profiles\8t4mtusf.default\Extensions\leethax@leethax.net.xpi [2017-10-24] [Legacy]
    FF Extension: (RoboForm Password Manager) - C:\Users\imanetter2\AppData\Roaming\Mozilla\Firefox\Profiles\8t4mtusf.default\Extensions\rf-firefox@siber.com.xpi [2018-03-02]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-14]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-23] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

  5. #5
    Join Date
    Mar 2018
    Posts
    38
    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
    CHR DefaultSearchKeyword: Default -> Yahoo
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
    CHR Profile: C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default [2018-03-26]
    CHR Extension: (Docs) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
    CHR Extension: (Google Drive) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-06]
    CHR Extension: (YouTube) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-06]
    CHR Extension: (Yahoo Partner) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2017-07-23]
    CHR Extension: (Google Calendar) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-07-06]
    CHR Extension: (Sheets) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-15]
    CHR Extension: (Google Docs Offline) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-06]
    CHR Extension: (Google Calendar New Tab) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jicjemeflnclfknbimpboidnipbfkeeh [2017-07-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29]
    CHR Extension: (Gmail) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-06]
    CHR Extension: (Chrome Media Router) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-07]
    CHR Extension: (RoboForm Password Manager) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2018-03-06]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2017-10-21]
    CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2017-10-21]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
    R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] ()
    S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
    R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2017-09-06] (Sanford, L.P.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-10-16] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
    S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
    R3 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
    R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
    S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
    R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
    S3 IaNVMe; C:\WINDOWS\System32\drivers\IaNVMe.sys [101872 2016-01-26] (Intel Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-29] (Malwarebytes)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
    U3 mfeavfk01; no ImagePath
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
    R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
    R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-09-29] (MediaTek Inc.)
    S3 nvme; C:\WINDOWS\System32\drivers\nvme.sys [119840 2015-12-16] (Samsung Electronics Co., Ltd)
    S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
    S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-03-29 17:15 - 2018-03-29 17:15 - 002403328 _____ (Farbar) C:\Users\imanetter2\Downloads\FRST64 (1).exe
    2018-03-29 15:24 - 2018-03-29 15:24 - 000000824 _____ C:\Users\imanetter2\Desktop\hosts.txt
    2018-03-29 15:18 - 2018-03-29 15:18 - 000388608 _____ (Trend Micro Inc.) C:\Users\imanetter2\Downloads\HijackThis.exe
    2018-03-29 10:00 - 2018-02-28 08:04 - 000012288 _____ C:\Users\imanetter2\Desktop\Monthly Budget March 1.xlr
    2018-03-29 10:00 - 2018-02-26 14:37 - 000011776 _____ C:\Users\imanetter2\Desktop\Monthly Budget March 2.xlr
    2018-03-29 09:36 - 2018-03-29 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2018-03-28 13:33 - 2018-03-28 13:33 - 000298015 _____ C:\Users\imanetter2\Desktop\20180328_133013_1522261860894.jpeg
    2018-03-28 12:57 - 2018-03-28 12:57 - 000085202 _____ C:\Users\imanetter2\Desktop\0311 Klesker, Judith April Statement.pdf
    2018-03-27 11:59 - 2018-03-27 12:04 - 000001051 _____ C:\Users\imanetter2\Desktop\Letter.txt
    2018-03-27 11:37 - 2018-03-27 11:37 - 002974520 _____ C:\Users\imanetter2\Desktop\PERSONAL REPRESENTATIVE DESIGNATION.tif
    2018-03-27 11:09 - 2018-03-27 11:09 - 001427227 _____ C:\Users\imanetter2\Desktop\PRD HFS Form 3806F.pdf
    2018-03-23 23:14 - 2018-03-23 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2018-03-22 18:36 - 2018-03-22 18:37 - 000000000 ____D C:\Users\imanetter2\Desktop\Loan Papers
    2018-03-22 18:35 - 2018-03-22 18:36 - 000000000 ____D C:\Users\imanetter2\Desktop\Palos Hospital
    2018-03-22 16:11 - 2018-03-29 09:31 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-03-22 16:11 - 2018-03-22 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-03-22 13:52 - 2018-03-22 13:52 - 000021504 _____ C:\Users\imanetter2\Desktop\Untitled Document.wps
    2018-03-20 10:26 - 2018-03-20 10:26 - 000002236 _____ C:\Users\imanetter2\Desktop\Lincare Complaint.txt
    2018-03-18 10:06 - 2018-03-18 10:06 - 000246272 _____ C:\Users\imanetter2\Desktop\Todd Regan's Grave Location.wps
    2018-03-17 09:09 - 2018-03-17 09:09 - 000347426 _____ C:\Users\imanetter2\Desktop\PTAX-340.pdf
    2018-03-14 13:04 - 2018-03-29 15:15 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
    2018-03-13 18:01 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2018-03-13 18:01 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-03-13 18:01 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-03-13 18:01 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-03-13 18:01 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2018-03-13 18:01 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2018-03-13 18:01 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
    2018-03-13 18:01 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-03-13 18:01 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-03-13 18:01 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-03-13 18:01 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
    2018-03-13 18:01 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-03-13 18:01 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
    2018-03-13 18:01 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2018-03-13 18:01 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-03-13 18:01 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-03-13 18:01 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-03-13 18:01 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-03-13 18:01 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-03-13 18:01 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-03-13 18:01 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-03-13 18:01 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-03-13 18:01 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-03-13 18:01 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2018-03-13 18:01 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-03-13 18:01 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2018-03-13 18:01 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
    2018-03-13 18:01 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2018-03-13 18:01 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2018-03-13 18:01 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2018-03-13 18:01 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2018-03-13 18:01 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2018-03-13 18:01 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-03-13 18:01 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2018-03-13 18:00 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-03-13 18:00 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
    2018-03-13 18:00 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
    2018-03-13 18:00 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
    2018-03-13 18:00 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
    2018-03-13 18:00 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
    2018-03-13 18:00 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2018-03-13 18:00 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
    2018-03-13 18:00 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2018-03-13 18:00 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2018-03-13 18:00 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2018-03-13 18:00 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2018-03-13 18:00 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2018-03-13 18:00 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2018-03-13 18:00 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2018-03-13 18:00 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2018-03-13 18:00 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2018-03-13 18:00 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2018-03-13 18:00 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-03-13 18:00 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2018-03-13 18:00 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2018-03-13 18:00 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2018-03-13 18:00 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-03-13 18:00 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-03-13 18:00 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-03-13 18:00 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-03-13 18:00 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-03-13 18:00 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-03-13 18:00 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-03-13 18:00 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-03-13 18:00 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2018-03-13 18:00 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers

  6. #6
    Join Date
    Mar 2018
    Posts
    38
    \dxgkrnl.sys
    2018-03-13 18:00 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-03-13 18:00 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
    2018-03-13 18:00 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2018-03-13 18:00 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2018-03-13 18:00 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2018-03-13 18:00 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-03-13 18:00 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2018-03-13 18:00 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
    2018-03-13 18:00 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2018-03-13 18:00 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
    2018-03-13 18:00 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-03-13 18:00 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-03-13 18:00 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-03-13 18:00 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2018-03-13 18:00 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2018-03-13 18:00 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-03-13 18:00 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-03-13 18:00 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
    2018-03-13 18:00 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2018-03-13 18:00 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
    2018-03-13 18:00 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2018-03-13 18:00 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-03-13 18:00 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
    2018-03-13 18:00 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2018-03-13 18:00 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-03-13 18:00 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-03-13 18:00 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2018-03-13 18:00 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2018-03-13 18:00 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
    2018-03-13 18:00 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2018-03-13 18:00 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
    2018-03-13 18:00 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-03-13 18:00 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
    2018-03-13 18:00 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-03-13 18:00 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-03-13 18:00 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-03-13 18:00 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-03-13 18:00 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-03-13 18:00 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-03-13 18:00 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-03-13 18:00 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-03-13 18:00 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
    2018-03-13 18:00 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2018-03-13 18:00 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2018-03-13 18:00 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
    2018-03-13 18:00 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
    2018-03-13 18:00 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2018-03-13 18:00 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-03-13 18:00 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
    2018-03-13 18:00 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-03-13 18:00 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2018-03-13 18:00 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-03-13 18:00 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-03-13 18:00 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2018-03-13 18:00 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
    2018-03-13 18:00 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-03-13 18:00 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2018-03-13 18:00 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
    2018-03-13 18:00 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2018-03-13 18:00 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
    2018-03-13 18:00 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2018-03-13 18:00 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-03-13 18:00 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
    2018-03-13 18:00 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2018-03-13 18:00 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2018-03-13 18:00 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-03-13 18:00 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
    2018-03-13 18:00 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-03-13 18:00 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-03-13 18:00 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
    2018-03-13 18:00 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-03-13 18:00 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-03-13 18:00 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-03-13 18:00 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
    2018-03-13 18:00 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-03-13 18:00 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-03-13 18:00 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-03-13 18:00 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-03-13 18:00 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-03-13 18:00 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-03-13 18:00 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2018-03-13 18:00 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-03-13 18:00 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2018-03-13 18:00 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2018-03-13 18:00 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
    2018-03-13 18:00 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2018-03-13 18:00 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2018-03-13 18:00 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2018-03-13 18:00 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
    2018-03-13 18:00 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
    2018-03-13 18:00 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
    2018-03-13 18:00 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2018-03-13 18:00 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-03-13 18:00 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-03-13 18:00 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2018-03-13 18:00 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-03-13 18:00 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
    2018-03-13 18:00 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-03-13 18:00 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-03-13 18:00 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-03-13 18:00 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-03-13 18:00 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-03-13 18:00 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
    2018-03-13 18:00 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2018-03-13 18:00 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-03-13 18:00 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2018-03-13 18:00 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2018-03-13 18:00 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2018-03-13 18:00 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-03-13 18:00 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
    2018-03-13 18:00 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
    2018-03-13 18:00 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
    2018-03-13 18:00 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2018-03-13 18:00 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2018-03-13 18:00 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2018-03-13 18:00 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2018-03-13 09:21 - 2018-03-13 09:21 - 000009677 _____ C:\Users\imanetter2\Desktop\Equal Access letter.pdf
    2018-03-13 08:51 - 2018-03-13 08:51 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-03-06 12:01 - 2018-03-06 12:03 - 000081448 _____ C:\Users\imanetter2\Desktop\My lab-results.pdf
    2018-03-06 12:01 - 2018-03-06 12:01 - 000072797 _____ C:\Users\imanetter2\Downloads\lab-results.zip
    2018-02-28 15:44 - 2018-03-05 12:25 - 000000000 ___RD C:\Users\imanetter2\Desktop\Computer Backup 2-28-18

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-03-29 17:16 - 2018-01-26 20:48 - 000024513 _____ C:\Users\imanetter2\Downloads\FRST.txt
    2018-03-29 17:16 - 2018-01-26 20:48 - 000000000 ____D C:\FRST
    2018-03-29 17:12 - 2017-12-18 18:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-03-29 16:29 - 2017-03-16 13:28 - 000000000 ____D C:\Users\imanetter2\AppData\LocalLow\Mozilla
    2018-03-29 15:33 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-03-29 15:18 - 2017-03-16 12:14 - 000000000 ____D C:\Users\imanetter2\AppData\Local\VirtualStore
    2018-03-29 13:39 - 2017-03-16 18:44 - 000019482 _____ C:\Users\imanetter2\AppData\Roaming\wklnhst.dat
    2018-03-29 13:16 - 2017-12-18 19:18 - 000004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A12F889F-3AC3-4840-83D1-A29D089F429F}
    2018-03-29 11:20 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2018-03-29 09:35 - 2017-12-18 19:10 - 001605530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-03-29 09:31 - 2017-12-18 19:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-03-29 09:31 - 2017-03-18 10:03 - 000000384 _____ C:\WINDOWS\Tasks\HPCeeScheduleForimanetter2.job
    2018-03-29 09:30 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2018-03-29 08:42 - 2017-12-18 19:18 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2018-03-29 06:49 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-03-29 06:49 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-03-29 06:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2018-03-28 22:29 - 2017-12-18 19:18 - 000003296 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForimanetter2
    2018-03-28 19:52 - 2017-12-18 18:54 - 000000000 ____D C:\Users\imanetter2
    2018-03-28 12:57 - 2017-06-25 19:54 - 000000000 ____D C:\Users\imanetter2\AppData\Local\CrashDumps
    2018-03-28 10:21 - 2017-03-21 18:13 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-03-27 13:37 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
    2018-03-27 11:44 - 2017-09-20 12:55 - 000002215 _____ C:\Users\imanetter2\Desktop\Documents.lnk
    2018-03-26 20:10 - 2017-12-19 09:23 - 000000000 ____D C:\WINDOWS\Minidump
    2018-03-26 17:52 - 2017-03-16 20:00 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2018-03-24 09:28 - 2017-03-30 13:38 - 000000000 ___RD C:\Users\imanetter2\Desktop\Computer Fixes
    2018-03-23 08:13 - 2017-12-18 19:39 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-307245717-3383863141-3362516440-1005
    2018-03-23 08:12 - 2017-03-16 12:16 - 000002378 _____ C:\Users\imanetter2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-03-23 08:12 - 2017-03-16 12:16 - 000000000 ___RD C:\Users\imanetter2\OneDrive
    2018-03-22 18:39 - 2017-07-06 15:42 - 000002333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-03-22 16:50 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-03-22 13:45 - 2017-06-29 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2018-03-22 13:45 - 2017-06-29 19:49 - 000000000 ____D C:\Program Files\RogueKiller
    2018-03-22 13:45 - 2017-06-13 16:17 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2018-03-15 10:32 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
    2018-03-14 18:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
    2018-03-14 09:18 - 2017-10-16 19:37 - 000000000 ___RD C:\Users\imanetter2\3D Objects
    2018-03-14 09:18 - 2016-08-31 13:56 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-03-14 06:38 - 2017-12-18 18:49 - 000442008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-03-14 06:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
    2018-03-14 06:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2018-03-14 06:35 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-03-13 18:12 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-03-13 18:12 - 2017-03-16 14:51 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-03-13 18:10 - 2017-10-10 19:54 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2018-03-13 18:09 - 2017-03-16 14:51 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-03-13 18:03 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-03-13 18:03 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2018-03-13 08:51 - 2017-12-18 19:18 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2018-03-13 08:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-03-13 08:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-03-12 18:13 - 2017-03-16 12:31 - 000000000 ____D C:\Program Files (x86)\McAfee
    2018-03-11 06:37 - 2017-03-16 12:26 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2018-03-11 06:36 - 2017-12-18 19:18 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
    2018-03-11 06:35 - 2017-12-18 19:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2018-03-11 06:35 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-03-11 06:33 - 2017-03-16 12:26 - 000000000 ____D C:\ProgramData\McAfee
    2018-03-07 17:47 - 2017-12-18 19:18 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
    2018-03-06 13:33 - 2017-03-17 20:50 - 000000000 ____D C:\Users\imanetter2\AppData\Local\ElevatedDiagnostics
    2018-03-06 07:18 - 2017-03-16 20:46 - 000000000 ____D C:\ProgramData\Sonic
    2018-03-02 16:09 - 2017-09-29 08:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-03-02 16:09 - 2017-09-29 08:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-03-02 10:46 - 2017-05-16 18:50 - 000004341 _____ C:\Users\imanetter2\Desktop\Desktop Notes 2-20-18.txt
    2018-03-02 10:28 - 2017-09-03 08:12 - 000000000 ____D C:\Users\imanetter2\Desktop\Judy
    2018-03-02 06:49 - 2018-02-24 12:49 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-03-02 06:49 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender

    ==================== Files in the root of some directories =======

    2017-03-16 18:44 - 2018-03-29 13:39 - 000019482 _____ () C:\Users\imanetter2\AppData\Roaming\wklnhst.dat
    2017-04-02 10:34 - 2017-04-02 10:34 - 000000000 _____ () C:\Users\imanetter2\AppData\Local\rx_image32.Cache

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-03-29 13:31

    ==================== End of FRST.txt ============================

  7. #7
    Join Date
    Mar 2018
    Posts
    38
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by imanetter2 (29-03-2018 17:16:53)
    Running from C:\Users\imanetter2\Downloads
    Windows 10 Home Version 1709 16299.309 (X64) (2017-12-19 00:20:35)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-307245717-3383863141-3362516440-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-307245717-3383863141-3362516440-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-307245717-3383863141-3362516440-1003 - Limited - Disabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-307245717-3383863141-3362516440-501 - Limited - Disabled)
    imanetter2 (S-1-5-21-307245717-3383863141-3362516440-1005 - Administrator - Enabled) => C:\Users\imanetter2
    WDAGUtilityAccount (S-1-5-21-307245717-3383863141-3362516440-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
    Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
    DirectX 9 Runtime (HKLM-x32\...\{3A9527CF-4E91-4683-A03F-F1AD022126E5}) (Version: 1.00.0000 - Sonic Solutions) Hidden
    DYMO Label (HKLM-x32\...\{CE289CFA-898E-4601-B858-A25EC0CEA9EE}) (Version: 8.7.0.44412 - Newell Rubbermaid)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
    Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Hallmark Card Studio 2010 (HKLM-x32\...\{601BE80D-247B-4084-94C7-7A54369DB7A2}) (Version: 11.0.2.1 - Creative Home)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ENVY 5660 series Basic Device Software (HKLM\...\{ED9AAC09-EC23-4794-B171-BFE7076B442C}) (Version: 40.11.1107.1739 - HP Inc.)
    HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP PhotoSmart Photo Printing Software (HKLM-x32\...\HP PhotoSmart Photo Printing Software) (Version: - )
    HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
    Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
    Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
    RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
    RoboForm 8-4-7-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-7-7 - Siber Systems)
    RogueKiller version 12.12.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.9.0 - Adlice Software)
    Roxio Creator 2011 (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
    Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
    SCRABBLE® (HKLM-x32\...\SCRABBLE®) (Version: - )
    SecurityCenter (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
    SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) Hidden
    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
    Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
    TomTom MyDrive Connect 4.2.0.3377 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.0.3377 - TomTom)
    VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-307245717-3383863141-3362516440-1005_Classes\CLSID\{4D766FD3-B880-49D3-B7BD-6CF925221E04}\InprocServer32 -> C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
    ContextMenuHandlers1_S-1-5-21-307245717-3383863141-3362516440-1005: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
    ContextMenuHandlers2_S-1-5-21-307245717-3383863141-3362516440-1005: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
    ContextMenuHandlers6_S-1-5-21-307245717-3383863141-3362516440-1005: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {075192A5-AD07-4A03-AECF-54D7F16D1171} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {0EC7C271-3341-4FC1-93D6-1D065A0981C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
    Task: {34D45209-6E47-4A26-B3F0-C91D0B0F70A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-10] (Google Inc.)
    Task: {40E0FF84-8822-4E4B-9878-0F10BAEDFFAE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
    Task: {4ECBB9FD-5CE2-4F3F-AE41-187F390AD4E9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-19] ()
    Task: {5DA34781-8D26-4547-80E8-6B0B285F2819} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {67CEC85C-0BAD-41BA-8976-3DED7DA29765} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
    Task: {71D40844-0014-4F60-A51D-251684F0E8DB} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2018-02-19] (Siber Systems)
    Task: {7204E1F0-38CD-4328-ADF3-631C872D0239} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
    Task: {8E21FD66-67B1-48F6-9D1D-DB5D1DE2228C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
    Task: {A5B64E5D-781F-4FF7-99A7-3E7B6C85CE23} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {A5BBB9AD-6B42-4FE4-862D-CDC1087D5D7A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
    Task: {A744F3F8-0587-401E-8319-C27C56E89A2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
    Task: {AF0717E3-5473-4BBE-BEF9-986DEE5C5297} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
    Task: {BC8F368E-3174-4B2A-ADA7-C6BF0F03E7C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
    Task: {C80702D0-A8E9-472D-BDDA-DAD1F9B1C02B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <====

  8. #8
    Join Date
    Mar 2018
    Posts
    38
    ATTENTION
    Task: {CAE6B94E-2A3D-406A-A0CF-D0204F3C6F15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {CF572A1F-4FA2-4F9F-BB25-02495598BEDA} - System32\Tasks\HPCeeScheduleForimanetter2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
    Task: {DA75A649-7FC3-411F-B027-D30AC4FC62C2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {EBC3FE61-3774-49DB-9C7F-DD0C5B219510} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
    Task: {ECCAE637-2C9A-41F7-B71E-987AFECB47F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-10] (Google Inc.)
    Task: {EF3C6606-4B7F-4DCB-91A6-D053C90C49B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {F3C43374-8220-4D13-9CA9-CD8F923FA0EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleForimanetter2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\imanetter2\Desktop\For New Computer 3-16-17\For New Computer\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm
    Shortcut: C:\Users\imanetter2\Desktop\Computer Backup 2-28-18\For New Computer 3-16-17\For New Computer\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm

    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2015-11-04 17:43 - 2015-11-04 17:43 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
    2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
    2015-11-04 17:43 - 2015-11-04 17:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2010-07-14 04:00 - 2010-07-14 04:00 - 000032240 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    2009-06-02 19:05 - 2009-06-02 19:05 - 000457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    2017-11-26 19:05 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-12-12 08:13 - 2017-12-12 08:14 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
    2018-03-22 07:08 - 2018-03-22 07:08 - 002426040 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2018-03-22 07:08 - 2018-03-22 07:08 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
    2017-12-02 08:22 - 2017-12-02 08:22 - 000843672 _____ () C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.17112.0_x64__8wekyb3d8bbwe\Microsoft.Services.Store.Engagement.dll
    2018-03-17 07:01 - 2018-03-17 07:01 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2017-09-29 08:41 - 2017-09-29 08:41 - 004069888 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
    2018-03-13 18:00 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2018-03-13 18:00 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-03-24 06:05 - 2018-03-24 06:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-03-24 06:05 - 2018-03-24 06:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-03-24 06:05 - 2018-03-24 06:05 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-03-24 06:05 - 2018-03-24 06:05 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
    2017-07-24 18:11 - 2018-01-05 17:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
    2017-07-24 18:11 - 2018-01-05 17:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
    2010-07-13 21:23 - 2010-07-13 21:23 - 000084464 _____ () C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
    2015-11-04 17:43 - 2015-11-04 17:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-03-29 06:47 - 2018-03-29 06:48 - 067038720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2017-09-30 06:31 - 2017-09-30 06:32 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2018-02-16 07:44 - 2018-02-16 07:44 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 004123648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 015329792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 003962368 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 003250176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-03-02 06:50 - 2018-03-02 06:50 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2018-02-02 07:37 - 2018-02-02 07:37 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-03-29 06:47 - 2018-03-29 06:48 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\SKU.dll
    2018-03-22 07:08 - 2018-03-22 07:08 - 004330496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe
    2018-03-17 07:01 - 2018-03-17 07:01 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-02-20 07:43 - 2018-02-20 07:44 - 000015872 _____ () C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.0.0_x86__7kk3kr9e0p1np\RoboFormCompanion.exe
    2010-07-14 04:00 - 2010-07-14 04:00 - 001587696 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
    2010-07-14 04:00 - 2010-07-14 04:00 - 000107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
    2018-02-20 07:43 - 2018-02-20 07:44 - 000640000 _____ () C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.0.0_x86__7kk3kr9e0p1np\RoboFormCompanion.dll
    2017-07-31 17:31 - 2017-07-31 17:31 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\imanetter2\Desktop\Wendy.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run32: => "Desktop Disc Tool"
    HKLM\...\StartupApproved\Run32: => "RoxWatchTray"
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  9. #9
    Join Date
    Mar 2018
    Posts
    38
    FirewallRules: [{6ED6AD2B-D662-46A9-A1C8-0D0C951A29A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{C94F21B5-9418-40F5-9A11-0F205B037BB1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{9E97039F-ACD2-48B1-A104-99BD2DDDD862}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
    FirewallRules: [{59A675F2-0B97-4123-ADE2-49C71E78991C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
    FirewallRules: [{25C60A8F-8AC7-45AC-9C51-7801D5790DE7}] => (Allow) C:\Users\imanetter2\Desktop\MyDrive Connect\TomTom MyDrive Connect.exe
    FirewallRules: [{CFC1DAF4-39B9-4CE5-AE2D-BB3FA0403852}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{9800A82E-228C-424F-A527-DD82E3C90C0B}] => (Allow) D:\Setup.exe
    FirewallRules: [{1B771707-77D0-4BF5-859A-8EADD3FB6B08}] => (Allow) D:\Setup.exe
    FirewallRules: [{DA6F0C2C-6C27-4CE3-9A8E-50DEE51C1C1C}] => (Allow) D:\Setup.exe
    FirewallRules: [{E737C930-CAE2-4563-9EB9-E1D115C102EB}] => (Allow) D:\Setup.exe
    FirewallRules: [{707B1F84-C169-48EE-9E5A-B7E074E7FC6C}] => (Allow) D:\Setup.exe
    FirewallRules: [{E3FF39A4-A0B9-49CC-854F-B219A155967C}] => (Allow) D:\Setup.exe
    FirewallRules: [{F2EBAC90-C41A-49EB-9597-946CDE445A85}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
    FirewallRules: [{6CC04549-6CC7-43CA-A64F-24DAF41542E4}] => (Allow) LPort=5357
    FirewallRules: [{43AF37A7-EBC8-4D71-8E49-9A878B4EB805}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{58A2B4F6-AC53-4165-BF02-D1E173BC17E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{46A16035-9593-43FC-B81B-62097841D5B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C3A160A5-48DA-431A-9CCC-6F6C3CF40583}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    11-03-2018 21:34:02 Scheduled Checkpoint
    21-03-2018 07:05:02 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/29/2018 12:36:55 PM) (Source: Microsoft Fax) (EventID: 32092) (User: )
    Description: The Fax service failed to receive a fax. From: . CallerId: . To: Fax. Pages: 0. Device Name: PCI Soft Data Fax Modem with SmartCP.

    Error: (03/29/2018 06:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname DESKTOP-A3ERS1F.local already in use; will try DESKTOP-A3ERS1F-2.local instead

    Error: (03/29/2018 06:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 DESKTOP-A3ERS1F.local. Addr 192.168.1.76

    Error: (03/29/2018 06:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.76:5353 16 DESKTOP-A3ERS1F.local. AAAA 2600:1700:FD60:B4C0:0000:0000:0000:0048

    Error: (03/28/2018 11:03:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1562

    Error: (03/28/2018 11:03:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1562

    Error: (03/28/2018 11:03:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/28/2018 07:58:12 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    System errors:
    =============
    Error: (03/29/2018 09:31:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/29/2018 09:31:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/29/2018 09:31:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/29/2018 09:31:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/29/2018 08:46:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    Incorrect function.

    Error: (03/29/2018 06:44:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/29/2018 06:44:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/29/2018 06:44:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-02-14 21:30:13.285
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {178B3706-6078-427E-B7CE-706FD13168FA}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-01-26 20:24:25.610
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {F550B7C1-915C-41B4-86AB-5E74AC13CCD4}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-01-26 19:29:30.601
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {F723DF7E-D87A-48D0-9C50-6C85C7AB05C2}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-01-26 19:06:22.342
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {1410ACB5-7CCF-4477-82A2-E3D047E516B4}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-01-26 18:57:10.576
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {76305B79-8131-42C6-9487-C057C7637164}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-03-03 19:13:24.518
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.263.92.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-03-03 19:13:24.517
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 118.2.0.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: Network Inspection System
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 2.1.14202.0
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-03-03 19:13:24.511
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.263.92.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-03-03 19:13:24.510
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.263.92.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-03-03 19:13:24.510
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.263.92.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2018-03-29 17:16:06.005
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-29 17:16:06.003
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-29 17:10:26.898
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-29 17:10:26.896
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-29 16:55:26.408
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-29 16:55:26.407
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-29 16:48:42.677
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-29 16:48:42.673
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD FX(tm)-6300 Six-Core Processor
    Percentage of memory in use: 59%
    Total physical RAM: 8189.55 MB
    Available physical RAM: 3294.42 MB
    Total Virtual: 9469.55 MB
    Available Virtual: 4470.34 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.02 GB) (Free:854.14 GB) NTFS

    \\?\Volume{7570cbcf-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 7570CBCF)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  11. #11
    Join Date
    Mar 2018
    Posts
    38
    RogueKiller V12.12.10.0 (x64) [Mar 26 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.16299) 64 bits version
    Started in : Normal mode
    User : imanetter2 [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 03/29/2018 19:39:57 (Duration : 00:37:19)
    Switches : -refid

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 4 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-307245717-3383863141-3362516440-1005\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.att.net/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-307245717-3383863141-3362516440-1005\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.att.net/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-307245717-3383863141-3362516440-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-307245717-3383863141-3362516440-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA DT01ACA100 ATA Device +++++
    --- User ---
    [MBR] d1e7de1909d84c8d2062e4676e2d34e8
    [BSP] 74245971a550c8d40252da5576752fb9 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 953366 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SABRENT CF USB3 Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: SABRENT xD USB3 Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: SABRENT SD USB3 Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: SABRENT MS USB3 Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive5: SABRENT TFM2USB3 Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

  12. #12
    Join Date
    Mar 2018
    Posts
    38
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 3/29/18
    Scan Time: 8:27 PM
    Log File: 909ed7d6-33b9-11e8-b865-1c1b0d4ba688.json
    Administrator: Yes

    -Software Information-
    Version: 3.4.5.2467
    Components Version: 1.0.342
    Update Package Version: 1.0.4542
    License: Trial

    -System Information-
    OS: Windows 10 (Build 16299.309)
    CPU: x64
    File System: NTFS
    User: DESKTOP-A3ERS1F\imanetter2

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 331501
    Threats Detected: 1
    Threats Quarantined: 1
    Time Elapsed: 4 min, 11 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 1
    PUP.Optional.InstallCore, C:\USERS\IMANETTER2\DOWNLOADS\ROBOFORM SETUP.EXE, Quarantined, [386], [300868],1.0.4542

    Physical Sector: 0
    (No malicious items detected)


    (end)

  13. #13
    Join Date
    Mar 2018
    Posts
    38
    # AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 30 01:59:30 2018
    # Updated on 2018/08/02 by Malwarebytes
    # Database: 2018-03-29.1
    # Running on Windows 10 Home (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy, C:\Users\imanetter2\Documents\TotalAV
    PUP.Optional.OtherSearch, C:\Users\imanetter2\Favorites\Search


    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
    PUP.Optional.DriverAgent, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driversupport.com
    PUP.Optional.DriverAgent, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | DriverSupport.exe
    PUP.Optional.DriverAgent, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING | DriverSupport.exe


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************



    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  15. #15
    Join Date
    Mar 2018
    Posts
    38
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
    Ran by imanetter2 (administrator) on DESKTOP-A3ERS1F (29-03-2018 22:26:29)
    Running from C:\Users\imanetter2\AppData\Local\Microsoft\Windows\INetCache\IE\6QNYY9AC
    Loaded Profiles: imanetter2 (Available Profiles: defaultuser0 & imanetter2)
    Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
    (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
    (McAfee LLC) C:\Windows\System32\mfevtps.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
    (McAfee LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
    (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
    (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010\Planner\PLNRnote.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    () C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [307184 2010-07-16] (Sonic Solutions)
    HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe [84464 2010-07-13] ()
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe [477680 2010-06-30] ()
    HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
    HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [4871680 2017-09-06] (Sanford, L.P.)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-22] (SUPERAntiSpyware)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3770504 2017-02-08] (HP Inc.)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2018-03-29] (Siber Systems)
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\MountPoints2: {29d0244a-0a99-11e8-a059-1c1b0d4ba688} - "K:\windows\AutoRun.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk [2017-03-21]
    ShortcutTarget: Event Planner Reminder 2010.lnk -> C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Acresso Software Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{77ddc069-532e-4e24-a781-a99b86c45bc1}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.att.net/
    HKU\S-1-5-21-307245717-3383863141-3362516440-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    SearchScopes: HKU\S-1-5-21-307245717-3383863141-3362516440-1005 -> {28E92F34-068D-4637-8DBF-372154D4553D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-03-29] (Siber Systems Inc.)
    BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-03-29] (Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-23] (Oracle Corporation)
    BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-23] (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-03-29] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-03-29] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-307245717-3383863141-3362516440-1005 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-03-29] (Siber Systems Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-01-25] (McAfee, Inc.)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •