User Tag List

Big Time HELP

This is a discussion on Big Time HELP within the Resolved HJT Threads forums, part of the Tech Support Forum category. All of a sudden, after a scan I did NOT ask for up comes the following: Win32/Hoax.Renos.HX TrojanIRC/Backdor.SdBot4.FRV Adware.Win32.Look2me.ab Trojan.Qoologic-Key


 
 
Thread Tools Search this Thread
Old 03-21-2018, 01:06 PM   #1
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



All of a sudden, after a scan I did NOT ask for up comes the following:
Win32/Hoax.Renos.HX
TrojanIRC/Backdor.SdBot4.FRV
Adware.Win32.Look2me.ab
Trojan.Qoologic-Key Logger
Trojan.Fakealert.356
I don't know what to do. I've been scammed 3 times to the tune of $667.00++ and now, aside from the above "click.adservinganalytics.com" keeps popping up all the time EVERYWHERE. What to do?? HELP! Bob Walters
Bob Walters is offline  
Sponsored Links
Advertisement
 
Old 03-21-2018, 01:08 PM   #2
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



Folks,
This gets worse & worse. I have McAfee LiveSafe through Dell exp. 12-4-18 & McAfee Total Protection through McAfee exp. 7-31-18.
Now the new problems: I went to check McAfee & somehow these "scammers" disconnected McAfee & when I tried to re-install he software the virus "click.adservinganalytics.com" keeps popping up & it prevents the downloading!! I've been scammed 3 times. Two of the scammers said they were from Microsoft. NO ONE fixed the problems. I'm so scared I don't trust anyone at this moment. These people all had Indian accents & were from England. I was VERY, VERY stupid of me to get mixed up with this stuff, I'm "kinda" computer savvy but NOT that proficient!!!
Even as I'm typing this message "click.adservinganalytics" keeps popping up INTERRUPTING my typing. I hit the "X" tab & keep on going. I'm really lost. ANY help, please!
Bob Walters is offline  
Old 03-22-2018, 03:51 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

If necessary, download the tools to a USB drive on another computer, then transfer them to your desktop.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 03-22-2018, 09:16 AM   #4
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 22 16:03:07 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-22.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.SavingsCool, ntcache
PUP.Optional.Livanletdi, Livanletdi


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Bob Walters\AppData\Roaming\skp
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Application Data\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Users\All Users\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Users\Bob Walters\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.Livanletdi, C:\ProgramData\Livanletdi
PUP.Optional.Livanletdi, C:\ProgramData\Application Data\Livanletdi
PUP.Optional.Livanletdi, C:\Users\All Users\Livanletdi


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\SysNative\wsusnative64.exe


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.WinZipMalwareProtector, WinZip Malware Protector_startup
PUP.Adware.Heuristic, WinZip Malware Protector_startup


***** [ Registry ] *****

PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SOFTWARE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKCU\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Adware.SavingsCool.PrxySvrRST, [Key] - HKLM\SOFTWARE\SavingsCool
Adware.SavingsCool.PrxySvrRST, [Key] - HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\Software\SavingsCool
Adware.SavingsCool.PrxySvrRST, [Key] - HKCU\Software\SavingsCool


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.
Bob Walters is offline  
Old 03-22-2018, 09:18 AM   #5
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



Folks,
Apologies again. I'm computer savvy, but NOT proficient. I hope this is correct!!! AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 22 16:03:07 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-22.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.SavingsCool, ntcache
PUP.Optional.Livanletdi, Livanletdi


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Bob Walters\AppData\Roaming\skp
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Application Data\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Users\All Users\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Users\Bob Walters\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.Livanletdi, C:\ProgramData\Livanletdi
PUP.Optional.Livanletdi, C:\ProgramData\Application Data\Livanletdi
PUP.Optional.Livanletdi, C:\Users\All Users\Livanletdi


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\SysNative\wsusnative64.exe


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.WinZipMalwareProtector, WinZip Malware Protector_startup
PUP.Adware.Heuristic, WinZip Malware Protector_startup


***** [ Registry ] *****

PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SOFTWARE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKCU\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Adware.SavingsCool.PrxySvrRST, [Key] - HKLM\SOFTWARE\SavingsCool
Adware.SavingsCool.PrxySvrRST, [Key] - HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\Software\SavingsCool
Adware.SavingsCool.PrxySvrRST, [Key] - HKCU\Software\SavingsCool


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.
Bob Walters is offline  
Old 03-22-2018, 09:20 AM   #6
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



This is the "additional" scan.....I hope!
AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 22 16:03:07 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-22.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.SavingsCool, ntcache
PUP.Optional.Livanletdi, Livanletdi


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Bob Walters\AppData\Roaming\skp
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Application Data\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Users\All Users\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.WinZipMalwareProtector, C:\Users\Bob Walters\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector
PUP.Optional.Livanletdi, C:\ProgramData\Livanletdi
PUP.Optional.Livanletdi, C:\ProgramData\Application Data\Livanletdi
PUP.Optional.Livanletdi, C:\Users\All Users\Livanletdi


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\SysNative\wsusnative64.exe


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.WinZipMalwareProtector, WinZip Malware Protector_startup
PUP.Adware.Heuristic, WinZip Malware Protector_startup


***** [ Registry ] *****

PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SOFTWARE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKCU\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.WinZipMalwareProtector, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Adware.SavingsCool.PrxySvrRST, [Key] - HKLM\SOFTWARE\SavingsCool
Adware.SavingsCool.PrxySvrRST, [Key] - HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\Software\SavingsCool
Adware.SavingsCool.PrxySvrRST, [Key] - HKCU\Software\SavingsCool


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.
Bob Walters is offline  
Old 03-22-2018, 07:43 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



First, you didn't choose Clean after the AdwCleaner Scan.

Second, you didn't even run the second tool, FRST64.exe, as per those last instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-23-2018, 08:17 AM   #8
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



Sorry!
1. Did "clean"
2. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Bob Walters (23-03-2018 11:11:44)
Running from C:\Users\Bob Walters\Desktop
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-25 22:29:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2369289917-3612434052-3330877901-500 - Administrator - Disabled) => C:\Users\Administrator
Bob Walters (S-1-5-21-2369289917-3612434052-3330877901-1001 - Administrator - Enabled) => C:\Users\Bob Walters
DefaultAccount (S-1-5-21-2369289917-3612434052-3330877901-503 - Limited - Disabled)
Guest (S-1-5-21-2369289917-3612434052-3330877901-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2369289917-3612434052-3330877901-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{00EC0123-5EC2-4D75-830C-EF11667E74E8}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CalMAN Client 3 (HKLM-x32\...\{B3159FB9-053F-42D3-B04F-EA86E6E8DC77}) (Version: 3.0.2.89 - SpectraCal, Inc)
CalMAN Drivers (HKLM-x32\...\{8B00CB72-E6C1-4D2E-A9E3-D3B6A905B49B}) (Version: 2.4.1.0 - SpectraCal LLC)
CalMAN for Business (HKLM-x32\...\{0ebe1023-39a9-4cb9-a62e-3d15cbae72a7}) (Version: 5.9.0.39 - Portrait Displays, Inc)
CalMAN for Business (HKLM-x32\...\{9E077EA3-2830-432D-B7F9-8DDD24484BDC}) (Version: 5.9.0.39 - Portrait Displays, Inc) Hidden
CalMAN Studio (HKLM-x32\...\{BF647C54-17B5-454A-9B9A-BE4C8CFB908B}) (Version: 5.2.3.1416 - SpectraCal, Inc)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.4.0 - Canon Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\DpmLite_Iris_2014_is1) (Version: 1.0.4 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
Dell System Detect (HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\...\d24084d039586cae) (Version: 8.11.0.3 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
DriverUpdate (HKLM\...\{61EB75E3-DF6F-40C9-9F06-0AE20B9594F7}) (Version: 5.2.2 - Slimware Utilities Holdings, Inc.) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{9AB7E852-655C-4BDE-9042-1D3E6807C85A}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{E695D74A-9567-46DA-A4EE-0E191F21194B}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{fb1ff7db-c0d2-43c4-99bf-5b2fa4f9ca0b}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{7C8FDEF1-F311-459C-B3CC-EEF73C721BFD}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.23.0.8557 (HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\...\GoToMeeting) (Version: 8.23.0.8557 - LogMeIn, Inc.)
Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient)
i1Diagnostics (HKLM-x32\...\i1Diagnostics 4_is1) (Version: - X-Rite)
i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.7.1.2596 - X-Rite)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.12.1059 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{3a25ad94-b7bc-4da7-8249-0a5443d59ec2}) (Version: 20.20.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.2.0.335 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.308 - Logitech)
MyHarmony (HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.18.526.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8248 - Realtek Semiconductor Corp.)
System Keeper (HKLM-x32\...\{1AE5D9FC-B286-4C02-B5DA-B14E26EFC9A6}_is1) (Version: 12.3.0.41 - Monterix Software LLC)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Driver Package - Intel Corporation (iaStorA) HDC (04/21/2016 14.8.9.1053) (HKLM\...\CD9B4AE79021660F0D350F3B47AF8FEB680EC9D0) (Version: 04/21/2016 14.8.9.1053 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaStorA) SCSIAdapter (04/21/2016 14.8.9.1053) (HKLM\...\6973B84EB0AFD7F3DF921DBA71F34B6AFAFB5ED7) (Version: 04/21/2016 14.8.9.1053 - Intel Corporation)
Windows Driver Package - RemoteControl (RemoteControlUSBLAN) Net (06/02/2016 02.04.10.001) (HKLM\...\A14D4158722037A4DD816446D7339B41F11276D9) (Version: 06/02/2016 02.04.10.001 - RemoteControl)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
X-Rite Device Services Manager (HKLM-x32\...\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}) (Version: 2.4.1 - X-Rite)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2369289917-3612434052-3330877901-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Bob Walters\AppData\Local\GoToMeeting\8473\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-07] (Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CD91352-93DF-4CE3-8A68-9FFAAC5ADAC7} - System32\Tasks\G2MUploadTask-S-1-5-21-2369289917-3612434052-3330877901-1001 => C:\Users\Bob Walters\AppData\Local\GoToMeeting\8557\g2mupload.exe [2018-03-22] (LogMeIn, Inc.)
Task: {1391FAB8-BA97-4FEF-A731-67C3E3F50C24} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {14AC3064-B4B9-42A8-BF18-0FA9A2F1669B} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {15D4ADB5-E5F7-4A69-A891-4B0D7593FC92} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {173C5EC9-8F15-4C68-8779-D3F657B50134} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {1EE7B05A-1061-4874-89A9-3EED2252C524} - System32\Tasks\skpVersionUpdate => C:\Program Files (x86)\Monterix\System Keeper\SystemKeeperM.exe [2018-03-05] (Monterix Software LLC)
Task: {29CDC41E-D2C8-4D40-9D55-5DC44FB3BD19} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {2F8E720C-674A-4FCF-980C-2EDE9474C258} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-01] (Google Inc.)
Task: {315ADD13-1B2F-4309-B593-A42A17C84E4E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {3196C4B0-29F5-4E5E-9095-F532518033D1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {360C0290-53B6-46E5-BC13-8A2AA1BF7ED0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.)
Task: {3FB5C235-FF0E-46C1-917D-5EEAB130C2C9} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2015-09-18] (X-Rite Inc.)
Task: {4889B651-6F30-4C33-9AB7-873E3C2F989D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {4A9B5632-337B-45F1-BB27-249C37355810} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {4CD4D3A4-5E93-488A-A52E-2143030DCE0B} - System32\Tasks\G2MUpdateTask-S-1-5-21-2369289917-3612434052-3330877901-1001 => C:\Users\Bob Walters\AppData\Local\GoToMeeting\8557\g2mupdate.exe [2018-03-22] (LogMeIn, Inc.)
Task: {51D49D0A-35C2-42A6-94AC-5908F9DE1D7C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {5BCBB44A-E92B-43EC-BC35-76219696CEAC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-17] (Microsoft Corporation)
Task: {60A53178-AE3D-40CE-9FCD-FDA9A5E79407} - System32\Tasks\Opera scheduled Autoupdate 1517162097 => C:\Users\Bob Walters\AppData\Local\Programs\Opera\launcher.exe
Task: {61323F36-4064-41C6-8DE6-8A74711DB91D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-01] (Google Inc.)
Task: {6C908079-F6ED-45CA-9990-4279798F4650} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {7A27F953-F5D3-440B-B595-22024EAD8482} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-01] (McAfee, Inc.)
Task: {7F13880F-57AE-49CE-B3B6-40A97FA2ABCD} - System32\Tasks\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA} => C:\Users\BOBWAL~1\AppData\Local\Temp\is-KFTHT.tmp\XRD Manager.exe <==== ATTENTION
Task: {7F2A466E-6724-4B79-85FB-A9967E1687DB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {94FD4592-E918-4998-80B5-865B8854F82E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM)
Task: {9CC4E166-9AB6-48AA-B631-BC4A0E4EAC8C} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A31DFC9A-3258-4EA1-989A-0496A4FDD504} - System32\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4} => C:\Users\BOBWAL~1\AppData\Local\Temp\is-ATG2J.tmp\XRD Manager.exe <==== ATTENTION
Task: {A47BEB0B-230C-4876-873C-202DE3400A58} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {A5C87DD3-72E1-4186-8358-CCAA6BE57A0B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {A6DE790A-C9EA-459C-8CEB-4DB00CC25E51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {B09A24F9-2966-4766-97D1-BA5984EBB224} - System32\Tasks\McAfee Cleanup => C:\Users\BOBWAL~1\AppData\Local\Temp\MCPR\mccleanup.exe <==== ATTENTION
Task: {B900FAE5-0BB2-499E-81CF-1EBA5710CC18} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {BEB054C9-DCB0-4612-BB41-D0C809C7FE76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {C9382B36-62CB-4853-A4DD-D0EEAD31F4F1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.)
Task: {CB2C4224-AE67-4C7A-B86C-189B14409DB0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-02-08] ()
Task: {DAB32A3D-DEA5-4C06-AB24-794EC02FE7F1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {DEDEF486-0D90-40E9-917C-A9C273DE0515} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {E2068FEC-C1C9-4C34-886E-BB0B212CF58F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {E2A11D3C-9323-4231-8F1B-C8DDAD965BF2} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {E2A6E2E2-5644-469D-99A4-8B280E756F03} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {EC9E4005-5FEE-4A8B-8C28-5446F20A84B7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {ED8524E7-F9F6-4DC7-8C96-B7D690ECC045} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {F11B2E9E-D864-4BD0-9A87-F90721B2E243} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {F9DF5F5A-0D46-4EBB-8812-767AAE4221E4} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {FFB5FEDF-BBAC-4643-B2E7-92A11F2C78AE} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2369289917-3612434052-3330877901-1001.job => C:\Users\Bob Walters\AppData\Local\GoToMeeting\8557\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2369289917-3612434052-3330877901-1001.job => C:\Users\Bob Walters\AppData\Local\GoToMeeting\8557\g2mupload.exe
Task: C:\WINDOWS\Tasks\McAfee Cleanup.job => C:\Users\BOBWAL~1\AppData\Local\Temp\MCPR\mccleanup.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP LC80SS8
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t C:\Program Files\TechUtilities\TechUtilities.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
Task: C:\WINDOWS\Tasks\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}.job => C:\Users\BOBWAL~1\AppData\Local\Temp\is-ATG2J.tmp\XRD Manager.exeȠ/exenoupdates /exelang 0 /noprereqs /qr AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE C:\ AI_PREREQFILES=C:\Users\BOBWAL~1\AppData\Local\Temp\{1AF468C2-19D6-44EE-88F4-724F8619FFB4}\drivers64.msi AI_PREREQDIRS=C:\Users\BOBWAL~1\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\BOBWAL~1\AppData\Local\Temp\is-ATG2J.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\BOBWAL~1\AppData\Local\Temp\is-ATG2J.tmp <==== ATTENTION
Task: C:\WINDOWS\Tasks\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}.job => C:\Users\BOBWAL~1\AppData\Local\Temp\is-KFTHT.tmp\XRD Manager.exeɊ/exenoupdates /noprereqs /qr AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE C:\ AI_PREREQFILES=C:\Users\BOBWAL~1\AppData\Local\Temp\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}\drivers64.msi AI_PREREQDIRS=C:\Users\BOBWAL~1\AppData\Local\Temp OLDPRODUCTS={1AF468C2-19D6-44EE-88F4-724F8619FFB4} AI_SETUPEXEPATH=C:\Users\BOBWAL~1\AppData\Local\Temp\is-KFTHT.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\BOBWAL~1\AppData\Local\Temp\is-KFTHT.tmp <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Bob Walters\Desktop\SPECTRACAL WEBSITE.lnk -> hxxp://www.spectracal.com

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-12 11:21 - 2017-07-10 13:12 - 000389696 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2018-01-26 13:37 - 2018-01-26 13:37 - 000730408 ____N () C:\ProgramData\Livanletdi\Livanletdi.exe
2018-01-28 11:47 - 2018-01-28 11:47 - 000808960 _____ () C:\ProgramData\Microsoft\Windows\NetworkCacheMan\ntcache.exe
2016-11-07 16:47 - 2016-11-07 16:47 - 000401920 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-09-29 09:42 - 2017-09-29 10:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 09:42 - 2017-09-29 10:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000030208 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2018-02-08 14:32 - 2018-02-08 14:32 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2015-07-13 11:33 - 2015-07-13 11:33 - 001592832 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2013-06-21 15:03 - 2013-06-21 15:03 - 002633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2016-04-25 16:15 - 2014-12-08 03:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 18:28 - 2014-12-08 18:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2017-09-19 10:35 - 2017-09-19 10:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 19:26 - 2015-06-23 19:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-11-21 14:50 - 2017-11-21 14:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2018-03-06 16:01 - 000000884 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "XRGamma.lnk"
HKLM\...\StartupApproved\StartupFolder: => "i1Profiler Tray.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "DpmLiteEvent"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "CalMAN Client 3"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2369289917-3612434052-3330877901-1001\...\StartupApproved\Run: => "DriverUpdate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{431FD695-8F5C-400F-916C-4CDAFC2742C7}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{5447124C-AA13-4BF6-9190-03F1BCE024B1}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{B688B73E-2D04-4595-9C54-7486F29AD86C}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{23BC192E-DF93-406C-A6B2-8980ADB98C5E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2937591A-C5CB-4700-A40A-62D21D104EDA}] => (Allow) LPort=3528
FirewallRules: [{2D0C8D8F-F45A-4241-8EC8-599D8783A28A}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{35DE7D01-382A-4F62-9D8A-2511F5DF1485}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{733BF015-1A60-486F-8B17-1DE938160D1E}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
FirewallRules: [{7B84529D-CB6E-4E8C-8955-79D57C455CA6}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{2F872222-F1F7-4056-8AD7-E9A04044BB9E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{B4E36098-4655-4E8B-9146-9544B598353A}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{CFB44155-32DB-4A90-B8B3-81B3E822DBC9}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{C9A3DA86-26E3-4909-A1EE-C6F9BC3BBD19}] => (Allow) LPort=5454
FirewallRules: [{7536B991-82B6-4728-86D2-38327F36AABD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{109EBABF-B85F-49A7-B0F4-2A6C56B5C950}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56E361A6-93A2-48EF-88D1-63EEE2B1F54C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEE38654-0599-45E9-9D85-54D162CA6342}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{152AFD23-5C67-4DAB-A8AA-2D9E100846E4}] => (Allow) LPort=5454
FirewallRules: [{B1EADE97-ADFA-4A75-955B-A86A3EDD9CB0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{47587692-0837-4C2E-9A54-6A963E959AED}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2CA709C9-BEB6-4417-B40C-52CA2D45F5B0}] => (Allow) C:\Users\Bob Walters\AppData\Local\Programs\Opera\48.0.2685.50\opera.exe
FirewallRules: [{79F2CF66-9A02-4CDA-97A8-0B74864B4627}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E1371A9B-9888-4846-9C09-E0175BC4DE1A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D3C1DDA9-E873-40DB-8582-D406FF1EF148}] => (Allow) LPort=3529
FirewallRules: [{B7350D0A-E7AB-4B5A-8E11-F9FF0ED70F56}] => (Allow) LPort=3530
FirewallRules: [{CD763374-9A01-4596-B585-3DCE64DC1ED1}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{C80B51EF-73BC-4591-896B-BBD215BA41B0}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe

==================== Restore Points =========================

18-03-2018 13:52:51 Windows Modules Installer
18-03-2018 17:04:41 Windows Modules Installer
18-03-2018 19:19:35 Windows Modules Installer
19-03-2018 11:24:39 Windows Modules Installer
19-03-2018 11:42:26 Windows Modules Installer
19-03-2018 1302 Windows Modules Installer
19-03-2018 13:25:53 Windows Modules Installer
19-03-2018 13:47:27 Windows Modules Installer
19-03-2018 1408 Windows Modules Installer
19-03-2018 14:25:59 Windows Modules Installer
19-03-2018 14:45:57 Windows Modules Installer
19-03-2018 17:31:28 Windows Modules Installer
19-03-2018 17:51:29 Windows Modules Installer
19-03-2018 20:00:16 Windows Modules Installer
19-03-2018 20:19:36 Windows Modules Installer
20-03-2018 08:57:51 Windows Modules Installer
20-03-2018 09:17:45 Windows Modules Installer
20-03-2018 10:14:57 Windows Modules Installer
20-03-2018 10:20:21 Windows Modules Installer
20-03-2018 10:40:29 Windows Modules Installer
20-03-2018 11:00:23 Windows Modules Installer
20-03-2018 11:20:11 Windows Modules Installer
20-03-2018 11:58:57 Windows Modules Installer
20-03-2018 12:18:47 Windows Modules Installer
20-03-2018 12:38:56 Windows Modules Installer
20-03-2018 12:59:09 Windows Modules Installer
20-03-2018 13:18:41 Windows Modules Installer
20-03-2018 13:38:41 Windows Modules Installer
20-03-2018 13:58:48 Windows Modules Installer
20-03-2018 14:18:50 Windows Modules Installer
20-03-2018 16:48:55 Windows Modules Installer
20-03-2018 1755 Windows Modules Installer
21-03-2018 10:15:05 Windows Modules Installer
21-03-2018 10:24:56 Windows Modules Installer
21-03-2018 10:45:20 Windows Modules Installer
21-03-2018 11:05:07 Windows Modules Installer
21-03-2018 11:37:58 Windows Modules Installer
21-03-2018 11:57:39 Windows Modules Installer
21-03-2018 12:17:36 Windows Modules Installer
21-03-2018 12:37:22 Windows Modules Installer
21-03-2018 14:12:17 Windows Modules Installer
21-03-2018 14:31:52 Windows Modules Installer
21-03-2018 14:51:50 Windows Modules Installer
21-03-2018 15:11:52 Windows Modules Installer
21-03-2018 15:55:51 Windows Modules Installer
21-03-2018 16:02:47 Windows Modules Installer
21-03-2018 16:22:51 Windows Modules Installer
21-03-2018 16:42:56 Windows Modules Installer
22-03-2018 11:40:27 Windows Modules Installer
22-03-2018 12:00:11 Windows Modules Installer
22-03-2018 12:20:13 Windows Modules Installer
22-03-2018 1815 Windows Modules Installer
22-03-2018 18:26:02 Windows Modules Installer
22-03-2018 18:45:59 Windows Modules Installer
22-03-2018 19:05:57 Windows Modules Installer
22-03-2018 19:26:09 Windows Modules Installer
23-03-2018 10:36:37 Windows Modules Installer
23-03-2018 11:10:39 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2018 10:50:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemKeeperM.exe, version: 12.3.0.41, time stamp: 0x5a99ff0e
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0x0eedfade
Fault offset: 0x001008b2
Faulting process id: 0x2bd0
Faulting application start time: 0x01d3c2b6384b37c6
Faulting application path: C:\Program Files (x86)\Monterix\System Keeper\SystemKeeperM.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d101e096-1838-4df1-8b04-afc686fec897
Faulting package full name:
Faulting package-relative application ID:

Error: (03/23/2018 10:49:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: modulecoreservice.exe, version: 2.4.127.0, time stamp: 0x5a81fe8a
Faulting module name: mfevtpa.dll, version: 15.8.0.342, time stamp: 0x5a6b91fc
Exception code: 0xc0000005
Fault offset: 0x00000000000096c9
Faulting process id: 0x1020
Faulting application start time: 0x01d3c2b621d55d43
Faulting application path: c:\program files\common files\mcafee\modulecore\modulecoreservice.exe
Faulting module path: C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll
Report Id: 9c1096c3-d454-40f5-9f37-3464e563c234
Faulting package full name:
Faulting package-relative application ID:

Error: (03/23/2018 10:43:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ntcache.exe, version: 1.0.0.0, time stamp: 0x5a6df078
Faulting module name: ntcache.exe, version: 1.0.0.0, time stamp: 0x5a6df078
Exception code: 0xc0000005
Fault offset: 0x000043cc
Faulting process id: 0x1ff0
Faulting application start time: 0x01d3c2b3057b1420
Faulting application path: C:\ProgramData\Microsoft\Windows\NetworkCacheMan\ntcache.exe
Faulting module path: C:\ProgramData\Microsoft\Windows\NetworkCacheMan\ntcache.exe
Report Id: 147e7513-924e-472a-bb7b-b430c9e7bd8b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/23/2018 10:26:23 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (03/23/2018 10:26:19 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (03/23/2018 10:26:18 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (03/23/2018 10:26:16 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (03/23/2018 10:26:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: DESKTOP-LC80SS8)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

DETAIL - The system cannot find the file specified.


System errors:
=============
Error: (03/23/2018 11:04:51 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mccspsvc with arguments "Unavailable" in order to run the server:
{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}

Error: (03/23/2018 11:04:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/23/2018 11:04:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect.

Error: (03/23/2018 11:04:51 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mccspsvc with arguments "Unavailable" in order to run the server:
{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}

Error: (03/23/2018 11:04:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/23/2018 11:04:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect.

Error: (03/23/2018 11:04:51 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mccspsvc with arguments "Unavailable" in order to run the server:
{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}

Error: (03/23/2018 11:04:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2018-03-21 15:56:21.954
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?lin...9&enterprise=0
Name: Trojan:Win32/Ditertag.B
ID: 2147722999
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Bob Walters\AppData\Local\Microsoft\Windows\INetCache\Low\IE\812BOFHA\TollFree1-877-221-8313[1].htm
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.900.0, AS: 1.263.900.0, NIS: 118.8.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-21 10:14:03.599
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {98A8E41C-E0BD-4A63-9D53-3EC32075EAD3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-20 10:34:56.872
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D0B22BA6-FD7B-4373-B670-3CC702D9F525}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-17 18:41:44.423
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {76C57310-CC4A-4A63-8ED4-4F865EC0C54A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-17 17:56:31.825
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A518B9F5-C93C-4D51-893B-D1FC984E912E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-12 03:03:33.952
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.433.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2018-03-12 03:03:33.937
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.433.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2018-03-06 1557.489
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-06 1557.489
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-06 1557.489
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-02-09 11:03:01.421
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-09 11:03:01.420
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-09 09:55:08.181
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-09 09:55:08.178
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-09 09:52:50.524
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-09 09:52:50.523
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-09 09:52:50.390
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-09 09:52:50.388
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 66%
Total physical RAM: 4005.99 MB
Available physical RAM: 1339.28 MB
Total Virtual: 6181.99 MB
Available Virtual: 2547.4 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.34 GB) (Free:346.23 GB) NTFS

\\?\Volume{adf6f752-91bf-4a23-93df-968dda17d063}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
\\?\Volume{5ef2b03c-2f11-42eb-bf97-d70c003fc2e2}\ () (Fixed) (Total:0.79 GB) (Free:0.34 GB) NTFS
\\?\Volume{83714a22-c765-4a39-9239-b77f03dce4b0}\ (Image) (Fixed) (Total:13.01 GB) (Free:0.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C934D75C)

Partition: GPT.

==================== End of Addition.txt ============================
Bob Walters is offline  
Old 03-24-2018, 08:50 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



First, you didn't post the log from running Clean in AdwCleaner. It's located at C:\AdwCleaner\AdwCleaner[C#].txt

Second, you didn't post the first FRST64 log, FRST.txt. It's located on your desktop.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-25-2018, 07:33 AM   #10
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



NO HELP HERE!
Bob Walters is offline  
Old 03-25-2018, 06:42 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
Originally Posted by Bob Walters View Post
NO HELP HERE!
And how would I be able to help you if I can't see your logs?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-26-2018, 05:11 AM   #12
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



Chemist,
I apologize. I did what you said but I guess it didn't show. I actually had the icons on my desktop. I'm wondering if all these viruses have prevented me from "sending". I'll try sending to my wife & see. Then I'll try the 2 downloads again. Thanks for your patience. Bob Walters
Bob Walters is offline  
Old 03-26-2018, 05:15 AM   #13
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



Hey chemist,
NOW I'm REALLY confused. If I scroll up, I can see my logs?????!!!!
Bob Walters is offline  
Old 03-27-2018, 02:56 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hi Bob. No need to apologize. We will get this straight, don't worry.

The logs you posted, except for one, aren't the ones I need to see in order to proceed.

I will give you instructions shortly on how to retrieve the logs I need to see.

------------------------------------------------------

First, AdwCleaner makes 2 different logs, Scan logs and Clean logs. They're located in this folder: C:\AdwCleaner

All the AdwCleaner logs you posted are Scan logs, which shows the entries AdwCleaner found.

I need to see the Clean log, which shows the entries AdwCleaner deleted.

AdwCleaner Scan logs are named AdwCleaner[S#].txt, where # is the number of the logs as they are created.

For example, AdwCleaner[S0].txt, AdwCleaner[S1].txt, AdwCleaner[S2].txt, etc.

Same for the Clean logs, AdwCleaner[C0].txt, AdwCleaner[C1].txt, AdwCleaner[C2].txt, etc.

I need to see the AdwCleaner[C0].txt log. Follow the instructions shown below to get to that log.

------------------------------------------------------

FRST also produces 2 different logs, FRST.txt and Addition.txt.

You posted the second FRST log, Addition.txt. I need to see the first FRST log, FRST.txt.

It's located on your desktop, but follow the instructions below. If you have trouble, stop and let me know.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following bolded, single-line command into the Run box and click OK:

C:\AdwCleaner\AdwCleaner[C0].txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following bolded, single-line command into the Run box and click OK:

%userprofile%\desktop\FRST.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-30-2018, 02:57 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, Bob? Any trouble with those last instructions?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-30-2018, 07:04 AM   #16
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



Chemist,
Sorry, I'm WAY behind with EVERYTHING. Easter week with 8 grandkids is "beyond my expectations"!!!!!! ASAP, I promise.
Bob Walters is offline  
Old 04-08-2018, 07:20 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, Bob?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-08-2018, 10:57 PM   #18
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



Chemist,
This "click.adservinganalytics.com" virus won't even let me do the downloads you asked me for?
Bob Walters is offline  
Old 04-09-2018, 03:40 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



What do you mean by 'downloads'? The tools are already on your machine, as well as the logs.

Are you able to follow the instructions below?

Press the Windows "logo" key and "R" key then copy/paste the following bolded, single-line command into the Run box and click OK:

C:\AdwCleaner\AdwCleaner[C0].txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following bolded, single-line command into the Run box and click OK:

%userprofile%\desktop\FRST.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-09-2018, 07:29 AM   #20
Registered Member
 
Join Date: Mar 2018
Posts: 25
OS:



Chemist,
I think I have to start all over again. When I follow your instructions, all that comes up is a blank page with "notepad" on the top left????
Bob Walters is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Persistent BSOD Issue Since Installing Windows 10
Hi guys, Not long ago I purchased a MSI GS60 notebook (the version with the i7-4710HQ and 970M graphics card, in case that's relevant to this issue). It came preinstalled with Windows 8, and prior to updating to Windows 10 I had zero issues with blue screens. However, just over a month ago I...
Semb BSOD, App Crashes And Hangs 2 09-15-2015 03:59 AM
Blue Screens on Boot
Hey guys... I've been trying unsuccessfully to solve some BSODs that have been showing up on a 32 bit Windows Vista Home Premium Dell Inspiron 1545 here. It can boot up in safe mode, but in normal mode it gets to the desktop briefly and then immediately blue screens and restarts. I used...
niko381 BSOD, App Crashes And Hangs 11 06-17-2015 08:08 PM
BSOD help Windows 7 64 bit
Over the last months I have had different BSOD's. I have little time have not been really been able to post information, but today I have some time finally (plus getting tired of it). Could you help me out identifying what the driver, hardware, problem is? Thanks so much in advance! ...
HardTrance9 BSOD, App Crashes And Hangs 24 02-18-2014 06:01 PM
BSOD in Windows 7 driver powerstate failure [moved from Vista/7]
I read the instructions for posting to try and solve my problem with BSOD. This occurs randomly, sometimes when we are working on the computer other times when it is just on with no one using the machine. Information requested: OS - Windows 7 64 bit Windows 7 was oringinal OS installed OS -...
keeperdad BSOD, App Crashes And Hangs 2 02-05-2011 04:57 PM
Blue Screen [moved from Vista/7]
I don't know much about the pain in the bum Blue Screen but i have it. I was told to get the info from the Blue screen when it came up. Here it is - 0x00000077 (0xc000009d, 0xc000009d, 0x00000000, 0x289f4000) I just don't know where i got go from here lol. Can anyone help? Please :P
Death Keeper 34 BSOD, App Crashes And Hangs 4 02-02-2011 07:44 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:46 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts