Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Problems with someone taking various accounts

  1. #1
    Junior Member
    Join Date
    Mar 2018
    Posts
    10

    Default Problems with someone taking various accounts

    I have had several accounts taken over. I probably overused the same pw and resulted in much of my problems. However a few times an account was taken over with a new password. I am not sure what to do about it. I am of course changing user names and accounts on anything I can think of. The latest account taken was my blizzard account which I haven't used in years. I recovered it anyway just in case something bad could happen. I have been running both the spybot and mcafee scans since the problem started and haven't had any hits that way. I ran the rootkit analysis and it was overwhelming which prompted me to come to you guys. Another problem i have lately is that internet explorer times out for most sites. My firefox works okay so have been using that.

    I was able to run the FRST tool but the aswMBR crashes when i try to run it. When i try to upload the FRST text files they both say they are too big to upload at 61 and 52 MB.

    Any help you can give me is much appreciated!

    Thanks

    CORY

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hi and welcome

    Can you copy and paste FRST.txt & Addition.txt in your next reply.
    If you need to you can make multiple post.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Mar 2018
    Posts
    10

    Default

    here is the FRST.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
    Ran by coryh_000 (administrator) on CORY_LAPTOP (08-04-2018 22:56:51)
    Running from C:\Users\coryh_000\Desktop
    Loaded Profiles: coryh_000 (Available Profiles: coryh_000)
    Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
    (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
    (McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    (Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
    (Safer-Networking Ltd.) D:\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (McAfee, LLC) C:\Windows\System32\mfevtps.exe
    (Safer-Networking Ltd.) D:\Spybot\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
    (McAfee, LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
    (McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
    (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\McCSPServiceHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
    (Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
    (Spotify Ltd) C:\Users\coryh_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
    () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
    (MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    (L1 Technologies, Inc.) D:\NEOXS\iGolf Sync App\iGolfSyncApp.exe
    (Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
    (Microsoft Corporation) D:\Microsoft Office\Office14\ONENOTEM.EXE
    (Safer-Networking Ltd.) D:\Spybot\Spybot - Search & Destroy 2\SDTray.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Safer-Networking Ltd.) D:\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [602288 2018-03-16] (McAfee, Inc.)
    HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [507016 2012-12-21] (MSI)
    HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1566344 2014-04-08] (Micro-Star International Co., Ltd.)
    HKLM-x32\...\Run: [SDTray] => D:\Spybot\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Run: [Steam] => C:\Steam\Steam.exe [3111712 2017-12-15] (Valve Corporation)
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Run: [Spotify Web Helper] => C:\Users\coryh_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-12] (Spotify Ltd)
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Run: [Spotify] => C:\Users\coryh_000\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-12] (Spotify Ltd)
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Run: [AcuRiteConnect2] => C:\Program Files (x86)\AcuRite\AcuRiteConnect.exe [1083904 2016-04-26] (Chaney Instrument Co)
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-14]
    ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FC2CA280-7EF3-41C9-AD8D-E4CEC4726E5D}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-04-04]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\coryh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iGolf Sync App.lnk [2016-03-14]
    ShortcutTarget: iGolf Sync App.lnk -> D:\NEOXS\iGolf Sync App\iGolfSyncApp.exe (L1 Technologies, Inc.)
    Startup: C:\Users\coryh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-02-19]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> D:\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{240955be-a0ac-4b34-aeea-1cc0bf6f860d}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{e7c617cf-fe0d-498d-87ec-6822be12098c}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL =
    SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> DefaultScope {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810&CUI=UN12070141693219125&SSPV=IED
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-04] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-28] (Oracle Corporation)
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
    BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-28] (Oracle Corporation)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-28] (Oracle Corporation)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
    BHO-x32: Somoto Toolbar -> {bb45ef8e-1e36-4535-a017-ec908fb1e335} -> C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-28] (Oracle Corporation)
    Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
    Toolbar: HKLM-x32 - Somoto Toolbar - {bb45ef8e-1e36-4535-a017-ec908fb1e335} - C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security)
    Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-04] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-04] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-04] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-04] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-03-16] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-03-16] (McAfee, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\coryh_000\AppData\Roaming\Mozilla\Firefox\Profiles\1x671kps.default [2018-04-08]
    FF Extension: (Search and New Tab by Yahoo) - C:\Users\coryh_000\AppData\Roaming\Mozilla\Firefox\Profiles\1x671kps.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2018-04-08] [Legacy]
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Legacy]
    FF SearchPlugin: C:\Users\coryh_000\AppData\Roaming\Mozilla\Firefox\Profiles\1x671kps.default\searchplugins\McSiteAdvisor.xml [2016-01-23]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfeeŽ WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-04-05]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-04-08] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-28] ()
    FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-28] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-28] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-03-16] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-28] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-28] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-03-16] ()
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1578578303-3324816548-2500361984-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-07] ()
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US91118D20160113&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR Profile: C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default [2018-03-22]
    CHR Extension: (Google Slides) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-17]
    CHR Extension: (Google Docs) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-17]
    CHR Extension: (Google Drive) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-17]
    CHR Extension: (YouTube) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-17]
    CHR Extension: (Yahoo Partner) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\commhkacjheiacaopdonmodahaoadoln [2017-04-17]
    CHR Extension: (Adobe Acrobat) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-04]
    CHR Extension: (Google Sheets) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-17]
    CHR Extension: (McAfeeŽ WebAdvisor) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-07-24]
    CHR Extension: (Google Docs Offline) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-17]
    CHR Extension: (Search Manager) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-07-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-17]
    CHR Extension: (Gmail) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-17]
    CHR Extension: (Chrome Media Router) - C:\Users\coryh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22]
    CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22]
    CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
    S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
    R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-03-06] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-26] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe [2141912 2018-03-01] (McAfee, Inc.)
    S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-29] (McAfee, LLC)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-29] (McAfee, LLC)
    R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [472016 2018-01-29] (McAfee, LLC)
    R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-03-16] (McAfee, Inc.)
    R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [144008 2012-12-21] (MSI)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
    R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
    R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-12-10] (Qualcomm Atheros) [File not signed]
    R2 SDScannerService; D:\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    R2 SDUpdateService; D:\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    R2 SDWSCService; D:\Spybot\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-31] (Microsoft Corporation)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2018-03-29] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-03-29] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-03-29] (McAfee, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [98992 2014-11-18] (Qualcomm Atheros, Inc.)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-02] (McAfee, LLC)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
    R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
    S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19000 2012-07-27] (Windows (R) Win 7 DDK provider)
    R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
    R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-19] (Logitech Inc.)
    R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97168 2017-10-09] (McAfee, Inc.)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-02] (McAfee, LLC)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357784 2018-02-02] (McAfee, LLC)
    U3 mfeavfk01; no ImagePath
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-02] (McAfee, LLC)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-02] (McAfee, LLC)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [951200 2018-02-02] (McAfee, LLC)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)
    R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-02] (McAfee, LLC)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-02] (McAfee, LLC)
    R3 NetgearUDSMBus; C:\WINDOWS\system32\drivers\NetgearUDSMBus.sys [107296 2012-08-13] (Windows (R) Codename Longhorn DDK provider)
    R3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\NetgearUDSMBus.sys [92160 2012-06-15] (Windows (R) Codename Longhorn DDK provider) [File not signed]
    R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2017-09-29] (Intel Corporation)
    R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
    R1 SDHookDriver; D:\Spybot\Spybot - Search & Destroy 2\SDHookDrv64.sys [83360 2017-05-23] (Safer-Networking Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-04-08 22:56 - 2018-04-08 22:57 - 000031634 _____ C:\Users\coryh_000\Desktop\FRST.txt
    2018-04-08 22:55 - 2018-04-08 22:56 - 000000000 ____D C:\FRST
    2018-04-08 22:51 - 2018-04-08 22:51 - 002403328 _____ (Farbar) C:\Users\coryh_000\Desktop\FRST64.exe
    2018-04-08 22:50 - 2018-04-08 22:50 - 000002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2018-04-08 22:50 - 2018-04-08 22:50 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-CORY_LAPTOP-Windows-10-Pro-(64-bit).dat
    2018-04-08 22:50 - 2018-04-08 22:50 - 000000000 ____D C:\RegBackup
    2018-04-08 22:50 - 2018-04-08 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2018-04-08 22:50 - 2018-04-08 22:50 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2018-04-08 22:48 - 2018-04-08 22:50 - 000018004 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2018-04-08 22:47 - 2018-04-08 22:47 - 005766144 _____ (Tweaking.com) C:\Users\coryh_000\Desktop\tweaking.com_registry_backup_setup.exe
    2018-04-08 20:54 - 2018-04-08 20:54 - 000000000 ___HD C:\OneDriveTemp
    2018-04-08 12:46 - 2018-04-08 22:10 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
    2018-04-04 22:49 - 2018-04-04 22:52 - 000000000 ____D C:\ProgramData\McAfee Security Scan
    2018-04-04 22:49 - 2018-04-04 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2018-03-21 22:21 - 2018-03-21 22:21 - 000000000 ____D C:\Users\coryh_000\Documents\ProcAlyzer Dumps
    2018-03-20 22:08 - 2018-03-11 23:01 - 000454684 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180320-220800.backup
    2018-03-14 03:07 - 2018-03-01 20:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-03-14 03:07 - 2018-03-01 20:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
    2018-03-14 03:07 - 2018-03-01 20:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
    2018-03-14 03:07 - 2018-03-01 20:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
    2018-03-14 03:07 - 2018-03-01 20:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
    2018-03-14 03:07 - 2018-03-01 20:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
    2018-03-14 03:07 - 2018-03-01 19:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2018-03-14 03:07 - 2018-03-01 13:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
    2018-03-14 03:07 - 2018-03-01 00:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2018-03-14 03:07 - 2018-03-01 00:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2018-03-14 03:07 - 2018-03-01 00:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2018-03-14 03:07 - 2018-03-01 00:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2018-03-14 03:07 - 2018-03-01 00:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2018-03-14 03:07 - 2018-03-01 00:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2018-03-14 03:07 - 2018-03-01 00:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2018-03-14 03:07 - 2018-03-01 00:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2018-03-14 03:07 - 2018-03-01 00:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2018-03-14 03:07 - 2018-03-01 00:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2018-03-14 03:07 - 2018-03-01 00:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-03-14 03:07 - 2018-03-01 00:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2018-03-14 03:07 - 2018-03-01 00:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2018-03-14 03:07 - 2018-03-01 00:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2018-03-14 03:07 - 2018-03-01 00:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-03-14 03:07 - 2018-03-01 00:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-03-14 03:07 - 2018-03-01 00:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-03-14 03:07 - 2018-03-01 00:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2018-03-14 03:07 - 2018-03-01 00:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-03-14 03:07 - 2018-03-01 00:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-03-14 03:07 - 2018-03-01 00:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-03-14 03:07 - 2018-03-01 00:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-03-14 03:07 - 2018-03-01 00:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-03-14 03:07 - 2018-03-01 00:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-03-14 03:07 - 2018-03-01 00:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2018-03-14 03:07 - 2018-03-01 00:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-03-14 03:07 - 2018-03-01 00:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-03-14 03:07 - 2018-03-01 00:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-03-14 03:07 - 2018-03-01 00:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-03-14 03:07 - 2018-03-01 00:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
    2018-03-14 03:07 - 2018-03-01 00:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2018-03-14 03:07 - 2018-03-01 00:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2018-03-14 03:07 - 2018-03-01 00:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2018-03-14 03:07 - 2018-03-01 00:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2018-03-14 03:07 - 2018-03-01 00:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-03-14 03:07 - 2018-03-01 00:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2018-03-14 03:07 - 2018-03-01 00:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
    2018-03-14 03:07 - 2018-03-01 00:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2018-03-14 03:07 - 2018-03-01 00:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2018-03-14 03:07 - 2018-03-01 00:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
    2018-03-14 03:07 - 2018-03-01 00:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
    2018-03-14 03:07 - 2018-03-01 00:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-03-14 03:07 - 2018-02-28 23:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-03-14 03:07 - 2018-02-28 23:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-03-14 03:07 - 2018-02-28 23:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2018-03-14 03:07 - 2018-02-28 23:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2018-03-14 03:07 - 2018-02-28 23:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-03-14 03:07 - 2018-02-28 23:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-03-14 03:07 - 2018-02-28 23:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-03-14 03:07 - 2018-02-28 23:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-03-14 03:07 - 2018-02-28 23:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
    2018-03-14 03:07 - 2018-02-28 23:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2018-03-14 03:07 - 2018-02-28 23:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
    2018-03-14 03:07 - 2018-02-28 23:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2018-03-14 03:07 - 2018-02-28 23:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-03-14 03:07 - 2018-02-28 23:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
    2018-03-14 03:07 - 2018-02-28 23:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2018-03-14 03:07 - 2018-02-28 23:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-03-14 03:07 - 2018-02-28 23:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-03-14 03:07 - 2018-02-28 23:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
    2018-03-14 03:07 - 2018-02-28 23:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-03-14 03:07 - 2018-02-28 23:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
    2018-03-14 03:07 - 2018-02-28 23:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2018-03-14 03:07 - 2018-02-28 23:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-03-14 03:07 - 2018-02-28 23:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-03-14 03:07 - 2018-02-28 23:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-03-14 03:07 - 2018-02-28 23:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2018-03-14 03:07 - 2018-02-28 23:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2018-03-14 03:07 - 2018-02-28 22:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
    2018-03-14 03:07 - 2018-02-28 22:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2018-03-14 03:07 - 2018-02-28 22:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-03-14 03:07 - 2018-02-28 22:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
    2018-03-14 03:07 - 2018-02-28 22:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-03-14 03:07 - 2018-02-28 22:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-03-14 03:07 - 2018-02-28 22:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-03-14 03:07 - 2018-02-28 22:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-03-14 03:07 - 2018-02-28 22:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
    2018-03-14 03:07 - 2018-02-28 22:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-03-14 03:07 - 2018-02-28 22:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-03-14 03:07 - 2018-02-28 22:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-03-14 03:07 - 2018-02-28 22:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-03-14 03:07 - 2018-02-28 22:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-03-14 03:07 - 2018-02-28 22:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-03-14 03:07 - 2018-02-28 22:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-03-14 03:07 - 2018-02-28 22:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-03-14 03:07 - 2018-02-28 22:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-03-14 03:07 - 2018-02-28 22:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-03-14 03:07 - 2018-02-28 22:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
    2018-03-14 03:07 - 2018-02-28 22:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2018-03-14 03:07 - 2018-02-28 22:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2018-03-14 03:07 - 2018-02-28 22:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
    2018-03-14 03:07 - 2018-02-28 22:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
    2018-03-14 03:07 - 2018-02-28 22:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2018-03-14 03:07 - 2018-02-28 22:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-03-14 03:07 - 2018-02-28 22:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-03-14 03:07 - 2018-02-28 22:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
    2018-03-14 03:07 - 2018-02-28 22:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-03-14 03:07 - 2018-02-28 22:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2018-03-14 03:07 - 2018-02-28 22:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2018-03-14 03:07 - 2018-02-28 22:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-03-14 03:07 - 2018-02-28 22:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-03-14 03:07 - 2018-02-28 22:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-03-14 03:07 - 2018-02-28 22:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2018-03-14 03:07 - 2018-02-28 22:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
    2018-03-14 03:07 - 2018-02-28 22:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-03-14 03:07 - 2018-02-28 22:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2018-03-14 03:07 - 2018-02-28 22:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
    2018-03-14 03:07 - 2018-02-28 22:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2018-03-14 03:07 - 2018-02-28 22:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
    2018-03-14 03:07 - 2018-02-28 22:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2018-03-14 03:07 - 2018-02-28 22:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-03-14 03:07 - 2018-02-28 22:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
    2018-03-14 03:07 - 2018-02-28 22:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2018-03-14 03:07 - 2018-02-28 22:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2018-03-14 03:07 - 2018-02-28 22:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-03-14 03:07 - 2018-02-28 22:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
    2018-03-14 03:07 - 2018-02-28 22:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-03-14 03:07 - 2018-02-28 22:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-03-14 03:07 - 2018-02-28 22:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
    2018-03-14 03:07 - 2018-02-28 22:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-03-14 03:07 - 2018-02-28 22:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-03-14 03:07 - 2018-02-28 22:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-03-14 03:07 - 2018-02-28 22:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
    2018-03-14 03:07 - 2018-02-28 22:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-03-14 03:07 - 2018-02-28 22:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-03-14 03:07 - 2018-02-28 22:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-03-14 03:07 - 2018-02-28 22:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-03-14 03:07 - 2018-02-28 22:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-03-14 03:07 - 2018-02-28 22:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-03-14 03:07 - 2018-02-28 22:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2018-03-14 03:07 - 2018-02-28 22:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-03-14 03:07 - 2018-02-28 22:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2018-03-14 03:07 - 2018-02-28 22:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2018-03-14 03:07 - 2018-02-28 22:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
    2018-03-14 03:07 - 2018-02-28 22:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2018-03-14 03:07 - 2018-02-28 22:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2018-03-14 03:07 - 2018-02-28 22:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2018-03-14 03:07 - 2018-02-28 22:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
    2018-03-14 03:07 - 2018-02-28 22:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
    2018-03-14 03:07 - 2018-02-28 22:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
    2018-03-14 03:07 - 2018-02-28 22:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2018-03-14 03:07 - 2018-02-21 19:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-03-14 03:07 - 2018-02-21 19:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-03-14 03:07 - 2018-02-21 19:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2018-03-14 03:07 - 2018-02-21 19:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-03-14 03:07 - 2018-02-21 19:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
    2018-03-14 03:07 - 2018-02-21 19:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2018-03-14 03:07 - 2018-02-21 19:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-03-14 03:07 - 2018-02-21 19:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-03-14 03:07 - 2018-02-21 19:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-03-14 03:07 - 2018-02-21 19:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-03-14 03:07 - 2018-02-21 19:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-03-14 03:07 - 2018-02-21 19:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
    2018-03-14 03:07 - 2018-02-21 19:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2018-03-14 03:07 - 2018-02-21 19:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
    2018-03-14 03:07 - 2018-02-21 19:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2018-03-14 03:07 - 2018-02-21 19:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2018-03-14 03:07 - 2018-02-21 18:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-03-14 03:07 - 2018-02-21 18:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2018-03-14 03:07 - 2018-02-21 18:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2018-03-14 03:07 - 2018-02-21 18:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2018-03-14 03:07 - 2018-02-21 18:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2018-03-14 03:07 - 2018-02-21 18:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2018-03-14 03:07 - 2018-02-21 18:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-03-14 03:07 - 2018-02-21 18:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2018-03-14 03:07 - 2018-02-21 17:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-03-14 03:07 - 2018-02-21 17:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
    2018-03-14 03:07 - 2018-02-21 17:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
    2018-03-14 03:07 - 2018-02-21 17:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2018-03-14 03:07 - 2018-02-21 17:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
    2018-03-14 03:07 - 2018-02-21 17:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2018-03-14 03:07 - 2018-02-21 17:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2018-03-14 03:07 - 2018-02-21 17:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2018-03-14 03:07 - 2018-02-21 17:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2018-03-11 23:01 - 2018-02-19 23:07 - 000454684 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180311-230141.backup

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-04-08 22:32 - 2013-09-09 20:20 - 000002021 _____ C:\WINDOWS\wininit.ini
    2018-04-08 22:26 - 2012-11-19 20:17 - 000000000 ____D C:\Users\coryh_000\Documents\Outlook Files
    2018-04-08 21:00 - 2018-01-31 00:53 - 001041998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-04-08 20:57 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-04-08 20:56 - 2016-01-13 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2018-04-08 20:54 - 2018-02-25 20:49 - 000000000 ____D C:\ProgramData\Logishrd
    2018-04-08 20:54 - 2017-01-17 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2018-04-08 20:54 - 2017-01-17 20:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-04-08 20:54 - 2016-01-13 22:06 - 000000000 __RSD C:\Users\coryh_000\Documents\McAfee Vaults
    2018-04-08 20:54 - 2013-11-17 11:17 - 000000000 __RDO C:\Users\coryh_000\SkyDrive
    2018-04-08 20:53 - 2018-01-31 00:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-04-08 20:53 - 2016-10-10 14:52 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-04-08 20:53 - 2016-03-29 21:53 - 000000000 ____D C:\Program Files\TrueKey
    2018-04-08 20:53 - 2016-01-13 22:03 - 000000000 ____D C:\Program Files (x86)\McAfee
    2018-04-08 20:53 - 2015-08-08 14:24 - 000000000 __SHD C:\Users\coryh_000\IntelGraphicsProfiles
    2018-04-08 20:52 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2018-04-08 20:20 - 2013-02-16 22:06 - 000000000 ____D C:\Users\coryh_000\AppData\Roaming\Skype
    2018-04-08 20:14 - 2018-01-31 00:50 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EDC07973-4DA1-44D7-8028-829E2B245BB2}
    2018-04-08 20:11 - 2017-04-17 15:12 - 000000000 ____D C:\Users\coryh_000\AppData\Roaming\Curse Client
    2018-04-08 20:10 - 2018-01-31 00:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-04-08 12:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2018-04-08 12:35 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-04-08 12:35 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-04-07 11:20 - 2012-11-04 23:23 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2018-04-07 11:18 - 2018-01-31 00:50 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
    2018-04-07 11:16 - 2018-01-31 00:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2018-04-07 11:15 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-04-04 23:57 - 2018-01-31 00:50 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
    2018-04-04 23:00 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-04-04 22:49 - 2018-01-31 00:50 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1578578303-3324816548-2500361984-1001
    2018-04-04 22:49 - 2016-03-29 22:23 - 000000000 ____D C:\Program Files\McAfee Security Scan
    2018-04-04 22:49 - 2016-03-29 21:53 - 000002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2018-04-04 22:49 - 2015-08-30 14:22 - 000002420 _____ C:\Users\coryh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-03-21 18:02 - 2015-08-30 14:24 - 000001008 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2018-03-21 18:02 - 2015-08-30 14:24 - 000001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2018-03-21 18:02 - 2015-08-30 14:24 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2018-03-21 18:02 - 2015-08-30 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2018-03-21 17:27 - 2018-02-24 01:11 - 000001282 _____ C:\Users\coryh_000\Desktop\nativelog.txt
    2018-03-21 17:26 - 2013-05-03 21:06 - 000000000 ____D C:\Users\coryh_000\AppData\Roaming\.minecraft
    2018-03-21 17:19 - 2017-04-17 16:07 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-03-21 17:19 - 2017-04-17 16:07 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-03-20 21:32 - 2012-11-02 18:11 - 000000000 ____D C:\Steam
    2018-03-14 18:29 - 2017-01-17 20:45 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2018-03-14 04:10 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
    2018-03-14 04:04 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-03-14 04:00 - 2018-01-31 00:42 - 000422200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-03-14 04:00 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
    2018-03-14 04:00 - 2015-09-16 03:34 - 000000000 ___RD C:\Users\coryh_000\3D Objects
    2018-03-14 04:00 - 2015-08-30 14:20 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-03-14 03:59 - 2018-01-31 00:43 - 000000000 ____D C:\Users\coryh_000
    2018-03-14 03:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
    2018-03-14 03:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2018-03-14 03:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-03-14 03:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2018-03-14 03:14 - 2013-10-29 02:47 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-03-14 03:11 - 2017-10-11 20:46 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2018-03-14 03:11 - 2012-12-13 21:05 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-03-14 03:08 - 2017-09-29 06:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-03-14 03:08 - 2017-09-29 06:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

    ==================== Files in the root of some directories =======

    2015-08-14 09:43 - 2015-08-14 09:45 - 000000000 _____ () C:\Users\coryh_000\AppData\Local\Driver_LOM_8161Present.flag
    2013-01-29 20:40 - 2013-01-29 20:40 - 000007602 ____H () C:\Users\coryh_000\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-04-05 00:13

    ==================== End of FRST.txt ============================

  4. #4
    Junior Member
    Join Date
    Mar 2018
    Posts
    10

    Default

    Here is the addition file.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by coryh_000 (08-04-2018 22:57:29)
    Running from C:\Users\coryh_000\Desktop
    Windows 10 Pro Version 1709 16299.309 (X64) (2018-01-31 07:51:44)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1578578303-3324816548-2500361984-500 - Administrator - Disabled)
    coryh_000 (S-1-5-21-1578578303-3324816548-2500361984-1001 - Administrator - Enabled) => C:\Users\coryh_000
    DefaultAccount (S-1-5-21-1578578303-3324816548-2500361984-503 - Limited - Disabled)
    Guest (S-1-5-21-1578578303-3324816548-2500361984-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1578578303-3324816548-2500361984-1010 - Limited - Enabled)
    WDAGUtilityAccount (S-1-5-21-1578578303-3324816548-2500361984-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AcuRite Connect (HKLM-x32\...\{6E613C42-AC6D-457D-BE81-88811AD84473}) (Version: 1.2.1 - Chaney Instrument Co.)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
    Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
    Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    iGolf Sync App (HKLM-x32\...\{4F11B5B9-0946-4A3B-B1A4-AF2FF2869D3F}_is1) (Version: 2.2.0.2 - L1 Technologies, Inc.)
    Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
    Intel Security True Key (HKLM\...\TrueKey) (Version: 4.20.110.1 - Intel Security)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Driver Update Utility 2.2 (HKLM-x32\...\{3EE9923D-3045-46AB-9CAA-E375993AEB4A}) (Version: 2.2.0.1 - Intel) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
    Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    KLM (HKLM-x32\...\{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1403.2801 - Application) Hidden
    KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1403.2801 - Application)
    Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
    McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R10 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
    MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
    MSI Kombustor 2.4.2 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
    MyHarmony (HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
    NETGEAR USB Control Center (HKLM-x32\...\{4528B812-FF2C-4E3A-A9EA-1ECB483BF03A}) (Version: 1.32 - NETGEAR)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
    Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{1A77E21C-C032-43D5-BF9D-E5D8DDC9E4D6}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer E220x Drivers (HKLM\...\{6349EBF1-DC7A-4AF9-8BCC-7DF0C3EF1B34}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.49.1068 - Qualcomm Atheros)
    Qualcomm Atheros Network Manager (HKLM\...\{FC2CA280-7EF3-41C9-AD8D-E4CEC4726E5D}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Civilization V) (Version: - 2K Games, Inc.)
    Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
    Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{CE6498D2-104D-4E95-95A6-8692C63317DC}) (Version: 6.5 - Silicon Laboratories, Inc.)
    Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
    Somoto Toolbar (HKLM-x32\...\Somoto Toolbar) (Version: 6.10.3.503 - Somoto)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.016 - MSI)
    System Requirements Lab Detection (HKLM-x32\...\{C7D28BB9-F00D-424A-9A65-285379A7AAAC}) (Version: 6.1.6.0 - Husdawg, LLC)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
    VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
    Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
    Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-03-16] (McAfee, Inc.)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Spybot\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Spybot\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-03-16] (McAfee, Inc.)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Spybot\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:\Spybot\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {050EC55C-3A64-4DC1-8B60-A33972BF48A4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-11-19] (Adobe Systems Incorporated)
    Task: {082F823B-9F86-4896-866D-16A11EDCFB64} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {08D2B678-76E3-4D22-B87E-0B1D3B22F60C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {139DB17A-1453-4FE1-80D5-793F88EB2302} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {34ACCB81-F29E-4376-B55D-C223A9261302} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {4252F5BC-DDEF-4ECF-9801-B93FE5C03248} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
    Task: {42BF8265-E0BC-4E15-9EB6-154897BDF5F8} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
    Task: {440A8B0A-C5BF-4567-8095-887005726425} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {50A7178E-C7E5-4B33-A238-386CEF82FFDB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\Spybot\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {51B1EE91-15D4-4D9E-9C98-3F093D1AF706} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {5C9A409A-7434-4846-A8D6-88AF8799BB16} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
    Task: {73E0D843-6B41-4FD8-95C3-6E243FABC379} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {74AFB16E-BE2F-44B3-B025-AD7E15CC72D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88} - \WPD\SqmUpload_S-1-5-21-1578578303-3324816548-2500361984-1001 -> No File <==== ATTENTION
    Task: {817483EB-5ADE-4208-AC41-3D026838FDDD} - System32\Tasks\GoogleUpdateTaskMachineCore1cff13e4a7cd3fd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {887FAAB7-E9A4-478D-A9C0-27E1A5F010AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {8B172B57-C74E-4FF9-97C5-8612B5A0114B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {8D0ED5EC-94EF-447C-9E11-7144BCF958B8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-04] (Microsoft Corporation)
    Task: {9568E742-0F6B-4FB8-B726-7CB4D302189D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {9A69CADA-28D2-47B8-8E08-733780451129} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {AEE2F9D1-97A5-4BCC-9B8A-75A3584275D3} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
    Task: {B5866EF4-D2A3-4351-A2F0-0C2814300D23} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-19] (Adobe Systems Incorporated)
    Task: {B95A1186-BA65-413B-807F-DA20DB8F451F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {B9FF1733-3DCB-4C1B-B300-8F915196A573} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-04] (Microsoft Corporation)
    Task: {BF629F3E-4942-4710-A9A5-DEC212E602A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cf90f246c31d13 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {C2556A16-47A9-4378-B908-865C0D7B138A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
    Task: {C5022F41-6642-4F43-946D-934BD93D7265} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {C9D03FB6-DA50-4DBB-8F89-1CA104394A06} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
    Task: {D727968C-6088-4391-BC93-79853D216A5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {DC03001D-89E3-4050-9836-B9AF28708811} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf641cbec6bc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {DE684E21-A30E-4DA3-B272-3E4BCBCE92A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => D:\Spybot\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {E332637D-F79E-409E-A4A0-8A3DAFC224CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {E6A61042-5CC5-43D8-8A83-CA4265E4BCAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => D:\Spybot\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {F5BD8EC1-DB53-4BC1-84FD-39CAA6224BBB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-04-04] (Microsoft Corporation)
    Task: {F9F1DCD2-B989-4FF6-8942-181A0CF06A2D} - System32\Tasks\GoogleUpdateTaskMachineCore1cffedd21adfb79 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {FCC20C1E-58ED-4F59-A53E-D74C6FD876E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf90f246c31d13.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cff13e4a7cd3fd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2018-03-14 03:07 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2018-03-14 03:07 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-03-23 16:08 - 2018-03-23 16:08 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-03-23 16:08 - 2018-03-23 16:08 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-03-23 16:08 - 2018-03-23 16:08 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-03-23 16:08 - 2018-03-23 16:08 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-03-23 16:08 - 2018-03-23 16:08 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2018-03-01 02:18 - 2018-03-01 02:18 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\McCSPMsgBusDLL.dll
    2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2017-10-19 20:29 - 2017-10-19 20:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2017-10-19 20:29 - 2017-10-19 20:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2017-10-19 20:02 - 2017-10-19 20:02 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
    2017-10-19 20:02 - 2017-10-19 20:02 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
    2014-12-10 22:44 - 2014-12-10 22:44 - 000330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
    2018-04-05 22:25 - 2018-04-05 22:26 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2018-03-08 23:44 - 2018-03-08 23:44 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-03-21 18:02 - 2016-09-13 14:00 - 000167768 _____ () D:\Spybot\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2018-03-21 18:02 - 2016-09-13 14:00 - 000109400 _____ () D:\Spybot\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2018-03-21 18:02 - 2016-09-13 14:00 - 000416600 _____ () D:\Spybot\Spybot - Search & Destroy 2\DEC150.bpl
    2015-08-08 14:05 - 2016-06-14 18:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2018-03-21 18:02 - 2017-05-12 11:36 - 000507464 _____ () D:\Spybot\Spybot - Search & Destroy 2\sqlite3.dll
    2017-01-17 20:44 - 2018-04-04 23:02 - 001012912 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
    2017-01-17 20:47 - 2017-12-03 22:13 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
    There are 7936 more sites.

    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\123simsen.com -> www.123simsen.com

    There are 7937 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2018-03-20 22:08 - 000454684 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 www.123fporn.info
    127.0.0.1 123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15603 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\coryh_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: IDriverT => 3
    HKLM\...\StartupApproved\Run32: => "mcui_exe"
    HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\StartupApproved\Run: => "AcuRiteConnect2"
    HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\...\StartupApproved\Run: => "Spotify"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{FCB0E937-9C42-489A-8681-D9791FDC863D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
    FirewallRules: [{EC8B29F4-626E-4049-B88F-603EDEE666C5}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
    FirewallRules: [UDP Query User{562B5DCA-1513-4FDB-8EDE-68297439E81F}D:\neoxs\igolf sync app\igolfsyncapp.exe] => (Allow) D:\neoxs\igolf sync app\igolfsyncapp.exe
    FirewallRules: [TCP Query User{D9719237-FFA0-4A08-9D5B-A93A7CF5D810}D:\neoxs\igolf sync app\igolfsyncapp.exe] => (Allow) D:\neoxs\igolf sync app\igolfsyncapp.exe
    FirewallRules: [{5A8CA5C7-E30B-41DE-A32E-DF5D24A486D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{6A49B2FD-530C-452A-B7EE-6B05F00F1102}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{D503B254-F470-45EF-A9A9-FD4A16BBD772}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{F19E77ED-3157-492C-8FFE-0395E475B3DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{5DBE9E33-EAC1-40FF-BFE7-0A1D99C0B35B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{FD6A9D6C-7057-4CAD-AD07-2A9AFBAC053C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F9CE4FD3-1F4F-4259-86FE-E159FD04F442}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [UDP Query User{9D81DF9B-34EE-430D-8D9C-8C499A77CBB0}C:\program files (x86)\netgear\usb control center\control center.exe] => (Block) C:\program files (x86)\netgear\usb control center\control center.exe
    FirewallRules: [TCP Query User{0A927754-0039-43D7-95DB-0ED242FA4812}C:\program files (x86)\netgear\usb control center\control center.exe] => (Block) C:\program files (x86)\netgear\usb control center\control center.exe
    FirewallRules: [{F4FDFE56-E5D7-41DC-B335-089F84BD56F0}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
    FirewallRules: [{8A7F2491-3237-4229-8CB4-022126118E03}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
    FirewallRules: [{51E8DA6A-DF55-4485-8E57-10E4B14529B9}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
    FirewallRules: [{822B85BC-AD52-4E9D-B813-EE969A3516BC}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
    FirewallRules: [{A29A04DC-F179-4E1D-9BC7-F4FDCB5F21D8}] => (Allow) C:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{01DDEFA5-539D-446C-AF99-6E8CED212332}] => (Allow) C:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{B8E59C1F-826B-4D13-85FD-C90EDC9F2C41}] => (Allow) D:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{AD962F6E-E3F7-4E6F-B49E-1941CDEE9FB0}] => (Allow) D:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{BFC0AB5C-0BAD-41CC-808B-615350A96F04}] => (Allow) LPort=7423
    FirewallRules: [{38630CB8-67B5-4C3B-8643-39A02CC3E1DF}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
    FirewallRules: [{6924905E-563D-4BB0-9990-8B99F68879C2}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
    FirewallRules: [{4A18C945-283A-4B7B-BDA4-6774FF1E7107}] => (Allow) D:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{6329FC40-D439-4F18-AE1D-DEF2F60C6C10}] => (Allow) D:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{A85ADD02-91C7-4891-8F26-FA4561F019A6}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{F8A4BD3E-E10F-437A-AD69-1AB01503930F}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{B95C73E0-5D2A-43D6-BDCF-154EA8BBDDDC}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{F857459A-B7B2-4F52-89C2-A3EC182B551B}] => (Allow) D:\Microsoft Office\Office14\ONENOTE.EXE
    FirewallRules: [{415093BA-F421-4EDB-8335-075AB3CB6D24}] => (Allow) D:\Microsoft Office\Office14\ONENOTE.EXE
    FirewallRules: [{F3E1E996-942D-4D0F-9757-AE5DBB011BA6}] => (Allow) C:\Steam\Steam.exe
    FirewallRules: [{DE40CE82-5B69-463C-98FD-E04A3CF0AAA3}] => (Allow) C:\Steam\Steam.exe
    FirewallRules: [{2C3E0721-880E-4F04-8507-AC9B70167638}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
    FirewallRules: [{663F27C9-1AFB-4EB5-A824-0F32D3DDCE75}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
    FirewallRules: [{B5334554-2FE1-4975-8EB1-CC5F6B67E0CD}] => (Allow) D:\Steam\SteamApps\common\Anno 2070\Anno5.exe
    FirewallRules: [{D7BC62D7-E353-4059-ABC4-AD9036BDCD84}] => (Allow) D:\Steam\SteamApps\common\Anno 2070\Anno5.exe
    FirewallRules: [{40DBF016-7EC8-46EB-B94D-07A68F751D25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{F7F4B454-E7EB-4008-8C4A-3D38557D6AD0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{2C2FA1CA-90FC-4686-8055-50FD6559FDA6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [{6126FFCB-D1DF-434B-B6A6-761CA7BDBD5C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{F497DCE7-D794-4F10-B4CF-D43AD0E93372}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{118F521F-5A90-4358-8632-CBFCF1734A2D}] => (Allow) C:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{16F8B194-83C7-463F-91B3-135E94ED415D}] => (Allow) C:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [TCP Query User{A9D84B36-8BCD-4E86-A4CD-2441B7507B0F}C:\users\coryh_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\coryh_000\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{E24EA3DE-BC9F-485D-B796-E50E2A8514BA}C:\users\coryh_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\coryh_000\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{6E51A936-C600-462F-89E0-DE62279BD6D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{AC58D4FF-5F3F-4940-B6ED-E1EF37C65FAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{FFB3541F-1F5F-406A-B7F2-B660FEF472DE}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{B8758421-B962-4D7D-8F1C-5FEE0AF95C96}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{E14B00A8-3F10-4C8B-AB8F-B035EFF920B7}] => (Allow) C:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
    FirewallRules: [{89397195-4BC1-4077-B9AD-D4923D05F2C0}] => (Allow) C:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
    FirewallRules: [{00C97B13-3511-400B-B170-303259669B92}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{58637F78-D5FB-408C-91FD-FA902F9846E9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{21A91B54-F3AE-409C-90E2-DD259A2FBB76}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{DF915D3B-FD94-4691-944F-5ED28E458E84}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{1E10856A-F94C-4D51-9A2D-A15FF8C61C3C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{50F9048F-11BD-40F2-BFB6-225CA3BBF696}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{7E742B41-F13F-4A89-B4CD-322716C741E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [TCP Query User{698EFD72-A966-45BF-9753-0BAC024081CA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{9EE3A6DF-BE00-4581-AB25-B62C374DD419}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{EFFCB88F-E3CC-4A1E-8BF2-686C3D4E3B3B}] => (Block) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{2A2C34FB-E774-48EC-AB46-C7F03D3E4206}] => (Block) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{FAEE8B44-09A1-4007-BCFD-7C4C2BC544B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    StandardProfile\AuthorizedApplications: [D:\Spybot\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [D:\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [D:\Spybot\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [D:\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    14-03-2018 03:07:15 Windows Update
    04-04-2018 23:25:10 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/08/2018 09:30:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
    Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
    Exception code: 0xcfffffff
    Fault offset: 0x00000000000a3734
    Faulting process id: 0x37b8
    Faulting application start time: 0x01d3cfbb6318ce68
    Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: c463f842-a470-4c04-a7d4-471b186e3a55
    Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: ContentProcess

    Error: (04/08/2018 08:38:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
    Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
    Exception code: 0xcfffffff
    Fault offset: 0x00000000000a3734
    Faulting process id: 0xa490
    Faulting application start time: 0x01d3cfb3ac1ff606
    Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: df3370d3-f997-415b-b1c2-57629a05429e
    Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: ContentProcess

    Error: (04/08/2018 08:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
    Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
    Exception code: 0xcfffffff
    Fault offset: 0x00000000000a3734
    Faulting process id: 0x51bc
    Faulting application start time: 0x01d3cfb296e2d142
    Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: e7f30f8f-3f98-4687-b444-d7ed9bbb80b8
    Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: ContentProcess

    Error: (04/08/2018 08:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: dstokenclean.exe, version: 10.0.16299.15, time stamp: 0x9833bdf6
    Faulting module name: SHLWAPI.dll, version: 10.0.16299.15, time stamp: 0x2303fb66
    Exception code: 0xc0000005
    Fault offset: 0x0000000000003d3a
    Faulting process id: 0x1fd0
    Faulting application start time: 0x01d3cfb360f04c94
    Faulting application path: C:\WINDOWS\system32\dstokenclean.exe
    Faulting module path: C:\WINDOWS\System32\SHLWAPI.dll
    Report Id: 9a97174a-e83a-4001-8bc3-b8522d113988
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/08/2018 08:26:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
    Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
    Exception code: 0xcfffffff
    Fault offset: 0x00000000000a3734
    Faulting process id: 0x8d80
    Faulting application start time: 0x01d3cfb09541d134
    Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 971b14e2-aa75-46c3-a9ad-dcf629f03df3
    Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: ContentProcess

    Error: (04/08/2018 08:11:17 PM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

    Error: (04/08/2018 08:11:17 PM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

    Error: (04/08/2018 08:11:06 PM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected


    System errors:
    =============
    Error: (04/08/2018 10:50:38 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (04/08/2018 10:45:04 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (04/08/2018 10:29:13 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (04/08/2018 09:35:46 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (04/08/2018 09:34:16 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (04/08/2018 09:32:45 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (04/08/2018 09:31:15 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (04/08/2018 09:29:44 PM) (Source: DCOM) (EventID: 10010) (User: CORY_LAPTOP)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.


    CodeIntegrity:
    ===================================

    Date: 2018-04-08 22:50:41.373
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2018-04-08 22:50:41.367
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2018-04-08 22:50:38.493
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-04-08 22:50:38.488
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-04-08 22:50:38.479
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-04-08 22:50:38.474
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-04-08 22:50:38.466
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-04-08 22:50:38.461
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Spybot\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
    Percentage of memory in use: 29%
    Total physical RAM: 16280.7 MB
    Available physical RAM: 11487.96 MB
    Total Virtual: 18712.7 MB
    Available Virtual: 14195.62 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:237.94 GB) (Free:137.5 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:698.63 GB) (Free:582.6 GB) NTFS

    \\?\Volume{b505a41a-24b5-11e2-be66-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{3bd12be9-0000-0000-0000-90823b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 3BD12BE9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: AA9693FE)
    Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    Highlight the entire content of the quote box below.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL =
    SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> DefaultScope {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810&CUI=UN12070141693219125&SSPV=IED
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    BHO-x32: Somoto Toolbar -> {bb45ef8e-1e36-4535-a017-ec908fb1e335} -> C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
    Toolbar: HKLM-x32 - Somoto Toolbar - {bb45ef8e-1e36-4535-a017-ec908fb1e335} - C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
    Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
    Task: {08D2B678-76E3-4D22-B87E-0B1D3B22F60C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {139DB17A-1453-4FE1-80D5-793F88EB2302} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {34ACCB81-F29E-4376-B55D-C223A9261302} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {440A8B0A-C5BF-4567-8095-887005726425} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {74AFB16E-BE2F-44B3-B025-AD7E15CC72D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88} - \WPD\SqmUpload_S-1-5-21-1578578303-3324816548-2500361984-1001 -> No File <==== ATTENTION
    Task: {887FAAB7-E9A4-478D-A9C0-27E1A5F010AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {8B172B57-C74E-4FF9-97C5-8612B5A0114B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {9568E742-0F6B-4FB8-B726-7CB4D302189D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {9A69CADA-28D2-47B8-8E08-733780451129} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B95A1186-BA65-413B-807F-DA20DB8F451F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {C5022F41-6642-4F43-946D-934BD93D7265} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E332637D-F79E-409E-A4A0-8A3DAFC224CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FCC20C1E-58ED-4F59-A53E-D74C6FD876E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Emptytemp:
    End::

    Press the Fix button.
    FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.

    ~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted RogueKiller clean log
    • Copy/pasted AdwCleaner clean log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Mar 2018
    Posts
    10

    Default

    thanks for help you are giving me. Here are the logs

    Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by coryh_000 (11-04-2018 18:29:40) Run:1
    Running from C:\Users\coryh_000\Desktop
    Loaded Profiles: coryh_000 (Available Profiles: coryh_000)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL =
    SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_17_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtDtAyDyC0F0EyDyE0EtAtN0D0Tzu0StBtDtAtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StD0BtD0EyByEyByBtGtCtA0B0FtG0EtDtCyDtGyEzy0ByDtGtC0C0B0FtA0DyCtD0DtC0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzytC0EtDtD0EtCtG0CtB0E0BtGyEyBtCyDtGzzyD0F0FtG0AyCtC0EyE0F0EyB0AyB0EtD2QtN0A0LzuyE%26cr%3D1142949544%26a%3Dwbf_mdaffmarmarie_17_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> DefaultScope {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810&CUI=UN12070141693219125&SSPV=IED
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {1DA1963F-AC7D-4B7F-8874-9588C6F75419} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160113&p={searchTerms}
    BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    BHO-x32: Somoto Toolbar -> {bb45ef8e-1e36-4535-a017-ec908fb1e335} -> C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
    Toolbar: HKLM-x32 - Somoto Toolbar - {bb45ef8e-1e36-4535-a017-ec908fb1e335} - C:\Program Files (x86)\Somoto\prxtbSom0.dll [2013-04-14] (Conduit Ltd.)
    Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1578578303-3324816548-2500361984-1001 -> No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} - No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
    Task: {08D2B678-76E3-4D22-B87E-0B1D3B22F60C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {139DB17A-1453-4FE1-80D5-793F88EB2302} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {34ACCB81-F29E-4376-B55D-C223A9261302} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {440A8B0A-C5BF-4567-8095-887005726425} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {74AFB16E-BE2F-44B3-B025-AD7E15CC72D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88} - \WPD\SqmUpload_S-1-5-21-1578578303-3324816548-2500361984-1001 -> No File <==== ATTENTION
    Task: {887FAAB7-E9A4-478D-A9C0-27E1A5F010AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {8B172B57-C74E-4FF9-97C5-8612B5A0114B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {9568E742-0F6B-4FB8-B726-7CB4D302189D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {9A69CADA-28D2-47B8-8E08-733780451129} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B95A1186-BA65-413B-807F-DA20DB8F451F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {C5022F41-6642-4F43-946D-934BD93D7265} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E332637D-F79E-409E-A4A0-8A3DAFC224CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FCC20C1E-58ED-4F59-A53E-D74C6FD876E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}" => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => not found
    "HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    "HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC}" => removed successfully
    HKLM\Software\Classes\CLSID\{04DC2DC9-CCF8-4595-9A21-ACA942CB4DCC} => not found
    "HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DA1963F-AC7D-4B7F-8874-9588C6F75419}" => removed successfully
    HKLM\Software\Classes\CLSID\{1DA1963F-AC7D-4B7F-8874-9588C6F75419} => not found
    "HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}" => removed successfully
    HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => not found
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
    "HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb45ef8e-1e36-4535-a017-ec908fb1e335}" => removed successfully
    "HKLM\Software\Wow6432Node\Classes\CLSID\{bb45ef8e-1e36-4535-a017-ec908fb1e335}" => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bb45ef8e-1e36-4535-a017-ec908fb1e335}" => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{bb45ef8e-1e36-4535-a017-ec908fb1e335} => not found
    "HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
    HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
    "HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BB45EF8E-1E36-4535-A017-EC908FB1E335}" => removed successfully
    HKLM\Software\Classes\CLSID\{BB45EF8E-1E36-4535-A017-EC908FB1E335} => not found
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
    "HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D2B678-76E3-4D22-B87E-0B1D3B22F60C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D2B678-76E3-4D22-B87E-0B1D3B22F60C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{139DB17A-1453-4FE1-80D5-793F88EB2302}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{139DB17A-1453-4FE1-80D5-793F88EB2302}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34ACCB81-F29E-4376-B55D-C223A9261302}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34ACCB81-F29E-4376-B55D-C223A9261302}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{440A8B0A-C5BF-4567-8095-887005726425}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{440A8B0A-C5BF-4567-8095-887005726425}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74AFB16E-BE2F-44B3-B025-AD7E15CC72D2}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74AFB16E-BE2F-44B3-B025-AD7E15CC72D2}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79BE8B40-0DC2-4DC4-8A28-BCC7FD63BF88}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1578578303-3324816548-2500361984-1001" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{887FAAB7-E9A4-478D-A9C0-27E1A5F010AB}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{887FAAB7-E9A4-478D-A9C0-27E1A5F010AB}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B172B57-C74E-4FF9-97C5-8612B5A0114B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B172B57-C74E-4FF9-97C5-8612B5A0114B}" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9568E742-0F6B-4FB8-B726-7CB4D302189D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9568E742-0F6B-4FB8-B726-7CB4D302189D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A69CADA-28D2-47B8-8E08-733780451129}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A69CADA-28D2-47B8-8E08-733780451129}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B95A1186-BA65-413B-807F-DA20DB8F451F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B95A1186-BA65-413B-807F-DA20DB8F451F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5022F41-6642-4F43-946D-934BD93D7265}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5022F41-6642-4F43-946D-934BD93D7265}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E332637D-F79E-409E-A4A0-8A3DAFC224CC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E332637D-F79E-409E-A4A0-8A3DAFC224CC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCC20C1E-58ED-4F59-A53E-D74C6FD876E7}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC20C1E-58ED-4F59-A53E-D74C6FD876E7}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 7888896 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 93138851 B
    Java, Flash, Steam htmlcache => 166582420 B
    Windows/system/drivers => 4059841 B
    Edge => 2854927 B
    Chrome => 23230311 B
    Firefox => 386032730 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 144656 B
    systemprofile32 => 0 B
    LocalService => 31980 B
    NetworkService => 17908 B
    coryh_000 => 50381768 B

    RecycleBin => 0 B
    EmptyTemp: => 700.3 MB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-04-2018 18:34:44)


    Result of scheduled keys to remove after reboot:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

    ==== End of Fixlog 18:34:44 ====




    # AdwCleaner 7.0.8.0 - Logfile created on Thu Apr 12 01:49:27 2018
    # Updated on 2018/08/02 by Malwarebytes
    # Running on Windows 10 Pro (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\SearchProtect
    Deleted: C:\Program Files (x86)\SearchProtect
    Deleted: C:\Users\coryh_000\AppData\Local\YSearchUtil
    Deleted: C:\Program Files (x86)\Yahoo!\yset
    Deleted: C:\ProgramData\Ask
    Deleted: C:\ProgramData\Application Data\Ask
    Deleted: C:\Users\All Users\Ask
    Deleted: C:\Program Files (x86)\Conduit
    Deleted: C:\Users\coryh_000\AppData\LocalLow\Conduit
    Deleted: C:\Users\coryh_000\AppData\Local\SwvUpdater


    ***** [ Files ] *****

    Deleted: C:\Windows\SysNative\reimage.rep
    Deleted: C:\Windows\Reimage.ini


    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SOFTWARE\SearchProtect
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\SearchProtect
    Deleted: [Key] - HKCU\Software\SearchProtect
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\azlyrics.com
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\izito.com
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\www.azlyrics.com
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Somoto Toolbar
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
    Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Deleted: [Value] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SearchProtect
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|SearchProtectAll
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\softonic.com
    Deleted: [Key] - HKLM\SOFTWARE\Conduit
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\Conduit
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\AppDataLow\Software\Conduit
    Deleted: [Key] - HKCU\Software\Conduit
    Deleted: [Key] - HKCU\Software\AppDataLow\Software\Conduit
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\AppDataLow\Software\ConduitSearchScopes
    Deleted: [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Reimage\Reimage Repair\uninst.exe
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\AppDataLow\Toolbar
    Deleted: [Key] - HKCU\Software\AppDataLow\Toolbar
    Deleted: [Key] - HKLM\SOFTWARE\PCAcceleratePro
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe
    Deleted: [Key] - HKLM\SOFTWARE\Somoto
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\AppDataLow\Software\Somoto
    Deleted: [Key] - HKCU\Software\AppDataLow\Software\Somoto
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\csastats
    Deleted: [Key] - HKCU\Software\csastats
    Deleted: [Key] - HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\Software\PRODUCTSETUP
    Deleted: [Key] - HKCU\Software\PRODUCTSETUP
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3101810
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3281023


    ***** [ Firefox (and derivatives) ] *****

    Plugin deleted: __MSG_newtab_chrome_extension_name__ -


    ***** [ Chromium (and derivatives) ] *****

    Plugin deleted: Search Manager -


    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [6554 B] - [2018/4/12 1:39:43]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########






    RogueKiller V12.12.12.0 (x64) [Apr 9 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.16299) 64 bits version
    Started in : Normal mode
    User : coryh_000 [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 04/11/2018 19:03:50 (Duration : 00:25:08)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUP.Gen2][Firefox:Addon] 1x671kps.default : Search and New Tab by Yahoo [jid1-16aeif9OQIRKxA@jetpack] -> Deleted
    [PUP.SearchManager][Chrome:Addon] Default : Search Manager [nahhmpbckpgdidfnmfkfgiflpjijilce] -> Deleted

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Intel Raid 0 Volume +++++
    --- User ---
    [MBR] 09d0c82a58ff721d833ed46120c2c1a2
    [BSP] 3aada95002cd69a35a15643d8f5f555d : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 243652 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499206144 | Size: 450 MB
    User = LL1 ... OK
    Error reading LL2 MBR! NOT VALID!

    +++++ PhysicalDrive1: ST9750420AS +++++
    --- User ---
    [MBR] f431e3fcf97bd561ee4662e0ac5c0066
    [BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    That took out a ton of junk....

    Are you scanning your computer regularly?

    ~~~

    Let's download/update and run a scan with Malwarebytes Anti-Malware

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here


    Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"


    • Under SETTINGS.....APPLICATIONS leave everything at default

    • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
      click the Settings tab,at the top choose Protection and tick Scan for rootkits.

    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

      If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
      Upon completion of the scan (or after the reboot), click the Reports tab.
      Double-click the Scan Log.
      At the bottom click Export and choose Text file.

      Save the file to your desktop and include its content in your next reply.

      You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here[/*]

    ~~~~~~~~~~~~~~~~`

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;



    Please post these 2 logs when finished with an update on how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Mar 2018
    Posts
    10

    Default

    I let McAfee run on a schedule, not sure how often it actually runs but will check when get home. I know it is at least weekly. I also used spybot but not as much. Every month or two. One of my questions when you feel we are done is to ask the best way to keep clean. Another question will be what did we find out as I am not making much of what we are doing. Will get you those results as soon as get home from work. Thanks again.

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by Coryherb View Post
    I let McAfee run on a schedule, not sure how often it actually runs but will check when get home. I know it is at least weekly. I also used spybot but not as much. Every month or two. One of my questions when you feel we are done is to ask the best way to keep clean. Another question will be what did we find out as I am not making much of what we are doing. Will get you those results as soon as get home from work. Thanks again.
    I was thinking that I was seeing a few infections that might be a little bit on the older side of things.
    When you check on McAfee, try if there is a way, that it is updating new definitions daily.

    When we finish up I can post several topics on prevention's.

    below is just a tidbit of info on some of what was found

    https://malwaretips.com/blogs/search...nduit-removal/
    Search Protect by Conduit is a potentially unwanted program that is designed to protect its bundled programs and make sure they remain installed or unchanged by other third party programs.

    Please post the other logs when done.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Mar 2018
    Posts
    10

    Default

    The EEK scan didn't find anything. I posted a log. Not sure it is the one you wanted but since the scan was clean I didn't have a quarantine log to post. Hope that is right. Hope that is also good! Sounds good anyway. Malware bytes on the other hand....

    I was looking at mcafee and don't see a time frame for when it does updates. I think it constantly checks and updates when available. But could be wrong on that. I am not overly happy with McAfee. It has gotten to be a pain to use and costly. And apparently not working on top of that.


    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 4/12/18
    Scan Time: 4:54 PM
    Log File: deaf0c72-3eac-11e8-9a44-8c89a50356fe.json
    Administrator: Yes

    -Software Information-
    Version: 3.4.5.2467
    Components Version: 1.0.342
    Update Package Version: 1.0.4716
    License: Trial

    -System Information-
    OS: Windows 10 (Build 16299.309)
    CPU: x64
    File System: NTFS
    User: CORY_LAPTOP\coryh_000

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 327581
    Threats Detected: 203
    Threats Quarantined: 203
    Time Elapsed: 3 min, 7 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 11
    PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [241], [440037],1.0.4716
    PUP.Optional.SearchManager, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, [241], [440037],1.0.4716
    PUP.Optional.Somoto, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{025A8DC5-0C70-4000-AF15-C87915647A08}, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{025A8DC5-0C70-4000-AF15-C87915647A08}, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{025A8DC5-0C70-4000-AF15-C87915647A08}, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{025A8DC5-0C70-4000-AF15-C87915647A08}\InprocServer32, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{025A8DC5-0C70-4000-AF15-C87915647A08}\InprocServer32, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.MediaPlayAir, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\UNDEFINED, Quarantined, [1110], [334354],1.0.4716
    PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19C618EE-E614-439E-8CFA-0054CE70C1CD}, Quarantined, [1513], [443512],1.0.4716
    PUP.Optional.Somoto, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BB45EF8E-1E36-4535-A017-EC908FB1E335}, Quarantined, [439], [168830],1.0.4716
    PUP.Optional.Somoto, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BB45EF8E-1E36-4535-A017-EC908FB1E335}, Quarantined, [439], [168830],1.0.4716

    Registry Value: 2
    PUP.Optional.MediaPlayAir, HKU\S-1-5-21-1578578303-3324816548-2500361984-1001\SOFTWARE\UNDEFINED|FLASHPLAYERPRO.EXE, Quarantined, [1110], [334354],1.0.4716
    PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19C618EE-E614-439E-8CFA-0054CE70C1CD}|APPPATH, Quarantined, [1513], [443512],1.0.4716

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 40
    PUP.Optional.Somoto, C:\PROGRAM FILES (X86)\SOMOTO, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarHiddenSettings, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarHiddenLogin, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarSettings, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\DynamicDialogs, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\AppsMetaData, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarLogin, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_en\ToolbarTranslation, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\images, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\Images, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppApprovalDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppPendingDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAddedAppDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_en, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\EngineFirstTimeDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DetectedAppDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UninstallDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\AddedAppDialog, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DefualtImages, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\SearchInNewTab, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\EmailNotifier, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\MyStuffApps, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\RadioPlayer, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Logs, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\USERS\CORYH_000\APPDATA\LOCALLOW\SOMOTO, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.PCAP, C:\PROGRAM FILES (X86)\INSTALLER_P.C.A.P, Quarantined, [3024], [383709],1.0.4716

    File: 150
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\GottenAppsContextMenu.xml, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\hk64tbSom0.dll, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\hktbSom0.dll, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\ldrtbSom0.dll, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\ldrtbSomo.dll, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\OtherAppsContextMenu.xml, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\prxtbSom0.dll, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\prxtbSomo.dll, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\SharedAppsContextMenu.xml, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\SomotoToolbarHelper.exe, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\SomotoToolbarHelper1.exe, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\tbSom0.dll, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\tbSomo.dll, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\toolbar.cfg, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\ToolbarContextMenu.xml, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Program Files (x86)\Somoto\uninstall.exe, Quarantined, [439], [179743],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_2e_33e_2ec9e65c-72a4-4035-8a0e-06a6f1e0533e_Appearance_634394279015031252_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_8d_ea8_8dbed27f-bcea-46a1-8d69-0ec496d98ea8_Appearance_634165981520378432_24x24_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_MarketPlace_e8_776_e849a370-e556-4804-972f-8dbb99574776_Appearance_634177314251337502_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_10_310_CT3101810_Images_634351280568125000_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_10_310_CT3101810_Images_634351285856868750_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_conduit_com_89_284_CT2845289_Images_634351287027650000_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\AddedAppDialog\app-added.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\AddedAppDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DefualtImages\icon.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DetectedAppDialog\app-2go.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DetectedAppDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\NewSearchProtectorDialog\SearchProtector.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\bubble.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorDialog\SearchProtector.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAddedAppDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppApprovalDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppPendingDialog\main.html, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\RoundedCornersIE9.css, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\DialogsAPI.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\excanvas.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\generalDialogStyle.css, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\PIE.htc, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\RoundedCorners.css, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\settings.js, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Dialogs\version.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3101810.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3101810.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3101810.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3101810.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\RadioPlayer\IP_Stations_Media_List.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\RadioPlayer\Predefined_Media_List.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\AppsMetaData\data.bck.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\AppsMetaData\data.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\DynamicDialogs\data.bck.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\DynamicDialogs\data.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarHiddenLogin\data.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarHiddenSettings\data.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarLogin\data.bck.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarLogin\data.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarSettings\data.bck.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_CT3101810\ToolbarSettings\data.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\Repository\conduit_CT3101810_en\ToolbarTranslation\data.txt, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\SearchInNewTab\SearchInNewTabContent.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\hk64tbSom0.dll, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\hktbSom0.dll, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ldrtbSom0.dll, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ldrtbSomo.dll, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\tbSom0.dll, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\tbSom1.dll, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\tbSomo.dll, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\ThirdPartyComponents.xml, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.Somoto, C:\Users\coryh_000\AppData\LocalLow\Somoto\toolbar.cfg, Quarantined, [439], [179747],1.0.4716
    PUP.Optional.PCAP, C:\Program Files (x86)\Installer_P.C.A.P\1.txt, Quarantined, [3024], [383709],1.0.4716
    PUP.Optional.PCAP, C:\Program Files (x86)\Installer_P.C.A.P\11.txt, Quarantined, [3024], [383709],1.0.4716

    Physical Sector: 0
    (No malicious items detected)


    (end)





    Emsisoft Emergency Kit 2018.3.1.8572 stable [en-us]
    OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition)

    Forensics log

    Date Component Action Details
    4/12/2018 5:14:35 PM Scanner Scan finished Scanned 81418 objects and found nothing.
    4/12/2018 5:13:47 PM User CORY_LAPTOP\coryh_000 Scan started Malware Scan
    4/12/2018 5:13:31 PM User CORY_LAPTOP\coryh_000 Setting modified "Detect PUPs" has been changed to "Enabled".
    4/12/2018 5:12:41 PM User Update Downloaded and installed 112 files (16513 kb) (23 sec.).
    4/12/2018 5:12:18 PM Core Notification "Recommended Reading:13 mistakes to avoid when choosing antivirus software in 2018".
    4/12/2018 5:12:12 PM User Update Failed with error "Server returned error" (0 sec.).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •