PDA

View Full Version : Problems with someone taking various accounts


Coryherb
2018-04-10, 06:43
I have had several accounts taken over. I probably overused the same pw and resulted in much of my problems. However a few times an account was taken over with a new password. I am not sure what to do about it. I am of course changing user names and accounts on anything I can think of. The latest account taken was my blizzard account which I haven't used in years. I recovered it anyway just in case something bad could happen. I have been running both the spybot and mcafee scans since the problem started and haven't had any hits that way. I ran the rootkit analysis and it was overwhelming which prompted me to come to you guys. Another problem i have lately is that internet explorer times out for most sites. My firefox works okay so have been using that.

I was able to run the FRST tool but the aswMBR crashes when i try to run it. When i try to upload the FRST text files they both say they are too big to upload at 61 and 52 MB.

Any help you can give me is much appreciated!

Thanks

CORY
Juliet
2018-04-10, 11:51
Hi and welcome

Can you copy and paste FRST.txt & Addition.txt in your next reply.
If you need to you can make multiple post.
Coryherb
2018-04-11, 06:38
here is the FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by coryh_000 (administrator) on CORY_LAPTOP (08-04-2018 22:56:51)
Running from C:\Users\coryh_000\Desktop
Loaded Profiles: coryh_000 (Available Profiles: coryh_000)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(Safer-Networking Ltd.) D:\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Safer-Networking Ltd.) D:\Spybot\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Users\coryh_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(L1 Technologies, Inc.) D:\NEOXS\iGolf Sync App\iGolfSyncApp.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Microsoft Corporation) D:\Microsoft Office\Office14\ONENOTEM.EXE
(Safer-Networking Ltd.) D:\Spybot\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Safer-Networking Ltd.) D:\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [602288 2018-03-16] (McAfee, Inc.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [507016 2012-12-21] (MSI)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1566344 2014-04-08] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => D:\Spybot\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Run: [Steam] => C:\Steam\Steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Run: [Spotify Web Helper] => C:\Users\coryh_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-12] (Spotify Ltd)
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Run: [Spotify] => C:\Users\coryh_000\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-12] (Spotify Ltd)
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Run: [AcuRiteConnect2] => C:\Program Files (x86)\AcuRite\AcuRiteConnect.exe [1083904 2016-04-26] (Chaney Instrument Co)
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-14]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FC2CA280-7EF3-41C9-AD8D-E4CEC4726E5D}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-04-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\coryh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iGolf Sync App.lnk [2016-03-14]
ShortcutTarget: iGolf Sync App.lnk -> D:\NEOXS\iGolf Sync App\iGolfSyncApp.exe (L1 Technologies, Inc.)
Startup: C:\Users\coryh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-02-19]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> D:\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{240955be-a0ac-4b34-aeea-1cc0bf6f860d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e7c617cf-fe0d-498d-87ec-6822be12098c}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL =
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> DefaultScope {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810&CUI=UN12070141693219125&SSPV=IED
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-28] (Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-28] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-28] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Somoto Toolbar -> {bb45ef8e-1e36-4535-a017-ec908fb1e335} -> C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-28] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
Toolbar: HKLM-x32 - Somoto Toolbar - {bb45ef8e-1e36-4535-a017-ec908fb1e335} - C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security)
Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-04] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-03-16] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-03-16] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\coryh_000\AppData\Roaming\Mozilla\Firefox\Profiles\1x671kps.default [2018-04-08]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\coryh_000\AppData\Roaming\Mozilla\Firefox\Profiles\1x671kps.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2018-04-08] [Legacy]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Legacy]
FF SearchPlugin: C:\Users\coryh_000\AppData\Roaming\Mozilla\Firefox\Profiles\1x671kps.default\searchplugins\McSiteAdvisor.xml [2016-01-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfeeŽ WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-04-08] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-28] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-28] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-03-16] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-28] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-03-16] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1578578303-3324816548-2500361984-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-07] ()
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US91118D20160113&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default [2018-03-22]
CHR Extension: (Google Slides) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-17]
CHR Extension: (Google Docs) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-17]
CHR Extension: (Google Drive) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-17]
CHR Extension: (YouTube) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-17]
CHR Extension: (Yahoo Partner) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\commhkacjheiacaopdonmodahaoadoln [2017-04-17]
CHR Extension: (Adobe Acrobat) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-04]
CHR Extension: (Google Sheets) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-17]
CHR Extension: (McAfeeŽ WebAdvisor) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-07-24]
CHR Extension: (Google Docs Offline) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-17]
CHR Extension: (Search Manager) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-17]
CHR Extension: (Gmail) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-17]
CHR Extension: (Chrome Media Router) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-03-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe [2141912 2018-03-01] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-29] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-29] (McAfee, LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [472016 2018-01-29] (McAfee, LLC)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-03-16] (McAfee, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [144008 2012-12-21] (MSI)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-12-10] (Qualcomm Atheros) [File not signed]
R2 SDScannerService; D:\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Spybot\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-31] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2018-03-29] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-03-29] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-03-29] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [98992 2014-11-18] (Qualcomm Atheros, Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-02] (McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19000 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-19] (Logitech Inc.)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97168 2017-10-09] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-02] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357784 2018-02-02] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-02] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-02] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [951200 2018-02-02] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-02] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-02] (McAfee, LLC)
R3 NetgearUDSMBus; C:\WINDOWS\system32\drivers\NetgearUDSMBus.sys [107296 2012-08-13] (Windows (R) Codename Longhorn DDK provider)
R3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\NetgearUDSMBus.sys [92160 2012-06-15] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2017-09-29] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R1 SDHookDriver; D:\Spybot\Spybot - Search & Destroy 2\SDHookDrv64.sys [83360 2017-05-23] (Safer-Networking Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-08 22:56 - 2018-04-08 22:57 - 000031634 _____ C:\Users\coryh_000\Desktop\FRST.txt
2018-04-08 22:55 - 2018-04-08 22:56 - 000000000 ____D C:\FRST
2018-04-08 22:51 - 2018-04-08 22:51 - 002403328 _____ (Farbar) C:\Users\coryh_000\Desktop\FRST64.exe
2018-04-08 22:50 - 2018-04-08 22:50 - 000002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-04-08 22:50 - 2018-04-08 22:50 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-CORY_LAPTOP-Windows-10-Pro-(64-bit).dat
2018-04-08 22:50 - 2018-04-08 22:50 - 000000000 ____D C:\RegBackup
2018-04-08 22:50 - 2018-04-08 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-04-08 22:50 - 2018-04-08 22:50 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-04-08 22:48 - 2018-04-08 22:50 - 000018004 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-04-08 22:47 - 2018-04-08 22:47 - 005766144 _____ (Tweaking.com) C:\Users\coryh_000\Desktop\tweaking.com_registry_backup_setup.exe
2018-04-08 20:54 - 2018-04-08 20:54 - 000000000 ___HD C:\OneDriveTemp
2018-04-08 12:46 - 2018-04-08 22:10 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-04-04 22:49 - 2018-04-04 22:52 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-04-04 22:49 - 2018-04-04 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-03-21 22:21 - 2018-03-21 22:21 - 000000000 ____D C:\Users\coryh_000\Documents\ProcAlyzer Dumps
2018-03-20 22:08 - 2018-03-11 23:01 - 000454684 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180320-220800.backup
2018-03-14 03:07 - 2018-03-01 20:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 03:07 - 2018-03-01 20:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 03:07 - 2018-03-01 20:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 03:07 - 2018-03-01 20:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 03:07 - 2018-03-01 20:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 03:07 - 2018-03-01 20:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 03:07 - 2018-03-01 19:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 03:07 - 2018-03-01 13:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 03:07 - 2018-03-01 00:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 03:07 - 2018-03-01 00:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 03:07 - 2018-03-01 00:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 03:07 - 2018-03-01 00:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 03:07 - 2018-03-01 00:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 03:07 - 2018-03-01 00:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 03:07 - 2018-03-01 00:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 03:07 - 2018-03-01 00:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 03:07 - 2018-03-01 00:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 03:07 - 2018-03-01 00:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 03:07 - 2018-03-01 00:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 03:07 - 2018-03-01 00:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 03:07 - 2018-03-01 00:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 03:07 - 2018-03-01 00:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 03:07 - 2018-03-01 00:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 03:07 - 2018-03-01 00:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 03:07 - 2018-03-01 00:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 03:07 - 2018-03-01 00:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 03:07 - 2018-03-01 00:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 03:07 - 2018-03-01 00:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 03:07 - 2018-03-01 00:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 03:07 - 2018-03-01 00:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 03:07 - 2018-03-01 00:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 03:07 - 2018-03-01 00:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 03:07 - 2018-03-01 00:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 03:07 - 2018-03-01 00:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 03:07 - 2018-03-01 00:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 03:07 - 2018-03-01 00:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 03:07 - 2018-03-01 00:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 03:07 - 2018-03-01 00:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 03:07 - 2018-03-01 00:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 03:07 - 2018-03-01 00:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 03:07 - 2018-03-01 00:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 03:07 - 2018-03-01 00:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 03:07 - 2018-03-01 00:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 03:07 - 2018-03-01 00:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 03:07 - 2018-03-01 00:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 03:07 - 2018-03-01 00:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 03:07 - 2018-03-01 00:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 03:07 - 2018-03-01 00:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 03:07 - 2018-03-01 00:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 03:07 - 2018-03-01 00:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 03:07 - 2018-02-28 23:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 03:07 - 2018-02-28 23:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 03:07 - 2018-02-28 23:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 03:07 - 2018-02-28 23:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 03:07 - 2018-02-28 23:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 03:07 - 2018-02-28 23:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 03:07 - 2018-02-28 23:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 03:07 - 2018-02-28 23:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 03:07 - 2018-02-28 23:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 03:07 - 2018-02-28 23:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 03:07 - 2018-02-28 23:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 03:07 - 2018-02-28 23:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 03:07 - 2018-02-28 23:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 03:07 - 2018-02-28 23:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 03:07 - 2018-02-28 23:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 03:07 - 2018-02-28 23:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 03:07 - 2018-02-28 23:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 03:07 - 2018-02-28 23:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 03:07 - 2018-02-28 23:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 03:07 - 2018-02-28 23:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 03:07 - 2018-02-28 23:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 03:07 - 2018-02-28 23:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 03:07 - 2018-02-28 23:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 03:07 - 2018-02-28 23:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 03:07 - 2018-02-28 23:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 03:07 - 2018-02-28 23:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 03:07 - 2018-02-28 22:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 03:07 - 2018-02-28 22:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 03:07 - 2018-02-28 22:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 03:07 - 2018-02-28 22:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 03:07 - 2018-02-28 22:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 03:07 - 2018-02-28 22:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 03:07 - 2018-02-28 22:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 03:07 - 2018-02-28 22:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 03:07 - 2018-02-28 22:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 03:07 - 2018-02-28 22:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 03:07 - 2018-02-28 22:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 03:07 - 2018-02-28 22:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 03:07 - 2018-02-28 22:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 03:07 - 2018-02-28 22:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 03:07 - 2018-02-28 22:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 03:07 - 2018-02-28 22:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 03:07 - 2018-02-28 22:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 03:07 - 2018-02-28 22:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 03:07 - 2018-02-28 22:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 03:07 - 2018-02-28 22:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 03:07 - 2018-02-28 22:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 03:07 - 2018-02-28 22:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 03:07 - 2018-02-28 22:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 03:07 - 2018-02-28 22:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 03:07 - 2018-02-28 22:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 03:07 - 2018-02-28 22:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 03:07 - 2018-02-28 22:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 03:07 - 2018-02-28 22:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 03:07 - 2018-02-28 22:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 03:07 - 2018-02-28 22:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 03:07 - 2018-02-28 22:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 03:07 - 2018-02-28 22:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 03:07 - 2018-02-28 22:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 03:07 - 2018-02-28 22:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 03:07 - 2018-02-28 22:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 03:07 - 2018-02-28 22:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 03:07 - 2018-02-28 22:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 03:07 - 2018-02-28 22:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 03:07 - 2018-02-28 22:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 03:07 - 2018-02-28 22:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 03:07 - 2018-02-28 22:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 03:07 - 2018-02-28 22:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 03:07 - 2018-02-28 22:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 03:07 - 2018-02-28 22:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 03:07 - 2018-02-28 22:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 03:07 - 2018-02-28 22:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 03:07 - 2018-02-28 22:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 03:07 - 2018-02-28 22:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 03:07 - 2018-02-28 22:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 03:07 - 2018-02-28 22:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 03:07 - 2018-02-28 22:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 03:07 - 2018-02-28 22:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 03:07 - 2018-02-28 22:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 03:07 - 2018-02-28 22:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 03:07 - 2018-02-28 22:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 03:07 - 2018-02-28 22:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 03:07 - 2018-02-28 22:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 03:07 - 2018-02-28 22:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 03:07 - 2018-02-28 22:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 03:07 - 2018-02-28 22:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 03:07 - 2018-02-28 22:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 03:07 - 2018-02-28 22:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 03:07 - 2018-02-28 22:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 03:07 - 2018-02-28 22:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 03:07 - 2018-02-28 22:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 03:07 - 2018-02-28 22:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 03:07 - 2018-02-28 22:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 03:07 - 2018-02-28 22:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 03:07 - 2018-02-28 22:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 03:07 - 2018-02-28 22:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 03:07 - 2018-02-28 22:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 03:07 - 2018-02-28 22:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 03:07 - 2018-02-28 22:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 03:07 - 2018-02-21 19:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 03:07 - 2018-02-21 19:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 03:07 - 2018-02-21 19:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 03:07 - 2018-02-21 19:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 03:07 - 2018-02-21 19:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 03:07 - 2018-02-21 19:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 03:07 - 2018-02-21 19:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 03:07 - 2018-02-21 19:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 03:07 - 2018-02-21 19:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 03:07 - 2018-02-21 19:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 03:07 - 2018-02-21 19:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 03:07 - 2018-02-21 19:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 03:07 - 2018-02-21 19:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 03:07 - 2018-02-21 19:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 03:07 - 2018-02-21 19:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 03:07 - 2018-02-21 19:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 03:07 - 2018-02-21 18:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 03:07 - 2018-02-21 18:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 03:07 - 2018-02-21 18:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 03:07 - 2018-02-21 18:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 03:07 - 2018-02-21 18:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 03:07 - 2018-02-21 18:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 03:07 - 2018-02-21 18:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 03:07 - 2018-02-21 18:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 03:07 - 2018-02-21 17:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 03:07 - 2018-02-21 17:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 03:07 - 2018-02-21 17:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 03:07 - 2018-02-21 17:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 03:07 - 2018-02-21 17:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 03:07 - 2018-02-21 17:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 03:07 - 2018-02-21 17:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 03:07 - 2018-02-21 17:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 03:07 - 2018-02-21 17:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-11 23:01 - 2018-02-19 23:07 - 000454684 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180311-230141.backup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-08 22:32 - 2013-09-09 20:20 - 000002021 _____ C:\WINDOWS\wininit.ini
2018-04-08 22:26 - 2012-11-19 20:17 - 000000000 ____D C:\Users\coryh_000\Documents\Outlook Files
2018-04-08 21:00 - 2018-01-31 00:53 - 001041998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-08 20:57 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-08 20:56 - 2016-01-13 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-04-08 20:54 - 2018-02-25 20:49 - 000000000 ____D C:\ProgramData\Logishrd
2018-04-08 20:54 - 2017-01-17 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-08 20:54 - 2017-01-17 20:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-08 20:54 - 2016-01-13 22:06 - 000000000 __RSD C:\Users\coryh_000\Documents\McAfee Vaults
2018-04-08 20:54 - 2013-11-17 11:17 - 000000000 __RDO C:\Users\coryh_000\SkyDrive
2018-04-08 20:53 - 2018-01-31 00:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-08 20:53 - 2016-10-10 14:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-08 20:53 - 2016-03-29 21:53 - 000000000 ____D C:\Program Files\TrueKey
2018-04-08 20:53 - 2016-01-13 22:03 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-04-08 20:53 - 2015-08-08 14:24 - 000000000 __SHD C:\Users\coryh_000\IntelGraphicsProfiles
2018-04-08 20:52 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-08 20:20 - 2013-02-16 22:06 - 000000000 ____D C:\Users\coryh_000\AppData\Roaming\Skype
2018-04-08 20:14 - 2018-01-31 00:50 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EDC07973-4DA1-44D7-8028-829E2B245BB2}
2018-04-08 20:11 - 2017-04-17 15:12 - 000000000 ____D C:\Users\coryh_000\AppData\Roaming\Curse Client
2018-04-08 20:10 - 2018-01-31 00:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-08 12:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-08 12:35 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-08 12:35 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-07 11:20 - 2012-11-04 23:23 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-04-07 11:18 - 2018-01-31 00:50 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-04-07 11:16 - 2018-01-31 00:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-04-07 11:15 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-04-04 23:57 - 2018-01-31 00:50 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-04-04 23:00 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-04 22:49 - 2018-01-31 00:50 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1578578303-3324816548-2500361984-1001
2018-04-04 22:49 - 2016-03-29 22:23 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-04-04 22:49 - 2016-03-29 21:53 - 000002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-04-04 22:49 - 2015-08-30 14:22 - 000002420 _____ C:\Users\coryh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-21 18:02 - 2015-08-30 14:24 - 000001008 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-03-21 18:02 - 2015-08-30 14:24 - 000001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-03-21 18:02 - 2015-08-30 14:24 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-21 18:02 - 2015-08-30 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-03-21 17:27 - 2018-02-24 01:11 - 000001282 _____ C:\Users\coryh_000\Desktop\nativelog.txt
2018-03-21 17:26 - 2013-05-03 21:06 - 000000000 ____D C:\Users\coryh_000\AppData\Roaming\.minecraft
2018-03-21 17:19 - 2017-04-17 16:07 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 17:19 - 2017-04-17 16:07 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-20 21:32 - 2012-11-02 18:11 - 000000000 ____D C:\Steam
2018-03-14 18:29 - 2017-01-17 20:45 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-03-14 04:10 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-14 04:04 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 04:00 - 2018-01-31 00:42 - 000422200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 04:00 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-14 04:00 - 2015-09-16 03:34 - 000000000 ___RD C:\Users\coryh_000\3D Objects
2018-03-14 04:00 - 2015-08-30 14:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 03:59 - 2018-01-31 00:43 - 000000000 ____D C:\Users\coryh_000
2018-03-14 03:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 03:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 03:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 03:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-14 03:14 - 2013-10-29 02:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 03:11 - 2017-10-11 20:46 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 03:11 - 2012-12-13 21:05 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 03:08 - 2017-09-29 06:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 03:08 - 2017-09-29 06:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

==================== Files in the root of some directories =======

2015-08-14 09:43 - 2015-08-14 09:45 - 000000000 _____ () C:\Users\coryh_000\AppData\Local\Driver_LOM_8161Present.flag
2013-01-29 20:40 - 2013-01-29 20:40 - 000007602 ____H () C:\Users\coryh_000\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-05 00:13

==================== End of FRST.txt ============================
Coryherb
2018-04-11, 06:40
Here is the addition file.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by coryh_000 (08-04-2018 22:57:29)
Running from C:\Users\coryh_000\Desktop
Windows 10 Pro Version 1709 16299.309 (X64) (2018-01-31 07:51:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1578578303-3324816548-2500361984-500 - Administrator - Disabled)
coryh_000 (S-1-5-21-1578578303-3324816548-2500361984-1001 - Administrator - Enabled) => C:\Users\coryh_000
DefaultAccount (S-1-5-21-1578578303-3324816548-2500361984-503 - Limited - Disabled)
Guest (S-1-5-21-1578578303-3324816548-2500361984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1578578303-3324816548-2500361984-1010 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1578578303-3324816548-2500361984-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AcuRite Connect (HKLM-x32\...\{6E613C42-AC6D-457D-BE81-88811AD84473}) (Version: 1.2.1 - Chaney Instrument Co.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iGolf Sync App (HKLM-x32\...\{4F11B5B9-0946-4A3B-B1A4-AF2FF2869D3F}_is1) (Version: 2.2.0.2 - L1 Technologies, Inc.)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.20.110.1 - Intel Security)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Driver Update Utility 2.2 (HKLM-x32\...\{3EE9923D-3045-46AB-9CAA-E375993AEB4A}) (Version: 2.2.0.1 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
KLM (HKLM-x32\...\{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1403.2801 - Application) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1403.2801 - Application)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R10 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSI Kombustor 2.4.2 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MyHarmony (HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NETGEAR USB Control Center (HKLM-x32\...\{4528B812-FF2C-4E3A-A9EA-1ECB483BF03A}) (Version: 1.32 - NETGEAR)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{1A77E21C-C032-43D5-BF9D-E5D8DDC9E4D6}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{6349EBF1-DC7A-4AF9-8BCC-7DF0C3EF1B34}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.49.1068 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{FC2CA280-7EF3-41C9-AD8D-E4CEC4726E5D}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Civilization V) (Version: - 2K Games, Inc.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{CE6498D2-104D-4E95-95A6-8692C63317DC}) (Version: 6.5 - Silicon Laboratories, Inc.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Somoto Toolbar (HKLM-x32\...\Somoto Toolbar) (Version: 6.10.3.503 - Somoto)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.016 - MSI)
System Requirements Lab Detection (HKLM-x32\...\{C7D28BB9-F00D-424A-9A65-285379A7AAAC}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-03-16] (McAfee, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Spybot\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Spybot\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-03-16] (McAfee, Inc.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Spybot\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Spybot\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050EC55C-3A64-4DC1-8B60-A33972BF48A4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-11-19] (Adobe Systems Incorporated)
Task: {082F823B-9F86-4896-866D-16A11EDCFB64} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {08D2B678-76E3-4D22-B87E-0B1D3B22F60C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {139DB17A-1453-4FE1-80D5-793F88EB2302} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {34ACCB81-F29E-4376-B55D-C223A9261302} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4252F5BC-DDEF-4ECF-9801-B93FE5C03248} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {42BF8265-E0BC-4E15-9EB6-154897BDF5F8} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {440A8B0A-C5BF-4567-8095-887005726425} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {50A7178E-C7E5-4B33-A238-386CEF82FFDB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\Spybot\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {51B1EE91-15D4-4D9E-9C98-3F093D1AF706} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {5C9A409A-7434-4846-A8D6-88AF8799BB16} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {73E0D843-6B41-4FD8-95C3-6E243FABC379} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {74AFB16E-BE2F-44B3-B025-AD7E15CC72D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88} - \WPD\SqmUpload_S-1-5-21-1578578303-3324816548-2500361984-1001 -> No File <==== ATTENTION
Task: {817483EB-5ADE-4208-AC41-3D026838FDDD} - System32\Tasks\GoogleUpdateTaskMachineCore1cff13e4a7cd3fd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {887FAAB7-E9A4-478D-A9C0-27E1A5F010AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B172B57-C74E-4FF9-97C5-8612B5A0114B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8D0ED5EC-94EF-447C-9E11-7144BCF958B8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-04] (Microsoft Corporation)
Task: {9568E742-0F6B-4FB8-B726-7CB4D302189D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9A69CADA-28D2-47B8-8E08-733780451129} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AEE2F9D1-97A5-4BCC-9B8A-75A3584275D3} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
Task: {B5866EF4-D2A3-4351-A2F0-0C2814300D23} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-19] (Adobe Systems Incorporated)
Task: {B95A1186-BA65-413B-807F-DA20DB8F451F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B9FF1733-3DCB-4C1B-B300-8F915196A573} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-04] (Microsoft Corporation)
Task: {BF629F3E-4942-4710-A9A5-DEC212E602A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cf90f246c31d13 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C2556A16-47A9-4378-B908-865C0D7B138A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
Task: {C5022F41-6642-4F43-946D-934BD93D7265} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C9D03FB6-DA50-4DBB-8F89-1CA104394A06} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {D727968C-6088-4391-BC93-79853D216A5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DC03001D-89E3-4050-9836-B9AF28708811} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf641cbec6bc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DE684E21-A30E-4DA3-B272-3E4BCBCE92A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => D:\Spybot\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {E332637D-F79E-409E-A4A0-8A3DAFC224CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E6A61042-5CC5-43D8-8A83-CA4265E4BCAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => D:\Spybot\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {F5BD8EC1-DB53-4BC1-84FD-39CAA6224BBB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-04-04] (Microsoft Corporation)
Task: {F9F1DCD2-B989-4FF6-8942-181A0CF06A2D} - System32\Tasks\GoogleUpdateTaskMachineCore1cffedd21adfb79 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FCC20C1E-58ED-4F59-A53E-D74C6FD876E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf90f246c31d13.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cff13e4a7cd3fd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-14 03:07 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 03:07 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-23 16:08 - 2018-03-23 16:08 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-23 16:08 - 2018-03-23 16:08 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-23 16:08 - 2018-03-23 16:08 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-23 16:08 - 2018-03-23 16:08 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-23 16:08 - 2018-03-23 16:08 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-01 02:18 - 2018-03-01 02:18 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\McCSPMsgBusDLL.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-10-19 20:02 - 2017-10-19 20:02 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2017-10-19 20:02 - 2017-10-19 20:02 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2014-12-10 22:44 - 2014-12-10 22:44 - 000330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2018-04-05 22:25 - 2018-04-05 22:26 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-08 23:44 - 2018-03-08 23:44 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-21 18:02 - 2016-09-13 14:00 - 000167768 _____ () D:\Spybot\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-03-21 18:02 - 2016-09-13 14:00 - 000109400 _____ () D:\Spybot\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-03-21 18:02 - 2016-09-13 14:00 - 000416600 _____ () D:\Spybot\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-08 14:05 - 2016-06-14 18:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-03-21 18:02 - 2017-05-12 11:36 - 000507464 _____ () D:\Spybot\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-17 20:44 - 2018-04-04 23:02 - 001012912 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2017-01-17 20:47 - 2017-12-03 22:13 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2018-03-20 22:08 - 000454684 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15603 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\coryh_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\StartupApproved\Run: => "AcuRiteConnect2"
HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FCB0E937-9C42-489A-8681-D9791FDC863D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{EC8B29F4-626E-4049-B88F-603EDEE666C5}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [UDP Query User{562B5DCA-1513-4FDB-8EDE-68297439E81F}D:\neoxs\igolf sync app\igolfsyncapp.exe] => (Allow) D:\neoxs\igolf sync app\igolfsyncapp.exe
FirewallRules: [TCP Query User{D9719237-FFA0-4A08-9D5B-A93A7CF5D810}D:\neoxs\igolf sync app\igolfsyncapp.exe] => (Allow) D:\neoxs\igolf sync app\igolfsyncapp.exe
FirewallRules: [{5A8CA5C7-E30B-41DE-A32E-DF5D24A486D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6A49B2FD-530C-452A-B7EE-6B05F00F1102}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D503B254-F470-45EF-A9A9-FD4A16BBD772}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F19E77ED-3157-492C-8FFE-0395E475B3DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5DBE9E33-EAC1-40FF-BFE7-0A1D99C0B35B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FD6A9D6C-7057-4CAD-AD07-2A9AFBAC053C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9CE4FD3-1F4F-4259-86FE-E159FD04F442}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{9D81DF9B-34EE-430D-8D9C-8C499A77CBB0}C:\program files (x86)\netgear\usb control center\control center.exe] => (Block) C:\program files (x86)\netgear\usb control center\control center.exe
FirewallRules: [TCP Query User{0A927754-0039-43D7-95DB-0ED242FA4812}C:\program files (x86)\netgear\usb control center\control center.exe] => (Block) C:\program files (x86)\netgear\usb control center\control center.exe
FirewallRules: [{F4FDFE56-E5D7-41DC-B335-089F84BD56F0}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{8A7F2491-3237-4229-8CB4-022126118E03}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{51E8DA6A-DF55-4485-8E57-10E4B14529B9}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{822B85BC-AD52-4E9D-B813-EE969A3516BC}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{A29A04DC-F179-4E1D-9BC7-F4FDCB5F21D8}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{01DDEFA5-539D-446C-AF99-6E8CED212332}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8E59C1F-826B-4D13-85FD-C90EDC9F2C41}] => (Allow) D:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{AD962F6E-E3F7-4E6F-B49E-1941CDEE9FB0}] => (Allow) D:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{BFC0AB5C-0BAD-41CC-808B-615350A96F04}] => (Allow) LPort=7423
FirewallRules: [{38630CB8-67B5-4C3B-8643-39A02CC3E1DF}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{6924905E-563D-4BB0-9990-8B99F68879C2}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{4A18C945-283A-4B7B-BDA4-6774FF1E7107}] => (Allow) D:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{6329FC40-D439-4F18-AE1D-DEF2F60C6C10}] => (Allow) D:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{A85ADD02-91C7-4891-8F26-FA4561F019A6}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{F8A4BD3E-E10F-437A-AD69-1AB01503930F}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B95C73E0-5D2A-43D6-BDCF-154EA8BBDDDC}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{F857459A-B7B2-4F52-89C2-A3EC182B551B}] => (Allow) D:\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{415093BA-F421-4EDB-8335-075AB3CB6D24}] => (Allow) D:\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{F3E1E996-942D-4D0F-9757-AE5DBB011BA6}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{DE40CE82-5B69-463C-98FD-E04A3CF0AAA3}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{2C3E0721-880E-4F04-8507-AC9B70167638}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{663F27C9-1AFB-4EB5-A824-0F32D3DDCE75}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{B5334554-2FE1-4975-8EB1-CC5F6B67E0CD}] => (Allow) D:\Steam\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{D7BC62D7-E353-4059-ABC4-AD9036BDCD84}] => (Allow) D:\Steam\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{40DBF016-7EC8-46EB-B94D-07A68F751D25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F7F4B454-E7EB-4008-8C4A-3D38557D6AD0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2C2FA1CA-90FC-4686-8055-50FD6559FDA6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{6126FFCB-D1DF-434B-B6A6-761CA7BDBD5C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F497DCE7-D794-4F10-B4CF-D43AD0E93372}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{118F521F-5A90-4358-8632-CBFCF1734A2D}] => (Allow) C:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{16F8B194-83C7-463F-91B3-135E94ED415D}] => (Allow) C:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{A9D84B36-8BCD-4E86-A4CD-2441B7507B0F}C:\users\coryh_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\coryh_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E24EA3DE-BC9F-485D-B796-E50E2A8514BA}C:\users\coryh_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\coryh_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6E51A936-C600-462F-89E0-DE62279BD6D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AC58D4FF-5F3F-4940-B6ED-E1EF37C65FAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FFB3541F-1F5F-406A-B7F2-B660FEF472DE}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B8758421-B962-4D7D-8F1C-5FEE0AF95C96}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E14B00A8-3F10-4C8B-AB8F-B035EFF920B7}] => (Allow) C:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{89397195-4BC1-4077-B9AD-D4923D05F2C0}] => (Allow) C:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{00C97B13-3511-400B-B170-303259669B92}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{58637F78-D5FB-408C-91FD-FA902F9846E9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{21A91B54-F3AE-409C-90E2-DD259A2FBB76}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DF915D3B-FD94-4691-944F-5ED28E458E84}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1E10856A-F94C-4D51-9A2D-A15FF8C61C3C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{50F9048F-11BD-40F2-BFB6-225CA3BBF696}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7E742B41-F13F-4A89-B4CD-322716C741E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{698EFD72-A966-45BF-9753-0BAC024081CA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9EE3A6DF-BE00-4581-AB25-B62C374DD419}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{EFFCB88F-E3CC-4A1E-8BF2-686C3D4E3B3B}] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{2A2C34FB-E774-48EC-AB46-C7F03D3E4206}] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{FAEE8B44-09A1-4007-BCFD-7C4C2BC544B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [D:\Spybot\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [D:\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [D:\Spybot\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [D:\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

14-03-2018 03:07:15 Windows Update
04-04-2018 23:25:10 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2018 09:30:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xcfffffff
Fault offset: 0x00000000000a3734
Faulting process id: 0x37b8
Faulting application start time: 0x01d3cfbb6318ce68
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c463f842-a470-4c04-a7d4-471b186e3a55
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (04/08/2018 08:38:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xcfffffff
Fault offset: 0x00000000000a3734
Faulting process id: 0xa490
Faulting application start time: 0x01d3cfb3ac1ff606
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: df3370d3-f997-415b-b1c2-57629a05429e
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (04/08/2018 08:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xcfffffff
Fault offset: 0x00000000000a3734
Faulting process id: 0x51bc
Faulting application start time: 0x01d3cfb296e2d142
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e7f30f8f-3f98-4687-b444-d7ed9bbb80b8
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (04/08/2018 08:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dstokenclean.exe, version: 10.0.16299.15, time stamp: 0x9833bdf6
Faulting module name: SHLWAPI.dll, version: 10.0.16299.15, time stamp: 0x2303fb66
Exception code: 0xc0000005
Fault offset: 0x0000000000003d3a
Faulting process id: 0x1fd0
Faulting application start time: 0x01d3cfb360f04c94
Faulting application path: C:\WINDOWS\system32\dstokenclean.exe
Faulting module path: C:\WINDOWS\System32\SHLWAPI.dll
Report Id: 9a97174a-e83a-4001-8bc3-b8522d113988
Faulting package full name:
Faulting package-relative application ID:

Error: (04/08/2018 08:26:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xcfffffff
Fault offset: 0x00000000000a3734
Faulting process id: 0x8d80
Faulting application start time: 0x01d3cfb09541d134
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 971b14e2-aa75-46c3-a9ad-dcf629f03df3
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (04/08/2018 08:11:17 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (04/08/2018 08:11:17 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (04/08/2018 08:11:06 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected


System errors:
=============
Error: (04/08/2018 10:50:38 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (04/08/2018 10:45:04 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (04/08/2018 10:29:13 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (04/08/2018 09:35:46 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (04/08/2018 09:34:16 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (04/08/2018 09:32:45 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (04/08/2018 09:31:15 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (04/08/2018 09:29:44 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================

Date: 2018-04-08 22:50:41.373
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-04-08 22:50:41.367
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-04-08 22:50:38.493
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-08 22:50:38.488
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-08 22:50:38.479
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-08 22:50:38.474
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-08 22:50:38.466
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-08 22:50:38.461
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 29%
Total physical RAM: 16280.7 MB
Available physical RAM: 11487.96 MB
Total Virtual: 18712.7 MB
Available Virtual: 14195.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:137.5 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:698.63 GB) (Free:582.6 GB) NTFS

\\?\Volume{b505a41a-24b5-11e2-be66-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{3bd12be9-0000-0000-0000-90823b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 3BD12BE9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Juliet
2018-04-11, 12:43
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

Highlight the entire content of the quote box below.




Start::
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL =
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> DefaultScope {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810&CUI=UN12070141693219125&SSPV=IED
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Somoto Toolbar -> {bb45ef8e-1e36-4535-a017-ec908fb1e335} -> C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
Toolbar: HKLM-x32 - Somoto Toolbar - {bb45ef8e-1e36-4535-a017-ec908fb1e335} - C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
Task: {08D2B678-76E3-4D22-B87E-0B1D3B22F60C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {139DB17A-1453-4FE1-80D5-793F88EB2302} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {34ACCB81-F29E-4376-B55D-C223A9261302} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {440A8B0A-C5BF-4567-8095-887005726425} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {74AFB16E-BE2F-44B3-B025-AD7E15CC72D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88} - \WPD\SqmUpload_S-1-5-21-1578578303-3324816548-2500361984-1001 -> No File <==== ATTENTION
Task: {887FAAB7-E9A4-478D-A9C0-27E1A5F010AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B172B57-C74E-4FF9-97C5-8612B5A0114B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9568E742-0F6B-4FB8-B726-7CB4D302189D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9A69CADA-28D2-47B8-8E08-733780451129} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B95A1186-BA65-413B-807F-DA20DB8F451F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C5022F41-6642-4F43-946D-934BD93D7265} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E332637D-F79E-409E-A4A0-8A3DAFC224CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCC20C1E-58ED-4F59-A53E-D74C6FD876E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Emptytemp:
End::



Press the Fix button.
FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply


Your next reply(ies) should therefore contain:

Copy/pasted Fixlog.txt
Copy/pasted RogueKiller clean log
Copy/pasted AdwCleaner clean log
Coryherb
2018-04-12, 05:39
thanks for help you are giving me. Here are the logs

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by coryh_000 (11-04-2018 18:29:40) Run:1
Running from C:\Users\coryh_000\Desktop
Loaded Profiles: coryh_000 (Available Profiles: coryh_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL =
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> DefaultScope {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810&CUI=UN12070141693219125&SSPV=IED
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Somoto Toolbar -> {bb45ef8e-1e36-4535-a017-ec908fb1e335} -> C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
Toolbar: HKLM-x32 - Somoto Toolbar - {bb45ef8e-1e36-4535-a017-ec908fb1e335} - C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
Task: {08D2B678-76E3-4D22-B87E-0B1D3B22F60C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {139DB17A-1453-4FE1-80D5-793F88EB2302} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {34ACCB81-F29E-4376-B55D-C223A9261302} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {440A8B0A-C5BF-4567-8095-887005726425} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {74AFB16E-BE2F-44B3-B025-AD7E15CC72D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88} - \WPD\SqmUpload_S-1-5-21-1578578303-3324816548-2500361984-1001 -> No File <==== ATTENTION
Task: {887FAAB7-E9A4-478D-A9C0-27E1A5F010AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B172B57-C74E-4FF9-97C5-8612B5A0114B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9568E742-0F6B-4FB8-B726-7CB4D302189D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9A69CADA-28D2-47B8-8E08-733780451129} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B95A1186-BA65-413B-807F-DA20DB8F451F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C5022F41-6642-4F43-946D-934BD93D7265} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E332637D-F79E-409E-A4A0-8A3DAFC224CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCC20C1E-58ED-4F59-A53E-D74C6FD876E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => not found
"HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC}" => removed successfully
HKLM\Software\Classes\CLSID\{04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} => not found
"HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DA1963F-AC7D-4B7F-8874-9588C6F75419}" => removed successfully
HKLM\Software\Classes\CLSID\{1DA1963F-AC7D-4B7F-8874-9588C6F75419} => not found
"HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}" => removed successfully
HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb45ef8e-1e36-4535-a017-ec908fb1e335}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{bb45ef8e-1e36-4535-a017-ec908fb1e335}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bb45ef8e-1e36-4535-a017-ec908fb1e335}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{bb45ef8e-1e36-4535-a017-ec908fb1e335} => not found
"HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BB45EF8E-1E36-4535-A017-EC908FB1E335}" => removed successfully
HKLM\Software\Classes\CLSID\{BB45EF8E-1E36-4535-A017-EC908FB1E335} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
"HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D2B678-76E3-4D22-B87E-0B1D3B22F60C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D2B678-76E3-4D22-B87E-0B1D3B22F60C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{139DB17A-1453-4FE1-80D5-793F88EB2302}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{139DB17A-1453-4FE1-80D5-793F88EB2302}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34ACCB81-F29E-4376-B55D-C223A9261302}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34ACCB81-F29E-4376-B55D-C223A9261302}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{440A8B0A-C5BF-4567-8095-887005726425}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{440A8B0A-C5BF-4567-8095-887005726425}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74AFB16E-BE2F-44B3-B025-AD7E15CC72D2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74AFB16E-BE2F-44B3-B025-AD7E15CC72D2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1578578303-3324816548-2500361984-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{887FAAB7-E9A4-478D-A9C0-27E1A5F010AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{887FAAB7-E9A4-478D-A9C0-27E1A5F010AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B172B57-C74E-4FF9-97C5-8612B5A0114B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B172B57-C74E-4FF9-97C5-8612B5A0114B}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9568E742-0F6B-4FB8-B726-7CB4D302189D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9568E742-0F6B-4FB8-B726-7CB4D302189D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A69CADA-28D2-47B8-8E08-733780451129}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A69CADA-28D2-47B8-8E08-733780451129}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B95A1186-BA65-413B-807F-DA20DB8F451F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B95A1186-BA65-413B-807F-DA20DB8F451F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5022F41-6642-4F43-946D-934BD93D7265}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5022F41-6642-4F43-946D-934BD93D7265}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E332637D-F79E-409E-A4A0-8A3DAFC224CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E332637D-F79E-409E-A4A0-8A3DAFC224CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCC20C1E-58ED-4F59-A53E-D74C6FD876E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC20C1E-58ED-4F59-A53E-D74C6FD876E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 93138851 B
Java, Flash, Steam htmlcache => 166582420 B
Windows/system/drivers => 4059841 B
Edge => 2854927 B
Chrome => 23230311 B
Firefox => 386032730 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 144656 B
systemprofile32 => 0 B
LocalService => 31980 B
NetworkService => 17908 B
coryh_000 => 50381768 B

RecycleBin => 0 B
EmptyTemp: => 700.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-04-2018 18:34:44)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 18:34:44 ====




# AdwCleaner 7.0.8.0 - Logfile created on Thu Apr 12 01:49:27 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\SearchProtect
Deleted: C:\Program Files (x86)\SearchProtect
Deleted: C:\Users\coryh_000\AppData\Local\YSearchUtil
Deleted: C:\Program Files (x86)\Yahoo!\yset
Deleted: C:\ProgramData\Ask
Deleted: C:\ProgramData\Application Data\Ask
Deleted: C:\Users\All Users\Ask
Deleted: C:\Program Files (x86)\Conduit
Deleted: C:\Users\coryh_000\AppData\LocalLow\Conduit
Deleted: C:\Users\coryh_000\AppData\Local\SwvUpdater


***** [ Files ] *****

Deleted: C:\Windows\SysNative\reimage.rep
Deleted: C:\Windows\Reimage.ini


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\SearchProtect
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\SearchProtect
Deleted: [Key] - HKCU\Software\SearchProtect
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\azlyrics.com
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\izito.com
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Somoto Toolbar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Deleted: [Value] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SearchProtect
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|SearchProtectAll
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\softonic.com
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Reimage\Reimage Repair\uninst.exe
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\AppDataLow\Toolbar
Deleted: [Key] - HKCU\Software\AppDataLow\Toolbar
Deleted: [Key] - HKLM\SOFTWARE\PCAcceleratePro
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe
Deleted: [Key] - HKLM\SOFTWARE\Somoto
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\AppDataLow\Software\Somoto
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Somoto
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3101810
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3281023


***** [ Firefox (and derivatives) ] *****

Plugin deleted: __MSG_newtab_chrome_extension_name__ -


***** [ Chromium (and derivatives) ] *****

Plugin deleted: Search Manager -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [6554 B] - [2018/4/12 1:39:43]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########






RogueKiller V12.12.12.0 (x64) [Apr 9 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : coryh_000 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/11/2018 19:03:50 (Duration : 00:25:08)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen2][Firefox:Addon] 1x671kps.default : Search and New Tab by Yahoo [jid1-16aeif9OQIRKxA@jetpack] -> Deleted
[PUP.SearchManager][Chrome:Addon] Default : Search Manager [nahhmpbckpgdidfnmfkfgiflpjijilce] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 0 Volume +++++
--- User ---
[MBR] 09d0c82a58ff721d833ed46120c2c1a2
[BSP] 3aada95002cd69a35a15643d8f5f555d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 243652 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499206144 | Size: 450 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive1: ST9750420AS +++++
--- User ---
[MBR] f431e3fcf97bd561ee4662e0ac5c0066
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Juliet
2018-04-12, 12:11
That took out a ton of junk....

Are you scanning your computer regularly?

~~~

Let's download/update and run a scan with Malwarebytes Anti-Malware

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"



Under SETTINGS.....APPLICATIONS leave everything at default


Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
click the Settings tab,at the top choose Protection and tick Scan for rootkits.


Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here[/*]

~~~~~~~~~~~~~~~~`

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;



Please post these 2 logs when finished with an update on how the computer is now.
Coryherb
2018-04-12, 18:39
I let McAfee run on a schedule, not sure how often it actually runs but will check when get home. I know it is at least weekly. I also used spybot but not as much. Every month or two. One of my questions when you feel we are done is to ask the best way to keep clean. Another question will be what did we find out as I am not making much of what we are doing. Will get you those results as soon as get home from work. Thanks again.
Juliet
2018-04-12, 21:07
I let McAfee run on a schedule, not sure how often it actually runs but will check when get home. I know it is at least weekly. I also used spybot but not as much. Every month or two. One of my questions when you feel we are done is to ask the best way to keep clean. Another question will be what did we find out as I am not making much of what we are doing. Will get you those results as soon as get home from work. Thanks again.

I was thinking that I was seeing a few infections that might be a little bit on the older side of things.
When you check on McAfee, try if there is a way, that it is updating new definitions daily.

When we finish up I can post several topics on prevention's.

below is just a tidbit of info on some of what was found

https://malwaretips.com/blogs/search-protect-by-conduit-removal/
Search Protect by Conduit is a potentially unwanted program that is designed to protect its bundled programs and make sure they remain installed or unchanged by other third party programs.

Please post the other logs when done.
Coryherb
2018-04-13, 03:36
The EEK scan didn't find anything. I posted a log. Not sure it is the one you wanted but since the scan was clean I didn't have a quarantine log to post. Hope that is right. Hope that is also good! Sounds good anyway. Malware bytes on the other hand.... :sick:

I was looking at mcafee and don't see a time frame for when it does updates. I think it constantly checks and updates when available. But could be wrong on that. I am not overly happy with McAfee. It has gotten to be a pain to use and costly. And apparently not working on top of that.


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/12/18
Scan Time: 4:54 PM
Log File: deaf0c72-3eac-11e8-9a44-8c89a50356fe.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4716
License: Trial

-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: CORY_LAPTOP\coryh_000

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327581
Threats Detected: 203
Threats Quarantined: 203
Time Elapsed: 3 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 11
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [241], [440037],1.0.4716
PUP.Optional.SearchManager, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, [241], [440037],1.0.4716
PUP.Optional.Somoto, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{025A8DC5-0C70-4000-AF15-C87915647A08}, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{025A8DC5-0C70-4000-AF15-C87915647A08}, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{025A8DC5-0C70-4000-AF15-C87915647A08}, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{025A8DC5-0C70-4000-AF15-C87915647A08}\InprocServer32, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{025A8DC5-0C70-4000-AF15-C87915647A08}\InprocServer32, Quarantined, [439], [179743],1.0.4716
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\UNDEFINED, Quarantined, [1110], [334354],1.0.4716
PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19C618EE-E614-439E-8CFA-0054CE70C1CD}, Quarantined, [1513], [443512],1.0.4716
PUP.Optional.Somoto, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BB45EF8E-1E36-4535-A017-EC908FB1E335}, Quarantined, [439], [168830],1.0.4716
PUP.Optional.Somoto, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BB45EF8E-1E36-4535-A017-EC908FB1E335}, Quarantined, [439], [168830],1.0.4716

Registry Value: 2
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\UNDEFINED|FLASHPLAYERPRO.EXE, Quarantined, [1110], [334354],1.0.4716
PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19C618EE-E614-439E-8CFA-0054CE70C1CD}|APPPATH, Quarantined, [1513], [443512],1.0.4716

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 40
PUP.Optional.Somoto, C:\PROGRAM FILES (X86)\SOMOTO, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarHiddenSettings, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarHiddenLogin, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarSettings, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\DynamicDialogs, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\AppsMetaData, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarLogin, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_en\ToolbarTranslation, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\images, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\Images, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppApprovalDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppPendingDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAddedAppDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_en, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\EngineFirstTimeDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DetectedAppDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UninstallDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\AddedAppDialog, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DefualtImages, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\SearchInNewTab, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\EmailNotifier, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\MyStuffApps, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\RadioPlayer, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Logs, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\USERS\CORYH_000\APPDATA\LOCALLOW\SOMOTO, Quarantined, [439], [179747],1.0.4716
PUP.Optional.PCAP, C:\PROGRAM FILES (X86)\INSTALLER_P.C.A.P, Quarantined, [3024], [383709],1.0.4716

File: 150
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\GottenAppsContextMenu.xml, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\hk64tbSom0.dll, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\hktbSom0.dll, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\ldrtbSom0.dll, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\ldrtbSomo.dll, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\OtherAppsContextMenu.xml, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\prxtbSom0.dll, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\prxtbSomo.dll, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\SharedAppsContextMenu.xml, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\SomotoToolbarHelper.exe, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\SomotoToolbarHelper1.exe, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\tbSom0.dll, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\tbSomo.dll, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\toolbar.cfg, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\ToolbarContextMenu.xml, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\uninstall.exe, Quarantined, [439], [179743],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_2e_33e_2ec9e65c-72a4-4035-8a0e-06a6f1e0533e_Appearance_634394279015031252_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_8d_ea8_8dbed27f-bcea-46a1-8d69-0ec496d98ea8_Appearance_634165981520378432_24x24_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_e8_776_e849a370-e556-4804-972f-8dbb99574776_Appearance_634177314251337502_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_10_310_CT3101810_Images_634351280568125000_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_10_310_CT3101810_Images_634351285856868750_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_89_284_CT2845289_Images_634351287027650000_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\AddedAppDialog\app-added.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\AddedAppDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DefualtImages\icon.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DetectedAppDialog\app-2go.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DetectedAppDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\SearchProtector.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\bubble.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\SearchProtector.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAddedAppDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppApprovalDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppPendingDialog\main.html, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\RoundedCornersIE9.css, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DialogsAPI.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\excanvas.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\generalDialogStyle.css, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\PIE.htc, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\RoundedCorners.css, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\settings.js, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\version.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3101810.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3101810.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3101810.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3101810.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\RadioPlayer\IP_Stations_Media_List.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\RadioPlayer\Predefined_Media_List.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\AppsMetaData\data.bck.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\AppsMetaData\data.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\DynamicDialogs\data.bck.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\DynamicDialogs\data.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarHiddenLogin\data.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarHiddenSettings\data.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarLogin\data.bck.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarLogin\data.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarSettings\data.bck.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarSettings\data.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_en\ToolbarTranslation\data.txt, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\SearchInNewTab\SearchInNewTabContent.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\hk64tbSom0.dll, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\hktbSom0.dll, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ldrtbSom0.dll, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ldrtbSomo.dll, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\tbSom0.dll, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\tbSom1.dll, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\tbSomo.dll, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ThirdPartyComponents.xml, Quarantined, [439], [179747],1.0.4716
PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\toolbar.cfg, Quarantined, [439], [179747],1.0.4716
PUP.Optional.PCAP, C:\Program Files (x86)\Installer_P.C.A.P\1.txt, Quarantined, [3024], [383709],1.0.4716
PUP.Optional.PCAP, C:\Program Files (x86)\Installer_P.C.A.P\11.txt, Quarantined, [3024], [383709],1.0.4716

Physical Sector: 0
(No malicious items detected)


(end)





Emsisoft Emergency Kit 2018.3.1.8572 stable [en-us]
OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition)

Forensics log

Date Component Action Details
4/12/2018 5:14:35 PM Scanner Scan finished Scanned 81418 objects and found nothing.
4/12/2018 5:13:47 PM User CORY_LAPTOP\coryh_000 Scan started Malware Scan
4/12/2018 5:13:31 PM User CORY_LAPTOP\coryh_000 Setting modified "Detect PUPs" has been changed to "Enabled".
4/12/2018 5:12:41 PM User Update Downloaded and installed 112 files (16513 kb) (23 sec.).
4/12/2018 5:12:18 PM Core Notification "Recommended Reading:13 mistakes to avoid when choosing antivirus software in 2018".
4/12/2018 5:12:12 PM User Update Failed with error "Server returned error" (0 sec.).
Juliet
2018-04-13, 12:43
I think you should see a significant improvement now.

I can supply you with a list of free antivirus to consider.

Also, if all seems better we can remove tools and quarantine folders now?

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).
Some of these tools work good on different machines, you will have to experiment which runs well on yours.

Anti-Virus

https://i.imgur.com/sZQBUGE.pngSophos Home (https://home.sophos.com/reg)
https://i.imgur.com/GCZb0TR.pngBitdefender Free Antivirus (http://www.bitdefender.com/solutions/free.html)
https://i.imgur.com/1lXc99W.pngEmsisoft Anti-Malware (https://www.emsisoft.com/en/software/antimalware/) - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection
https://i.imgur.com/szLrBjg.pngAvira Free Antivirus (https://www.avira.com/en/avira-free-antivirus)
https://i.imgur.com/90ChiEw.pngavast! Free Antivirus (https://www.avast.com/index)


Anti-Malware

Malwarebytes (https://www.malwarebytes.org/) - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
https://i.imgur.com/S2NFpNw.pngHitmanPro 3 (http://www.surfright.nl/en/hitmanpro) - Free 30 day trial
https://i.imgur.com/ncqvIpu.pngZemana AntiMalware (https://www.zemana.com/AntiMalware) - Free 30 day trial


Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

https://i.imgur.com/7p3JzTS.pngGlassWire (https://www.glasswire.com/) - Has both a free and paid version (with different packages)
https://i.imgur.com/MQIMh6k.pngWindows Firewall Control (http://www.binisoft.org/wfc.php) - Gives you more control over your Windows Firewall
https://i.imgur.com/5RXGshU.pngTinyWall (http://tinywall.pados.hu/) - Lightweight firewall implementing the Windows Firewall and giving you more control over it


Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)


created by Aura
Coryherb
2018-04-13, 19:43
Last night as I was shutting down the computer I got an error message. When I get home will mess with it a bit to make sure not a big deal. Was there anything we did that removed something that could have been used to get my usernames and passwords. Wondering how those accounts were getting stolen. It may have been done outside my computer. Too many pads and user names the same. Thanks for all your help and the information. I will respond tonight after checking computer.
Juliet
2018-04-13, 21:46
Last night as I was shutting down the computer I got an error message. When I get home will mess with it a bit to make sure not a big deal. Was there anything we did that removed something that could have been used to get my usernames and passwords. Wondering how those accounts were getting stolen. It may have been done outside my computer. Too many pads and user names the same. Thanks for all your help and the information. I will respond tonight after checking computer.

I can look at the error message but, I'm really not very good with those. I might be able to send you to someone who can help. I think it just depends on whats going on.

I went back over the logs to see what had been found and tried to see if they could had been linked to anything used to steal passwords, thats a big I don't know since a couple of the infections can be used as in more then one way. And to add, I thought I was seeing some infections that were kinda older to me.
And I can be very wrong there, I just think that todays antivirus tools/programs should had picked up on that or at least thrown out some type of warnings.
Again, thats just my opinion.
Plus, quite a bit was found related to Yahoo and a short time back it was hacked.
Dec 14, 2016 - Yahoo Says It Was Hacked, which left many people with problems. Below I've listed items that were found by running malware tools on your computer.

Deleted: C:\SearchProtect
Deleted: C:\Program Files (x86)\SearchProtect
Deleted: C:\Users\coryh_000\AppData\Local\YSearchUtil
Deleted: C:\Program Files (x86)\Yahoo!\yset
Deleted: C:\ProgramData\Ask
Deleted: C:\ProgramData\Application Data\Ask
Deleted: C:\Users\All Users\Ask
Deleted: C:\Program Files (x86)\Conduit
Deleted: C:\Users\coryh_000\AppData\LocalLow\Conduit
Deleted: C:\Users\coryh_000\AppData\Local\SwvUpdater
PUP.Optional.Somoto
Coryherb
2018-04-14, 06:45
It is working well. Was a memory error when i turned it off last night and came up very slow the first time booting up. But when i restarted all was fine again.

It seems more like my information was picked up through something off computer. It is a relief to have my computer cleaned up and have learned a lot these last few days. Not sure how I will use that information going forward yet. lot to digest.

thanks for your help i really appreciate it. I guess from reading other threads we are going to clean out the stuff we did?
Coryherb
2018-04-14, 08:54
I was wondering if there is a good tool for cleaning up old files. I saw a thread on tools that keep your programs updated. I will look into those. But looking for something that will find orphan files that I just don't need that are still hanging around. that type of thing.

Cory
Juliet
2018-04-14, 13:10
I guess from reading other threads we are going to clean out the stuff we did?
Yes thats the next step


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

*********


I was wondering if there is a good tool for cleaning up old files. I saw a thread on tools that keep your programs updated. I will look into those. But looking for something that will find orphan files that I just don't need that are still hanging around. that type of thing.

Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (https://en.wikipedia.org/wiki/Exploit_kit) (and also 0-days (https://en.wikipedia.org/wiki/Zero-day_(computing))) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them).
Programs like https://i.imgur.com/eF2jhaz.pngUCheck (https://www.adlice.com/download/ucheck/), SUMo (http://www.kcsoftwares.com/?sumo) and https://i.imgur.com/y5YE7At.pngHeimdal Free (http://www.bleepingcomputer.com/download/heimdal-free/) will scan your system for outdated programs, and help you identify them, as well as update them.

Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Virus

https://i.imgur.com/sZQBUGE.pngSophos Home (https://home.sophos.com/reg)
https://i.imgur.com/GCZb0TR.pngBitdefender Free Antivirus (http://www.bitdefender.com/solutions/free.html)
https://i.imgur.com/1lXc99W.pngEmsisoft Anti-Malware (https://www.emsisoft.com/en/software/antimalware/) - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection
https://i.imgur.com/szLrBjg.pngAvira Free Antivirus (https://www.avira.com/en/avira-free-antivirus)
https://i.imgur.com/90ChiEw.pngavast! Free Antivirus (https://www.avast.com/index)


*****************
Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)


Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7
How Malware Spreads - How did I get infected (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams (aka Grinler)
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes
Tips & Advice (http://www.staysafeonline.org/stop-think-connect/tips-and-advice) on StaySafeOnline.org


created by Aura
Coryherb
2018-04-16, 08:34
thank you again for the help. finished that up. Looking through the information you gave me to figure out next steps. Can't thank you enough.
Juliet
2018-04-16, 12:07
We're glad to help http://i.imgur.com/SakDYGv.gif
Juliet
2018-04-18, 02:35
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.