Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

IE randomly closes and reopens..

This is a discussion on IE randomly closes and reopens.. within the Resolved HJT Threads forums, part of the Tech Support Forum category. For some weeks now, IE randomly goes black and a message appears saying that it has stopped working and it


 
 
Thread Tools Search this Thread
Old 05-03-2017, 02:57 PM   #1
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



For some weeks now, IE randomly goes black and a message appears saying that it has stopped working and it checks to see if it can solve the problem. Lately, a strange message has appeared about an adobe problem with an email address which looks odd. I'm wondering if I have an infection.
Can someone help me check this out please?
lassie-cat is offline  
Sponsored Links
Advertisement
 
Old 05-07-2017, 12:57 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



https://www.techsupportforum.com/foru...lp-305963.html
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-08-2017, 02:31 PM   #3
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



Thank you for your reply :)

I installed DDS to my desktop, tried to run it and I got an error message saying that DDS is not meant to run in Compatibility Mode and the program will now exit
lassie-cat is offline  
Sponsored Links
Advertisement
 
Old 05-08-2017, 06:16 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-09-2017, 04:36 AM   #5
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



Here are the scans:

***** [ Files ] *****
[-] File deleted: C:\Users\Moira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PC App Store.lnk
[-] File deleted: C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****
[-] Task deleted: SweetLabs App Platform

***** [ Registry ] *****
[-] Key deleted: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\Classes\pokki
[#] Key deleted on reboot: HKCU\Software\Classes\pokki
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\pokki
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key deleted: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\SweetLabs App Platform
[-] Key deleted: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: [x64] HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\AZLyrics - Song Lyrics from A to Z
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\AZLyrics - Song Lyrics from A to Z
[-] Value deleted: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki

***** [ Web browsers ] *****

*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3995 Bytes] - [09/05/2017 12:18:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [3978 Bytes] - [09/05/2017 12:14:04]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4141 Bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Moira (administrator) on MAR (09-05-2017 12:27:57)
Running from C:\Users\Moira\Desktop
Loaded Profiles: Moira (Available Profiles: Moira)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\WerFault.exe
Failed to access process -> LogonUI.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek semiconductor) C:\windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Moira\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Spotify Ltd) C:\Users\Moira\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(HP Inc.) C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(HP Inc.) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Adobe Systems Incorporated) C:\windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Amazon Music] => C:\Users\Moira\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-07-09] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Spotify Web Helper] => C:\Users\Moira\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-19] (Spotify Ltd)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Spotify] => C:\Users\Moira\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-19] (Spotify Ltd)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [EPSON PX710W Series (Copy 1)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [HP ENVY 5640 series (NET)] => C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe [3770504 2016-11-04] (HP Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\RunOnce: [Application Restart #3] => C:\Users\Moira\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 583 more characters).
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-11-03]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2017-04-28]
ShortcutTarget: LUMIX Simple Viewer.lnk -> C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A9DE8BD5-9B88-4508-AE95-560D23A7CE19}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {F0DDF1F8-0CAD-4A90-9F15-41D22234A4EA} hxxps://lloydslink.online.lloydsbank.com/thinlink/cabfiles/tcalnk32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-02-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-28] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-18] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-14] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-18] (Nitro PDF Software)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 cfwids; C:\windows\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-09 12:27 - 2017-05-09 12:29 - 00021044 _____ C:\Users\Moira\Desktop\FRST.txt
2017-05-09 12:27 - 2017-05-09 12:27 - 02429440 _____ (Farbar) C:\Users\Moira\Desktop\FRST64.exe
2017-05-09 12:27 - 2017-05-09 12:27 - 00000000 ____D C:\FRST
2017-05-09 12:24 - 2017-05-09 12:24 - 00004256 _____ C:\Users\Moira\Desktop\AdwCleaner[C0].txt
2017-05-09 12:12 - 2017-05-09 12:12 - 04102600 _____ C:\Users\Moira\Desktop\adwcleaner_6.046.exe
2017-05-09 12:11 - 2017-05-09 12:18 - 00000000 ____D C:\AdwCleaner
2017-05-08 20:43 - 2017-05-08 20:43 - 00688992 _____ (Swearware) C:\Users\Moira\Desktop\dds.scr
2017-05-08 20:05 - 2017-05-09 12:09 - 00003860 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-05-08 12:45 - 2017-05-08 21:00 - 00004034 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-05-04 18:31 - 2017-05-04 18:31 - 01069118 _____ C:\Users\Moira\Desktop\Quote with logo.pdf
2017-05-03 22:05 - 2017-05-03 22:05 - 01068569 _____ C:\Users\Moira\Desktop\Quote.pdf
2017-05-02 20:00 - 2017-05-04 20:25 - 00013214 _____ C:\Users\Moira\Desktop\Marginal Costing.xlsx
2017-05-02 20:00 - 2017-05-02 20:00 - 00000165 ____H C:\Users\Moira\Desktop\~$Marginal Costing.xlsx
2017-05-01 18:44 - 2017-05-01 18:44 - 00001485 _____ C:\Users\Moira\Desktop\NESCOL DEFERRED CAPITAL GRANT CONTROL RECORD FROM JULY 2015 NEW - Shortcut.lnk
2017-04-28 14:29 - 2017-04-28 14:29 - 00000000 ____D C:\Users\Moira\AppData\Roaming\Panasonic
2017-04-28 14:23 - 2017-04-28 14:23 - 00002053 _____ C:\Users\Public\Desktop\LUMIX Simple Viewer.lnk
2017-04-28 14:22 - 2017-04-28 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2017-04-28 14:22 - 2017-04-28 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-09 12:27 - 2014-06-28 18:18 - 00003762 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E25012D7-3390-47E0-B0A1-D80A2DD8C2A5}
2017-05-09 12:27 - 2014-06-28 17:50 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1456974907-2201685202-3690727835-1002
2017-05-09 12:27 - 2013-10-07 19:27 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2017-05-09 12:27 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2017-05-09 12:26 - 2014-06-28 17:49 - 00000000 ___DO C:\Users\Moira\SkyDrive
2017-05-09 12:25 - 2016-03-21 18:48 - 00000000 ___RD C:\Users\Moira\iCloudDrive
2017-05-09 12:20 - 2015-11-13 19:03 - 00000260 _____ C:\windows\Tasks\Epson Printer Software Downloader.job
2017-05-09 12:20 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-05-09 12:20 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-05-09 12:19 - 2014-03-05 18:32 - 00023040 _____ C:\windows\system32\VfService.trf
2017-05-09 12:18 - 2014-06-28 17:41 - 00000000 ____D C:\Users\Moira\AppData\Local\SweetLabs App Platform
2017-05-09 12:09 - 2016-03-21 18:48 - 00000000 ____D C:\Users\Moira\AppData\Local\92202143-C807-4E07-B38A-BC6C26A6A17B.aplzod
2017-05-08 20:41 - 2014-06-29 20:46 - 00000000 ____D C:\Users\Moira\Documents\Outlook Files
2017-05-06 15:42 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-05-05 20:05 - 2014-12-23 23:30 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-05 12:36 - 2015-09-16 15:50 - 00003068 _____ C:\windows\System32\Tasks\McAfeeLogon
2017-05-05 12:36 - 2015-09-16 15:50 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2017-05-03 21:32 - 2014-08-24 22:44 - 00000000 ____D C:\Users\Moira\AppData\Local\CrashDumps
2017-05-03 12:20 - 2014-06-28 17:46 - 00000000 ____D C:\Users\Moira\Documents\Bluetooth Folder
2017-05-03 12:18 - 2015-08-23 21:18 - 01846272 ___SH C:\Users\Moira\Desktop\Thumbs.db
2017-05-03 12:16 - 2014-06-28 17:41 - 00000000 ____D C:\Users\Moira
2017-04-28 14:22 - 2014-03-05 17:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-20 20:54 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2017-04-18 12:16 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2017-04-14 11:03 - 2015-05-02 20:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2014-03-05 17:47 - 2014-03-05 17:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2016-02-07 00:27 - 2016-02-07 00:27 - 63074352 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct1515.tmp.exe
2015-01-22 20:56 - 2015-01-22 20:56 - 87183720 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct2F9C.tmp.exe
2014-12-22 15:12 - 2014-12-22 15:12 - 0004890 _____ () C:\Users\Moira\AppData\Local\Temp\oct322E.tmp.exe
2015-11-02 21:33 - 2015-11-02 21:33 - 64809432 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct342C.tmp.exe
2015-08-30 15:50 - 2015-09-01 22:38 - 134405904 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct38EB.tmp.exe
2015-06-19 21:51 - 2015-06-19 21:51 - 67289280 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct45A4.tmp.exe
2015-02-22 21:13 - 2015-02-22 21:13 - 61862720 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct56E9.tmp.exe
2014-12-27 22:27 - 2014-12-27 22:28 - 95168336 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct647B.tmp.exe
2014-12-25 21:30 - 2014-12-25 21:30 - 0004890 _____ () C:\Users\Moira\AppData\Local\Temp\oct658D.tmp.exe
2016-03-16 20:24 - 2016-03-16 20:24 - 63142648 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct6797.tmp.exe
2016-09-22 20:47 - 2016-09-22 20:48 - 64108904 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct6BDB.tmp.exe
2016-07-31 22:01 - 2016-07-31 22:01 - 63953128 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct6E15.tmp.exe
2015-04-26 20:44 - 2015-04-26 20:44 - 107667040 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct7FBA.tmp.exe
2015-09-06 10:35 - 2015-09-06 10:36 - 67202952 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct868A.tmp.exe
2015-03-23 22:12 - 2015-03-23 22:12 - 109032712 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct965F.tmp.exe
2014-12-25 13:10 - 2014-12-25 13:10 - 0004890 _____ () C:\Users\Moira\AppData\Local\Temp\oct9E2A.tmp.exe
2015-10-24 15:42 - 2015-10-24 15:42 - 67197784 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\oct9F47.tmp.exe
2016-02-10 00:47 - 2016-02-11 17:24 - 126156944 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octB65A.tmp.exe
2014-12-23 23:34 - 2014-12-23 23:34 - 0004890 _____ () C:\Users\Moira\AppData\Local\Temp\octBA9F.tmp.exe
2014-06-28 17:48 - 2014-06-28 17:49 - 47538520 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octC3AA.tmp.exe
2016-11-20 12:59 - 2016-11-20 12:59 - 64111920 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octC8C.tmp.exe
2015-07-28 20:51 - 2015-07-28 20:51 - 67096576 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octD45F.tmp.exe
2014-12-22 00:03 - 2014-12-22 00:03 - 0004890 _____ () C:\Users\Moira\AppData\Local\Temp\octD626.tmp.exe
2016-04-14 20:58 - 2016-04-14 20:58 - 63707840 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octD8F9.tmp.exe
2016-02-12 08:49 - 2016-02-12 08:50 - 63078456 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octDA32.tmp.exe
2014-12-26 21:47 - 2014-12-26 21:47 - 0004890 _____ () C:\Users\Moira\AppData\Local\Temp\octE28D.tmp.exe
2016-03-10 22:54 - 2016-03-14 20:34 - 189430328 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octF275.tmp.exe
2016-02-15 20:55 - 2016-02-15 20:55 - 63078856 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octF2A9.tmp.exe
2016-07-25 18:37 - 2016-07-25 18:38 - 63953600 _____ (SweetLabs,Inc.) C:\Users\Moira\AppData\Local\Temp\octFB0A.tmp.exe
2014-06-28 19:46 - 2006-10-28 07:30 - 0145184 ____R (Microsoft Corporation) C:\Users\Moira\AppData\Local\Temp\ose00000.exe
2014-06-29 19:48 - 2011-03-14 13:31 - 0149352 ____R (Microsoft Corporation) C:\Users\Moira\AppData\Local\Temp\ose00001.exe
2014-10-31 23:22 - 2014-10-31 23:22 - 26916968 _____ (Skype Technologies S.A.) C:\Users\Moira\AppData\Local\Temp\SkypeSetup.exe
2014-10-31 21:50 - 2014-10-10 22:37 - 6553144 _____ (Spotify Ltd) C:\Users\Moira\AppData\Local\Temp\SpotifyUninstall.exe
2017-04-28 14:21 - 2006-05-25 03:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Moira\AppData\Local\Temp\_is3E4E.exe
2015-11-13 18:57 - 2006-05-25 12:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Moira\AppData\Local\Temp\_is408A.exe
2015-11-13 18:59 - 2008-05-28 12:00 - 0460248 ____R (Macrovision Corporation) C:\Users\Moira\AppData\Local\Temp\_is6790.exe
2015-11-13 19:01 - 2007-08-31 21:12 - 0460248 ____R (Macrovision Corporation) C:\Users\Moira\AppData\Local\Temp\_isC28.exe
2015-11-13 18:57 - 2007-06-22 10:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Moira\AppData\Local\Temp\_isD3C6.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-02 20:15
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Moira (09-05-2017 12:30:26)
Running from C:\Users\Moira\Desktop
Windows 8.1 (Update) (X64) (2014-06-28 16:43:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1456974907-2201685202-3690727835-500 - Administrator - Disabled)
Guest (S-1-5-21-1456974907-2201685202-3690727835-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1456974907-2201685202-3690727835-1004 - Limited - Enabled)
Moira (S-1-5-21-1456974907-2201685202-3690727835-1002 - Administrator - Enabled) => C:\Users\Moira
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{4FA5FECF-B537-2B14-1CA8-F6C9A5053281}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
bNet - Banff and Buchan College Extranet (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\d1a34ed3906cf569) (Version: 1.0.0.458 - Banff and Buchan College)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BT Virus Protect (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DolbyGUI (HKLM\...\DolbyGUI) (Version: - Conexant Systems)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )
Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON PX710W Series Printer Uninstall (HKLM\...\EPSON PX710W Series) (Version: - SEIKO EPSON Corporation)
EPSON PX730 Series Printer Uninstall (HKLM\...\EPSON PX730 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual (HKLM-x32\...\Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW User’s Guide) (Version: - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1b - SEIKO EPSON CORPORATION)
Excel Password Recovery Master 4.1 (HKLM-x32\...\Excel Password Recovery Master_is1) (Version: - )
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5640 series Basic Device Software (HKLM\...\{98A3D3A0-FBED-47DC-B75C-3BC72E7372BF}) (Version: 40.5.1092.16309 - HP Inc.)
HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LUMIX Simple Viewer (HKLM-x32\...\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}) (Version: 0.99.0000 - Panasonic)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.137 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Product Improvement Study for HP ENVY 5640 series (HKLM\...\{D1B02AD2-5DC7-479E-9D94-54D116434E68}) (Version: 40.5.1092.16309 - HP Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
UserGuide (x32 Version: 1.0.0.17 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {040F92AE-CC6F-48E9-9C55-7B1BDEFF0252} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {0569D44A-3FED-4ABC-8CA8-627E164B1AF8} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {2897DC6D-7984-43A3-890B-12B6A001C687} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {3678DCAD-36D3-4D59-8553-F40B7FCB2606} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-02-26] (McAfee, Inc.)
Task: {3AD89786-2614-42B1-916B-7D86F4D7B47F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {504D9248-C0E4-4598-AFE9-A3FE1DD1F6FE} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-03-07] (McAfee, Inc.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {722F3F33-EA9C-416B-B13C-28D36698E392} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {78B850AD-18AC-458D-B8EA-BA3C31463242} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {79E6C5DA-3549-4F2C-A653-F61B4EE8B0F5} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {8D36464D-AD3B-4FA0-998E-112127D3C38D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9102E61A-447F-436B-B7C3-BB5D8F989964} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-03-07] (McAfee, Inc.)
Task: {9329110C-8C3B-4849-B2C9-35DF35D909FD} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {B01E5B52-A627-4F48-8182-F5DFB4C45D2B} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2016-11-04] (HP Inc.)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {B82DAB28-E023-432F-907A-0C2F26D4936D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {C74A2790-EFF7-47C3-B275-52F8B6EF126E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => %ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D08CB55D-96DF-4D84-A27F-61CEA9CF3564} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe
Task: {DB9C8BBD-CD10-4715-8BEE-BDA4D13FE972} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {E34146E1-F57C-49F2-BD53-C23CFEB334D0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-04-02] (Microsoft Corporation)
Task: {E84DBC2A-5CD0-45B8-8DE0-45CDE329A240} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {FB56A106-3042-4A41-B126-AD56EC20AD46} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2015-05-08] (Maxthon International ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-10-14 14:52 - 2013-10-14 14:52 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-05 18:19 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-05 18:32 - 2014-03-05 18:32 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-03-05 18:32 - 2014-03-05 18:32 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-04 22:45 - 2015-07-04 22:45 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-25 12:04 - 2013-09-25 12:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 12:01 - 2013-09-25 12:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 12:08 - 2013-09-25 12:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-11-23 00:10 - 2014-11-19 01:55 - 06277952 _____ () C:\Users\Moira\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-11-17 02:29 - 2016-11-17 02:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-11-13 19:01 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2015-11-13 19:01 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Moira\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "Spotify"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9CD6BAC9-5E1E-460B-B19A-CA4CFF33702B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{EC8765D4-ACE4-431C-9852-6E559B935DE6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{EDA51181-D86A-4F10-BA14-A726DC599084}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{15EE89AF-2C6B-42EF-8CF1-76578C7F961F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{4CF24614-9500-4DE3-B9BE-4532CD38B572}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BE2DFF30-101B-4E70-A198-BD019717425B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BFAD8286-DC36-4929-9791-C2715B8CFD25}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{4568EABD-98B7-4FE2-ACF9-77E647592867}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{065085B3-1A95-49E9-8458-5A1BD328D8F5}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A661473B-47E5-4623-8D8F-C5394592FF69}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{57D33773-E48A-4ED4-9343-56AFCB154F29}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{230B4B75-684E-4FCC-B743-0B66D78F94B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BC27C51-50E4-406D-A0F3-E0FE1F70F980}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0EC27087-7BE9-4A88-9ECB-17A96DFB7978}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1A0BB9C5-FB0B-4CC5-8896-BD9B1C9FB4FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8215A7C1-0A5E-411E-AFBB-3A83A5B48CB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4B5BBB51-05DC-4190-AE98-371092C13688}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{964F42EC-0121-4A1A-98A2-F0C28D2E8733}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6B88EFFF-BFD8-47F5-9BC6-664EC9D54A2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{727A2CD8-A349-4E4A-9306-0A30F58FADCA}] => (Allow) C:\Users\Moira\AppData\Local\Temp\7zS51BA\HP.EasyStart.exe
FirewallRules: [{44418135-EFB9-4940-8B9D-60B07DC14221}] => (Allow) C:\Users\Moira\AppData\Local\Temp\7zS5458\HP.EasyStart.exe
FirewallRules: [{9C326443-B932-45F9-9A31-F09F30A9C5B0}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\DeviceSetup.exe
FirewallRules: [{F62811E5-9709-4CF6-84F0-0888F927F0A6}] => (Allow) LPort=5357
FirewallRules: [{92081EF0-DDF1-41B7-8ED9-6AE60DECEBE7}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{2645EC64-3C1C-44BB-8ACA-5A1BBA79F56B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
02-04-2017 19:44:02 McAfee Vulnerability Scanner
28-04-2017 14:21:37 Installed LUMIX Simple Viewer
28-04-2017 14:22:40 Installed EPSON EasyPrintModule
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2017 12:21:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.3.9600.17415, time stamp: 0x5450541b
Faulting module name: VfCredProv.dll_unloaded, version: 0.0.0.0, time stamp: 0x519ca83b
Exception code: 0xc0000005
Fault offset: 0x0000000000003206
Faulting process id: 0x14c
Faulting application start time: 0x01d2c8b64f38a36c
Faulting application path: C:\windows\system32\LogonUI.exe
Faulting module path: VfCredProv.dll
Report Id: b40028b6-34a9-11e7-82b0-28e3478c9d9e
Faulting package full name:
Faulting package-relative application ID:
Error: (05/08/2017 12:44:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 5760
Start Time: 01d2c74d4aa2b85e
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: b05b4550-33e3-11e7-82af-201a06a8559b
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/08/2017 12:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69645125
Error: (05/08/2017 12:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69645125
Error: (05/08/2017 12:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/05/2017 05:05:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1484
Error: (05/05/2017 05:05:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1484
Error: (05/05/2017 05:05:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/05/2017 12:37:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1531
Error: (05/05/2017 12:37:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1531

System errors:
=============
Error: (05/09/2017 12:19:33 PM) (Source: DCOM) (EventID: 10010) (User: MAR)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (05/09/2017 12:19:30 PM) (Source: DCOM) (EventID: 10010) (User: MAR)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
Error: (05/09/2017 12:19:29 PM) (Source: DCOM) (EventID: 10010) (User: MAR)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
Error: (05/09/2017 12:19:27 PM) (Source: DCOM) (EventID: 10010) (User: MAR)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
Error: (05/09/2017 12:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/09/2017 12:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/09/2017 12:14:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).
Error: (05/09/2017 12:14:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/09/2017 12:14:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (05/09/2017 12:14:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2014-08-03 22:21:48.048
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 7375.26 MB
Available physical RAM: 4974.01 MB
Total Virtual: 8527.26 MB
Available Virtual: 6098.86 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:892.1 GB) (Free:732.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C575724C)
Partition: GPT.
==================== End of Addition.txt ============================
lassie-cat is offline  
Old 05-09-2017, 07:57 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lassie-cat. I'm not seeing anything malicious here. You may need to seek help in one of our other forums when we are done here.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
    Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
    Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
    Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
    AlternateDataStreams: C:\windows:nlsPreferences [386]
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-10-2017, 08:23 AM   #7
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



Hi, it won't let me copy the contents of the box. Nothing happens when I right click on it, sorry.
lassie-cat is offline  
Old 05-11-2017, 08:45 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Sorry you are having trouble. Download the attached fixlist.txt and save it to your desktop, then follow the rest of the instructions. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-11-2017, 10:51 AM   #9
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



I must be doing something wrong - I've downloaded your file to my desktop and the file is along side the FRST app on my desktop. I've also tried to copy it into the folders within FRST but nothing happens when I click FIX - it says it cannot be found.
lassie-cat is offline  
Old 05-11-2017, 11:33 AM   #10
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



Also, the strange message re adobe is as follows:

"Allow d1s72spon8oqz4.cloudfront.net to store information on your computer " and there is a choice of clicking on allow or deny - I always choose deny.

I am wondering if this is what has been causing the problem
lassie-cat is offline  
Old 05-13-2017, 08:32 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



No, that isn't causing the problem.

Did you delete your fixlist.txt file before downloading mine?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-14-2017, 12:20 PM   #12
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



No, it wouldn't let me get that far as the contents of your box couldn't be copied and pasted into notepad.
lassie-cat is offline  
Old 05-15-2017, 07:04 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lassie-cat.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    fix*.*
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-16-2017, 07:17 AM   #14
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



Hi chemist,

Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:24 on 16/05/2017 by Moira
Administrator - Elevation successful
========== filefind ==========
Searching for "fix*.*"
C:\FRST\Hives\fixlist..txt --a---- 1096 bytes [17:17 11/05/2017] [17:17 11/05/2017] F49AB7A46EE42CCF56B0EEC3606F5972
C:\Users\Moira\AppData\Local\Microsoft\Windows\INetCache\IE\C2672TN7\fix_red_eye_reasonably_small[1].jpg --a---- 45626 bytes [22:14 25/06/2015] [22:14 25/06/2015] CE66809F3AFC878A35C0BBD09297E3C1
C:\Users\Moira\AppData\Roaming\Microsoft\Templates\Fixed asset record with depreciation.xls --a---- 34304 bytes [22:11 16/09/2014] [08:35 13/10/2006] 467628381590C52E76B1229EBA7BBD9D
C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Recent\fixit.lnk --a---- 548 bytes [19:15 14/05/2017] [19:18 14/05/2017] 322C06D6DA6736F5C78AFDF65C689FFF
C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Recent\fixlist..lnk --a---- 567 bytes [17:17 11/05/2017] [17:17 11/05/2017] 81DD04170B0C40CB3F252A4339072B88
C:\Users\Moira\Desktop\fixit.txt --a---- 1096 bytes [17:13 11/05/2017] [17:13 11/05/2017] F49AB7A46EE42CCF56B0EEC3606F5972
C:\windows\System32\fixmapi.exe --a---- 21504 bytes [15:18 02/01/2016] [02:31 29/10/2014] 39FB51FE7E5DD8F16F4C75237EDC57EA
C:\windows\System32\en-US\fixmapi.exe.mui --a---- 2048 bytes [19:09 22/08/2013] [19:09 22/08/2013] 16A19B51DA2EB15EEB99FB2FFFBF04EA
C:\windows\SysWOW64\fixmapi.exe --a---- 16384 bytes [15:18 02/01/2016] [01:49 29/10/2014] A57606D6112D59DFF3F43B7DDC1B2776
C:\windows\SysWOW64\en-US\fixmapi.exe.mui --a---- 2048 bytes [19:09 22/08/2013] [19:09 22/08/2013] 16A19B51DA2EB15EEB99FB2FFFBF04EA
C:\windows\WinSxS\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_6.3.9600.16384_en-us_1b39803cbe2f30b2\fixmapi.exe.mui --a---- 2048 bytes [19:09 22/08/2013] [19:09 22/08/2013] 16A19B51DA2EB15EEB99FB2FFFBF04EA
C:\windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.3.9600.16384_none_9c0ba159edb6b599\fixmapi.exe --a---- 20480 bytes [11:19 22/08/2013] [11:19 22/08/2013] 9AE6848520FA55674CD108168FD7067C
C:\windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.3.9600.17415_none_9c583c35ed7d2221\fixmapi.exe --a---- 21504 bytes [15:18 02/01/2016] [02:31 29/10/2014] 39FB51FE7E5DD8F16F4C75237EDC57EA
C:\windows\WinSxS\x86_microsoft-windows-mapi.resources_31bf3856ad364e35_6.3.9600.16384_en-us_bf1ae4b905d1bf7c\fixmapi.exe.mui --a---- 2048 bytes [19:09 22/08/2013] [19:09 22/08/2013] 16A19B51DA2EB15EEB99FB2FFFBF04EA
C:\windows\WinSxS\x86_microsoft-windows-mapi_31bf3856ad364e35_6.3.9600.16384_none_3fed05d635594463\fixmapi.exe --a---- 16384 bytes [03:53 22/08/2013] [03:53 22/08/2013] BD9FA463609CFDA9B104CE92366900B4
C:\windows\WinSxS\x86_microsoft-windows-mapi_31bf3856ad364e35_6.3.9600.17415_none_4039a0b2351fb0eb\fixmapi.exe --a---- 16384 bytes [15:18 02/01/2016] [01:49 29/10/2014] A57606D6112D59DFF3F43B7DDC1B2776
-= EOF =-
lassie-cat is offline  
Old 05-17-2017, 07:56 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



There is no fixlist.txt file on your desktop.

It appears you named it fixit.txt and/or fixlist..txt

Please follow the instructions to the letter, and period.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-18-2017, 07:40 AM   #16
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



Hi chemist

Sorry I did not get the file name correct - however I have renamed it and here is the log you now require:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Moira (18-05-2017 12:21:36) Run:1
Running from C:\Users\Moira\Desktop
Loaded Profiles: Moira (Available Profiles: Moira)
Boot Mode: Normal
==============================================
fixlist content:
*****************
createrestorepoint:
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
AlternateDataStreams: C:\windows:nlsPreferences [386]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
EmptyTemp:
*****************
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask => key removed successfully
C:\windows => ":nlsPreferences" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} => key removed successfully
HKCR\CLSID\{436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} => key not found.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53294515 B
Java, Flash, Steam htmlcache => 53388 B
Windows/system/drivers => 494553534 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 645348 B
systemprofile32 => 128 B
LocalService => 885019 B
NetworkService => 12216 B
Moira => 13157125239 B
RecycleBin => 12695990 B
EmptyTemp: => 12.8 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 12:34:35 ====
lassie-cat is offline  
Old 05-18-2017, 07:43 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lassie-cat. How is the machine behaving?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-20-2017, 02:52 AM   #18
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



Hi again chemist,

My laptop is not throwing up the same not responding message and going black like it did previously - but there is still an adobe message appearing from time to time about looking to download onto my files - the same message as I posted in an earlier post.

In between the scans from the previous time and this time - something has happened as when I look at the history browsing tab, and select a day, it doesn't expand. Also, when I try to log onto another website, the username and password are correct but when I click on the login button, it throws back to the username box and wont login. When I go to another pc, it lets me log in no problem.

Anyway, here is the Malwarebytes scan:

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 20/05/2017
Scan Time: 09:34
Logfile: Malware bytes scan.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2017.05.20.03
Rootkit Database: v2017.04.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Moira
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283841
Time Elapsed: 31 min, 7 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

There were no infections found from the ESET scanner and it didn't throw up a log.
lassie-cat is offline  
Old 05-20-2017, 12:50 PM   #19
Registered Member
 
Join Date: May 2017
Posts: 32
OS: Windows 10



The adobe - cloudnet warning message seems to have disappeared altogether so that is good. And also the other issue I reported with regard to not being able to log onto some sites has resolved itself. And I think the history is not expanding because the browsing history was wiped with the scans, etc.
lassie-cat is offline  
Old 05-20-2017, 08:59 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let me know how it behaves over the next day or two and I will give you some final instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] IE 8 closes and reopens tabs and then fails
running xp pro, recently removed sp3 and reinstalled due to other issues. I tried all the online advice about disabling add ons, emptying history, uninstalling Google toolbar, etc. Nothing works. Error message attached. I have old PC Compaq Evo 510 sff and not very talented in this area.
TLP Internet Explorer & Edge Forum 4 11-11-2011 03:54 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:32 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts