Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan infection

trojan

  • Please log in to reply

#1
BuddysBoy

BuddysBoy

    Member

  • Member
  • PipPip
  • 23 posts

Computer running slow, Super anti spyware detects a Trojan but is unable to remove it past a restart.

SAS shows the location as      C:\FRST\QUARATINE\USERS\ROBERTJ\APPDATA\ROAMING\WIATRACEA.\DLL.XBAD

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Robert J (16-02-2017 17:54:59)
Running from C:\Users\Robert J\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-18 21:38:48)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3151614201-2924931681-1904267671-500 - Administrator - Disabled)
Guest (S-1-5-21-3151614201-2924931681-1904267671-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3151614201-2924931681-1904267671-1002 - Limited - Enabled)
Kids (S-1-5-21-3151614201-2924931681-1904267671-1003 - Limited - Enabled) => C:\Users\Kids
Robert J (S-1-5-21-3151614201-2924931681-1904267671-1001 - Administrator - Enabled) => C:\Users\Robert J

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

100% Free Hearts 7.42 (HKLM-x32\...\FreeHearts) (Version: 7.42 - DreamQuest)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.70 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell Photo AIO Printer 966 (HKLM\...\Dell Photo AIO Printer 966) (Version:  - Dell, Inc.)
Dell System Detect - 1  (HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\73f463568823ebbe) (Version: 6.7.0.2 - Dell)
Dell System Detect (HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Digital Voice Editor 3 (HKLM-x32\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fotosizer 1.37 (HKLM-x32\...\Fotosizer) (Version: 1.37 - Fotosizer.com)
Free Image Cropper (HKLM-x32\...\Free Image Cropper_is1) (Version: 1.0 - Free Picture Solutions)
FreeRIP MP3 Converter 4.7.0 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.7.0 - GreenTree Applications SRL)
FreeRIP Toolbar v7.6 (HKLM-x32\...\{99C603E5-4E63-476E-B296-6BADE0C691DF}) (Version: 7.6 - Spigot, Inc.) <==== ATTENTION
Google Books Downloader version 2.1 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.1 - GBOOKSDOWNLOADER.COM)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{AD2313B9-714F-496E-AD7F-20532E833EB2}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{C60E2D8F-0FC0-497D-A149-90F3B361937C}) (Version: 12.3.6.9 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
ImageMixer 3 SE Ver.4.5 Transfer Utility (HKLM-x32\...\{4028A420-8CB5-4F9C-B698-6EBA5491256D}) (Version: 4.05.010 - PIXELA)
ImageMixer 3 SE Ver.4.5 Video Tools (HKLM-x32\...\{28C7E8E5-F0E4-4CF3-A823-AD49BFF4DE9A}) (Version: 4.05.010 - PIXELA)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jasc Paint Shop Pro Studio, Dell Editon (HKLM-x32\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.00.0000 - Jasc Software Inc)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer Utility Ver.1.5 (HKLM-x32\...\{87E6A443-536D-4047-AAC9-40947FC3333A}) (Version: 1.05.005 - PIXELA)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version:  - David Harris)
Pegasus Mail HTML Renderer 2.4.7.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Photo! Editor 1.1 (HKLM-x32\...\PhotoToolkit_is1) (Version:  - )
Power Commander Control Center 3.2.0 (Test Build 1) (HKLM-x32\...\Power Commander 3 Usb_is1) (Version:  - Dynojet Research, Inc.)
Product Improvement Study for HP OfficeJet 4650 series (HKLM\...\{75534DD0-9FB9-410A-AD7B-0E4470F0558D}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1008 - SUPERAntiSpyware.com)
Twin Scan II (HKLM-x32\...\{BAF53935-6238-4E29-A1F7-F0DACD25E971}) (Version: 6.0.2 - Daytona Sensors LLC)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2CB833BB-C18E-4212-BE0E-53EC4EF9FAA5} - System32\Tasks\HPCustParticipation HP OfficeJet 4650 series => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {4874A89D-B054-4839-8D5A-8ADB09DD685A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {62EE0473-897E-4166-AD2F-277FE26C70EC} - System32\Tasks\HPCustPartic.exe_{03E5BC28-9ABE-458C-8D31-372B190B1096} => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {84149A2B-27B1-4F48-8856-5F5296545F78} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {86A74D7C-C6DB-4125-ABB4-ECC8AD7123AF} - System32\Tasks\{069BCBE8-5353-436D-9834-DAD05CC237C7} => C:\Program Files (x86)\Free Picture Solutions\Free Image Cropper\FreeImageCropper.exe [2014-05-06] ()
Task: {A0C4CFF5-AB82-4799-8947-46574ED82FF3} - System32\Tasks\HP AR Program Upload - f60a4a77124d470a96c7c0625de59c66c378f7ae7c4e454db2b8f4e860cd1ee8 => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {AED8EF24-F414-4234-94F2-311DE8880FD2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {BC74ADD3-D2A0-425E-B566-71001CD0AF2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {BDB94B47-BCBC-4EF5-A045-D7EAAE4B4CE3} - \{998DFF79-AAC2-4AC1-B61F-6435C9FDE04F} -> No File <==== ATTENTION
Task: {BEF51C3B-CF7F-4024-949D-0AFF38A329FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-11-30 21:21 - 2006-10-20 01:39 - 00146432 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlcqdrpp.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-30 21:20 - 2007-06-29 11:47 - 00292080 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
2012-11-30 21:20 - 2007-06-29 11:48 - 00304368 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
2012-07-24 06:47 - 2011-10-21 08:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-14 15:23 - 2012-04-21 14:11 - 00077064 ____N () C:\Program Files (x86)\WordWeb\wweb32.exe
2012-09-20 22:31 - 2006-10-20 21:40 - 00126464 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcqPRPR.DLL
2012-09-20 22:31 - 2006-09-06 06:12 - 00064512 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcqCFG.DLL
2012-11-30 21:20 - 2006-08-08 15:54 - 00278528 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqscw.dll
2012-11-30 21:20 - 2006-09-06 06:12 - 00077824 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqcfg.dll
2012-11-30 21:20 - 2006-06-09 02:39 - 00143360 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqdrec.dll
2012-09-20 20:45 - 2008-08-29 14:15 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\pxl_m17n_tool.dll
2012-10-14 15:23 - 2012-07-15 11:25 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll
2012-11-30 21:20 - 2006-08-14 17:32 - 00065536 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqcaps.dll
2013-08-07 13:27 - 2013-08-07 13:27 - 00110088 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-02-06 06:43 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

05-01-2017 21:20:44 Scheduled Checkpoint
11-01-2017 14:11:29 Windows Update
23-01-2017 14:07:41 Scheduled Checkpoint
30-01-2017 17:49:05 Scheduled Checkpoint
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2017 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9890

Error: (02/13/2017 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9890

Error: (02/13/2017 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2017 10:05:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21621021

Error: (02/13/2017 10:05:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21621021

Error: (02/13/2017 10:05:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2017 10:05:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21618509

Error: (02/13/2017 10:05:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21618509

Error: (02/13/2017 10:05:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2017 10:05:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21616045

System errors:
=============
Error: (02/16/2017 05:16:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (02/16/2017 05:16:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

Error: (02/16/2017 12:07:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {2F4C0E0C-80AD-4105-9A0F-4BA90BB64296} did not register with DCOM within the required timeout.

Error: (02/16/2017 12:07:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register with DCOM within the required timeout.

Error: (02/13/2017 03:45:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

Error: (02/13/2017 03:45:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (02/07/2017 06:13:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

Error: (02/07/2017 06:13:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (02/06/2017 07:41:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (02/06/2017 07:41:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

CodeIntegrity:
===================================
  Date: 2012-11-28 15:55:02.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-11-28 15:55:02.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-11-28 15:55:02.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 85%
Total physical RAM: 4004.27 MB
Available physical RAM: 581.89 MB
Total Virtual: 8006.73 MB
Available Virtual: 4211.25 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:457.76 GB) (Free:208.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4446C407)
Partition 1: (Active) - (Size=8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=457.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Robert J (administrator) on ROBERTJ-PC (16-02-2017 17:54:16)
Running from C:\Users\Robert J\Desktop
Loaded Profiles: Robert J (Available Profiles: Robert J & Kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dlcqcoms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\WordWeb\wweb32.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_194_ActiveX.exe
(The Church of Jesus Christ of Latter-day Saints) C:\Program Files (x86)\FamilySearch\Paf5\paf5.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [dlcqmon.exe] => C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [617120 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-03-31] (Atheros Commnucations)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [641504 2015-08-21] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-20] (SUPERAntiSpyware)
HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\...\MountPoints2: {431f04f3-7e4b-11e3-8426-24b6fd03e25c} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.5.lnk [2014-12-12]
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.4.5.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-02-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7DD27698-BE71-490B-A703-B736A93C8E31}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3151614201-2924931681-1904267671-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM-x32 -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKU\S-1-5-21-3151614201-2924931681-1904267671-1001 -> DefaultScope {FF4CBD11-E65F-4646-8EBA-331F3BDE6E3A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140520&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3151614201-2924931681-1904267671-1001 -> {FF4CBD11-E65F-4646-8EBA-331F3BDE6E3A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140520&p={SearchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-12-12] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-23] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-03-31] (Atheros Commnucations)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-12-12] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-23] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3151614201-2924931681-1904267671-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-12-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-12-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: (WordWeb one-click lookup) - C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-10-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2012-10-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
S2 0312211486439545mcinstcleanup; C:\Windows\TEMP\031221~1.EXE [883024 2017-02-06] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [135168 2011-02-16] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [77984 2011-03-31] (Atheros Commnucations) [File not signed]
R2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [566152 2006-12-12] ( )
R2 dlcq_device; C:\Windows\SysWOW64\dlcqcoms.exe [537480 2006-12-12] ( )
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2016-12-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (RaMMicHaeL)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2010-12-16] (Broadcom Corporation)
S3 BXOIS; C:\Windows\system32\drivers\bxois.sys [533544 2010-12-10] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [349968 2011-03-18] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [70928 2011-03-18] (Intel® Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd260x64.sys [41168 2009-11-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 BTATH_HCRP; \SystemRoot\system32\drivers\btath_hcrp.sys [X]
S3 BTATH_RCP; \SystemRoot\system32\drivers\btath_rcp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 17:52 - 2017-02-16 17:54 - 00027611 _____ C:\Users\Robert J\Desktop\Addition.txt
2017-02-16 17:47 - 2017-02-16 17:54 - 00033408 _____ C:\Users\Robert J\Desktop\FRST.txt
2017-02-16 17:38 - 2017-02-16 17:38 - 02422272 _____ (Farbar) C:\Users\Robert J\Desktop\FRST64.exe
2017-02-06 20:29 - 2017-02-06 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-02 22:44 - 2017-02-05 23:15 - 00000000 ____D C:\Users\Robert J\2017-02-02
2017-02-01 22:56 - 2017-02-01 22:56 - 00365162 _____ C:\Users\Robert J\Documents\RJ Bise.zip
2017-01-29 21:02 - 2017-01-29 21:02 - 04206030 _____ C:\Users\Robert J\Desktop\Field trip to ACT Theater in SF 4.bmp
2017-01-29 21:00 - 2017-01-29 21:00 - 04087094 _____ C:\Users\Robert J\Desktop\Field trip to ACT Theater in SF 3.bmp
2017-01-29 20:57 - 2017-01-29 20:57 - 03848382 _____ C:\Users\Robert J\Desktop\Field trip to ACT Theater in SF 2.bmp
2017-01-29 20:54 - 2017-01-29 20:54 - 04111238 _____ C:\Users\Robert J\Desktop\Field trip to ACT Theater in SF 1 1touchup.bmp
2017-01-29 20:49 - 2017-01-29 20:49 - 00003046 _____ C:\Windows\System32\Tasks\{069BCBE8-5353-436D-9834-DAD05CC237C7}
2017-01-29 20:46 - 2017-01-29 20:46 - 00000185 _____ C:\Users\Robert J\AppData\Roaming\FPC.xml
2017-01-22 19:41 - 2017-01-22 19:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-01-22 19:41 - 2017-01-22 19:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 17:54 - 2014-11-25 21:15 - 00000000 ____D C:\FRST
2017-02-16 17:35 - 2009-07-13 20:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-16 17:35 - 2009-07-13 20:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-16 17:09 - 2012-10-11 20:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-06 19:51 - 2012-09-18 21:46 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-06 08:04 - 2016-01-06 15:43 - 02379776 _____ C:\Users\Robert J\Documents\RJ Bise.paf
2017-02-06 07:12 - 2013-12-18 00:01 - 00000000 ____D C:\Users\Robert J\Documents\My PSP Files
2017-02-06 06:43 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 10:10 - 2014-11-18 16:46 - 00658460 _____ C:\Windows\ntbtlog.txt
2017-02-03 09:16 - 2014-10-16 22:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-02 22:44 - 2012-09-18 13:38 - 00000000 ____D C:\Users\Robert J
2017-01-26 08:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-22 19:41 - 2012-09-18 22:10 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-21 00:34 - 2015-04-24 17:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 23:31 - 2017-01-15 19:53 - 00000000 ____D C:\Users\Robert J\2017-01-15

==================== Files in the root of some directories =======

2017-01-29 20:46 - 2017-01-29 20:46 - 0000185 _____ () C:\Users\Robert J\AppData\Roaming\FPC.xml
2014-02-26 14:59 - 2014-11-20 13:02 - 0001315 _____ () C:\Users\Robert J\AppData\Roaming\SAS7_000.DAT
2016-10-30 15:02 - 2016-10-30 15:02 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-14 11:35 - 2015-08-14 11:35 - 3895328 _____ () C:\ProgramData\SPL935C.tmp
2014-05-20 23:54 - 2014-05-20 23:54 - 0351808 _____ () C:\ProgramData\SPLBF84.tmp
2013-05-03 21:14 - 2013-05-03 21:14 - 1727975 _____ () C:\ProgramData\SPLE01F.tmp
2012-09-24 18:45 - 2014-09-23 11:56 - 0001534 _____ () C:\ProgramData\ss.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-05 20:45

==================== End of FRST.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Getting rid of the detection is pretty simple.  Open notepad

 

type :

DeleteQuarantine:

(with an Enter after the line)

 

Then File, Save As, fixlist (to your desktop) OK.

 

Then right click on FRST and Run As Admin.

 

Click on FIX.

 

All this does is remove the file that was put in FRST's quarantine back in 2014 when you were here before.

 

Delfix is supposed to clean out the Quarantine folder but it appears it didn't.

 

That's not going to fix any problems tho.  Something is stopping bfe from running.  let's see if ESET's tool can help:

 

http://support.eset.com/kb2895/

 

Click on blue button that says ESETSirfefCleaner under I. Download the ESETSirfefCleaner tool 

 

right click on the downloaded file and Run As Admin.

 

 

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad.
 
No matter what SFC says do the following:
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
Multiple posts are easiest.  Just post the logs as you get them.

  • 0

#3
BuddysBoy

BuddysBoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/02/2017 10:32:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/02/2017 5:37:08 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Log: 'System' Date/Time: 19/02/2017 5:33:36 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

Log: 'System' Date/Time: 19/02/2017 5:33:36 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

Log: 'System' Date/Time: 19/02/2017 5:33:26 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 19/02/2017 5:33:26 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 19/02/2017 5:33:26 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 19/02/2017 5:33:26 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 19/02/2017 5:32:18 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfemms service.

Log: 'System' Date/Time: 19/02/2017 5:31:40 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 19/02/2017 5:31:40 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

Log: 'System' Date/Time: 19/02/2017 5:31:40 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Log: 'System' Date/Time: 19/02/2017 5:31:40 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 19/02/2017 5:31:38 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/02/2017 5:33:06 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20090516388200000&0#.

Log: 'System' Date/Time: 19/02/2017 5:31:23 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 19/02/2017 5:30:43 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 19/02/2017 5:29:19 AM
Type: Warning Category: 0
Event: 1073 Source: USER32
The attempt by user RobertJ-PC\Robert J to restart/shutdown computer ROBERTJ-PC failed

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/02/2017 10:35:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/02/2017 5:33:11 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
AdminService.exe 2,100 K 5,972 K 1664 AdminService Application Atheros Commnucations (A certificate was explicitly revoked by its issuer) Atheros Commnucations
AESTSr64.exe 992 K 2,804 K 1520 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe 1,172 K 4,064 K 1496 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
Ath_CoexAgent.exe 1,876 K 5,844 K 1616 Atheros Coex Service Application Atheros (No signature was present in the subject) Atheros
AthBtTray.exe 3,732 K 10,860 K 2372 Bluetooth Tray Atheros Commnucations (A certificate was explicitly revoked by its issuer) Atheros Commnucations
BtvStack.exe 7,240 K 10,316 K 2360 Bluetooth Stack Server Atheros Commnucations (A certificate was explicitly revoked by its issuer) Atheros Commnucations
CameraMonitor.exe 3,544 K 7,392 K 2960 PIXELA CORPORATION (Verified) PIXELA CORPORATION
cmd.exe 2,864 K 3,424 K 2492 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
CNQMMAIN.EXE 64,636 K 24,144 K 2748 Canon Quick Menu CANON INC. (Verified) Canon Inc.
conhost.exe 1,868 K 5,884 K 4644 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
dlcqcoms.exe 2,520 K 6,584 K 1764 Printer Communication System (Verified) Dell Incorporated
dlcqmon.exe 2,076 K 5,832 K 2292 Device Monitor (Verified) Dell Inc.
dwm.exe 1,856 K 6,324 K 2144 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
FlashUtil64_24_0_0_221_ActiveX.exe 3,692 K 9,248 K 4024 Adobe® Flash® Player Installer/Uninstaller 24.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
hkcmd.exe 2,164 K 6,300 K 2324 hkcmd Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
hpwuschd2.exe 956 K 3,700 K 2116 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
igfxpers.exe 2,508 K 7,412 K 2348 persistence Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
issch.exe 1,908 K 5,072 K 2340 InstallShield Update Service Scheduler InstallShield Software Corporation (No signature was present in the subject) InstallShield Software Corporation
jucheck.exe 4,768 K 12,556 K 3984 Java Update Checker Oracle Corporation (Verified) Oracle America
jusched.exe 4,864 K 13,756 K 1240 Java Update Scheduler Oracle Corporation (Verified) Oracle America
lsm.exe 2,644 K 4,528 K 648 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
McUICnt.exe 8,224 K 20,404 K 3160 McAfee McAfee, Inc. (Verified) McAfee
mDNSResponder.exe 2,020 K 5,648 K 1700 Bonjour Service Apple Inc. (Verified) Apple Inc.
mfefire.exe 1,200 K 3,396 K 3284 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
mfefire.exe 2,520 K 6,640 K 3192 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
mfemms.exe 1,776 K 4,796 K 1888 McAfee Management Service McAfee, Inc. (Verified) McAfee
mfevtps.exe 1,436 K 3,672 K 1916 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mfevtps.exe 4,512 K 8,532 K 1964 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
MsSpellCheckingFacility.exe 2,728 K 7,376 K 376 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 1,420 K 6,800 K 4608 Notepad Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 2,284 K 7,584 K 4880 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
SearchIndexer.exe 0.25 41,020 K 17,872 K 3820 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
smss.exe 692 K 1,396 K 296 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 2,844 K 7,644 K 4976 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
sttray64.exe 8,584 K 19,104 K 2308 IDT PC Audio TPE IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 5,128 K 10,820 K 1724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,244 K 9,948 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,572 K 6,016 K 1032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,460 K 9,812 K 3916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,708 K 5,804 K 1796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
unchecky_svc.exe 1,456 K 4,904 K 312 Unchecky Service RaMMicHaeL (Verified) Reason Software Company Inc.
wininit.exe 1,468 K 4,492 K 532 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,840 K 7,364 K 628 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,472 K 6,404 K 704 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wweb32.exe 2,788 K 6,708 K 2784 (Verified) WordWeb Software
McCSPServiceHost.exe 7,936 K 15,504 K 5044 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
iTunesHelper.exe < 0.01 4,528 K 13,564 K 2556 iTunesHelper Apple Inc. (Verified) Apple Inc.
stacsv64.exe < 0.01 12,112 K 8,360 K 468 IDT PC Audio TPE IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 84,024 K 93,196 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 1,892 K 6,080 K 3788 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
mcshield.exe 0.51 176,400 K 184,948 K 3152 McAfee Scanner service McAfee, Inc. (Verified) McAfee
UpdateChecker.exe < 0.01 36,292 K 35,672 K 2628 FileHippo.com Update Checker FileHippo.com (No signature was present in the subject) FileHippo.com
McSvHost.exe < 0.01 18,788 K 6,788 K 3340 McAfee Service Host McAfee, Inc. (Verified) McAfee
DeliveryService.exe 0.02 28,996 K 37,992 K 4124 Dell Digital Delivery Windows Service Dell Products, LP. (Verified) Dell Inc.
mcsacore.exe < 0.01 15,780 K 5,408 K 1864 McAfee WebAdvisor McAfee, Inc. (Verified) McAfee
svchost.exe < 0.01 13,372 K 15,944 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CNQMUPDT.EXE 0.01 24,144 K 25,320 K 1492 Canon Quick Menu Updater CANON INC. (Verified) Canon Inc.
wmpnetwk.exe 0.02 15,988 K 8,892 K 1200 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.01 62,988 K 218,120 K 3492 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
taskhost.exe 0.02 28,104 K 23,652 K 2096 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SASCORE64.EXE 0.01 3,232 K 5,732 K 1448 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
AppleMobileDeviceService.exe 0.01 3,704 K 10,936 K 1548 MobileDeviceService Apple Inc. (Verified) Apple Inc.
unchecky_bg.exe 0.02 1,712 K 7,184 K 2884 Unchecky Background Process RaMMicHaeL (Verified) Reason Software Company Inc.
iexplore.exe 0.02 32,720 K 153,972 K 4928 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 14,948 K 15,076 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.01 2,056 K 4,580 K 460 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
CNMNSST.exe 0.02 1,432 K 5,720 K 2792 Canon IJ Network Scanner Selector EX CANON INC. (Verified) Canon Inc.
iPodService.exe 0.03 2,404 K 6,788 K 3684 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 7,312 K 13,356 K 180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 23,652 K 40,620 K 384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
memcard.exe 2,316 K 6,844 K 2300 Memory Card Manager Executable (Verified) Dell Inc.
svchost.exe 4,716 K 8,780 K 848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SUPERANTISPYWARE.EXE 0.06 16,436 K 9,492 K 2620 SUPERAntiSpyware Application SUPERAntiSpyware (Verified) SUPERAntiSpyware.com
lsass.exe 5,616 K 35,220 K 640 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,820 K 10,620 K 588 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.30 43,212 K 212,132 K 2180 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 4,716 K 10,136 K 768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.53 160 K 1,128 K 4
spoolsv.exe 7,764 K 68,884 K 1316 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
McAPExe.exe 0.34 3,116 K 8,156 K 3264 McAfee Access Protection McAfee, Inc. (Verified) McAfee
Interrupts 0.40 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.43 10,932 K 12,436 K 544 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe 0.06 3,612 K 12,252 K 2648 ScanToPCActivationApp Hewlett-Packard Development Company, LP (Verified) Hewlett Packard
iexplore.exe 0.02 134,480 K 331,692 K 3180 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
HPNETW~1.EXE 0.16 3,540 K 10,148 K 4768 HPNetworkCommunicatorCom Hewlett-Packard Development Company, LP (Verified) Hewlett Packard
procexp64.exe 6.53 24,664 K 44,556 K 2712 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 90.06 0 K 24 K 0
SearchProtocolHost.exe 0.11 344 K 120 K 416 Microsoft Windows Search Protocol Host Microsoft Corporation Verifying...



Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 296 N/A
csrss.exe 460 N/A
wininit.exe 532 N/A
csrss.exe 544 N/A
services.exe 588 N/A
winlogon.exe 628 N/A
lsass.exe 640 KeyIso, SamSs
lsm.exe 648 N/A
svchost.exe 768 DcomLaunch, PlugPlay, Power
svchost.exe 848 RpcEptMapper, RpcSs
svchost.exe 960 AudioSrv, Dhcp, eventlog, lmhosts
svchost.exe 992 AudioEndpointBuilder, Netman, PcaSvc,
SysMain, TrkWks, UxSms, Wlansvc,
WPDBusEnum, wudfsvc
svchost.exe 180 EventSystem, fdPHost, FontCache, netprofm,
nsi, WdiServiceHost
svchost.exe 384 AeLookupSvc, Appinfo, BITS, EapHost,
LanmanServer, MMCSS, ProfSvc, Schedule,
SENS, ShellHWDetection, Themes, Winmgmt,
wuauserv
stacsv64.exe 468 STacSV
svchost.exe 1032 gpsvc
svchost.exe 1136 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
spoolsv.exe 1316 Spooler
SASCORE64.EXE 1448 !SASCORE
armsvc.exe 1496 AdobeARMservice
AESTSr64.exe 1520 AESTFilters
AppleMobileDeviceService. 1548 Apple Mobile Device Service
Ath_CoexAgent.exe 1616 Atheros Bt&Wlan Coex Agent
AdminService.exe 1664 AtherosSvc
mDNSResponder.exe 1700 Bonjour Service
svchost.exe 1724 DiagTrack
dlcqcoms.exe 1764 dlcq_device
svchost.exe 1796 DPS
mcsacore.exe 1864 McAfee SiteAdvisor Service
mfemms.exe 1888 mfemms
mfevtps.exe 1916 mfevtp
mfevtps.exe 1964 N/A
svchost.exe 1056 stisvc
unchecky_svc.exe 312 Unchecky
taskhost.exe 2096 N/A
dwm.exe 2144 N/A
explorer.exe 2180 N/A
dlcqmon.exe 2292 N/A
memcard.exe 2300 N/A
sttray64.exe 2308 N/A
hkcmd.exe 2324 N/A
igfxpers.exe 2348 N/A
BtvStack.exe 2360 N/A
AthBtTray.exe 2372 N/A
iTunesHelper.exe 2556 N/A
SUPERANTISPYWARE.EXE 2620 N/A
UpdateChecker.exe 2628 N/A
ScanToPCActivationApp.exe 2648 N/A
CameraMonitor.exe 2960 N/A
unchecky_bg.exe 2884 N/A
wweb32.exe 2784 N/A
issch.exe 2340 N/A
jusched.exe 1240 N/A
CNQMMAIN.EXE 2748 N/A
CNMNSST.exe 2792 N/A
hpwuschd2.exe 2116 N/A
mcshield.exe 3152 N/A
McUICnt.exe 3160 N/A
mfefire.exe 3192 N/A
McAPExe.exe 3264 McAPExe
mfefire.exe 3284 mfefire
McSvHost.exe 3340 HomeNetSvc, McNaiAnn, mcpltsvc, McProxy
iPodService.exe 3684 iPod Service
SearchIndexer.exe 3820 WSearch
wmpnetwk.exe 1200 WMPNetworkSvc
WUDFHost.exe 3788 N/A
svchost.exe 3916 SSDPSRV, upnphost
splwow64.exe 4976 N/A
CNQMUPDT.EXE 1492 N/A
DeliveryService.exe 4124 DellDigitalDelivery
McCSPServiceHost.exe 5044 mccspsvc
jucheck.exe 3984 N/A
cmd.exe 2492 N/A
conhost.exe 4644 N/A
iexplore.exe 4928 N/A
iexplore.exe 3492 N/A
iexplore.exe 3180 N/A
FlashUtil64_24_0_0_221_Ac 4024 N/A
notepad.exe 4608 N/A
MsSpellCheckingFacility.e 376 N/A
procexp.exe 4880 N/A
procexp64.exe 2712 N/A
WmiPrvSE.exe 704 N/A
audiodg.exe 3992 N/A
cmd.exe 4336 N/A
conhost.exe 4904 N/A
tasklist.exe 2228 N/A
WmiPrvSE.exe 3080 N/A

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Looks like we have to do it the hard way.

 

 
Download and Save the attached BFE64.zip file.  Right click on it and Extract All.  This will create a folder called BFE64.  Inside the folder will be two files.  BFE64.reg and mpssvc.reg.  
Attached File  bfe64.zip   10.53KB   40 downloads
 
Right click on BFE64.reg and select MERGE.  Allow it to merge into the registry.  Report any errors you get.  
 
Right click on mpssvc.reg and select MERGE.  Allow it to merge into the registry.  Report any errors you get.
 
Reboot.
 
Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.
 
Type with an Enter after each line:
 
net  start  bfe
 
(We want it to say 
"The requested service has already been started
 
More help is available by typing NET HELPMSG 2182" 
 
but it likely will say Access Denied.  If you get Access Denied then:
 
Go into regedit, (Start, Search, regedit, doubleclick, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 
(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it.  Find CurrentControlSet and click on its plus.  Click on Services) then right click on Services and select Permissions then click Add.
Type in 
NT Service\bfe 
and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and do the
net  start  bfe
command again and see if BFE has already been started. 
 
Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.
 
Type with an Enter after each line:
 
net  start  bfe
 
(also check the mpssvc which is Windows Firewall)
 
net  start  mpssvc

  • 0

#5
BuddysBoy

BuddysBoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Ok, went through your instructions.

Both net start bfe and net start mpssvc , now show "The requested service has already been started".


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Sounds like it worked.  

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot.
 
2. Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

  • 0

#7
BuddysBoy

BuddysBoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/02/2017 7:24:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/02/2017 3:20:19 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 20/02/2017 3:20:19 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 20/02/2017 3:20:19 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 20/02/2017 3:20:19 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/02/2017 3:19:43 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20090516388200000&0#.

Log: 'System' Date/Time: 20/02/2017 3:19:23 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 20/02/2017 3:18:49 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/02/2017 7:43:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/02/2017 3:21:14 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Looks like we fixed BFE and the McAfee firewall with the last fix.

 

 

 

Log: 'System' Date/Time: 20/02/2017 3:19:43 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20090516388200000&0#.

 

 

This one is an easy fix:

 

Search for 

services.msc

hit Enter

This will bring up the Services Window.  Scroll down to 

 

Windows Driver Foundation - User-mode Driver Framework

 

Right click and select Properties.  Change the Startup Type: from Manual to Automatic.  OK

 

 

Whikle in Services window, find

Windows Media Player Network Sharing Service

(It's the third one of three that start with Windows Media)

Right click on it and select Properties.  Change its Startup Type: to Disabled.  OK.

 

 

I have a fix for this one:

 

Log: 'Application' Date/Time: 20/02/2017 3:21:14 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

 

Download the attached fix10.zip file

Attached File  fix10.zip   579bytes   27 downloads

Right click on it and Extract All.  Change the path to

c:\windows\system32

Extract.

 

It will say you have to give it permission.  Hit Continue.

 

a. Click on start

b. Click on Programs

c. Right-Click on Command Prompt

d. Choose run as administrator

e. Type:

cscript  fix10.vbs

hit Enter.  

 

(This is a variation on the fix talked about here: https://support.micr...-server-2008-r2 )

 

Then Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 
Reboot.
 
2. Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
Is it running any better now?
 
 

 


  • 0

#9
BuddysBoy

BuddysBoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/02/2017 10:49:34 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/02/2017 6:46:50 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name filehippo.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/02/2017 6:44:56 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 20/02/2017 6:44:18 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/02/2017 10:51:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Looking good.  The remaining errors are nothing to worry about.

 

Let's run aswMBR just to make sure there isn't a rootkit hiding somewhere.

 

 
Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.
 
Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and 
 
post in your next reply
 
If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

  • 0

Advertisements


#11
BuddysBoy

BuddysBoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
How long is this scan supposed to take? I'm on my 3rd try. this one I unchecked the Trace Disk IO Calls before hitting the scan. it seems to stall after 2 to 3 hrs.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Something wrong then.  Can you do just a Quick scan instead of a C/ ?

 

Did you it  leave you a log?  Even a partial log would be useful.   Normally it creates two files, mbr.txt and mbr.dat  The mbr.txt is the one we want.


  • 0

#13
BuddysBoy

BuddysBoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok I let it run all night and it did finish, looks like it took about 8 hours.
I hit report button twice as I didn't see a report after the first time. I hope that didn't cause a problem with the report.

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-02-20 19:42:58
-----------------------------
19:42:58.832 OS Version: Windows x64 6.1.7601 Service Pack 1
19:42:58.832 Number of processors: 2 586 0x2A07
19:42:58.832 ComputerName: ROBERTJ-PC UserName: Robert J
19:43:01.328 Initialize success
19:43:01.438 VM: initialized successfully
19:43:01.453 VM: Intel CPU virtualization not supported
19:48:58.594 AVAST engine defs: 17010903
19:49:17.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:49:17.782 Disk 0 Vendor: ST9500325AS D005DEM1 Size: 476940MB BusType: 11
19:49:18.016 Disk 0 MBR read successfully
19:49:18.016 Disk 0 MBR scan
19:49:18.031 Disk 0 Windows 7 default MBR code
19:49:18.047 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 8192 MB offset 2048
19:49:18.047 Disk 0 default boot code
19:49:18.078 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 468746 MB offset 16779264
19:49:18.359 Disk 0 scanning C:\Windows\system32\drivers
19:50:02.897 Service scanning
19:50:48.246 Modules scanning
19:50:50.134 AVAST engine scan C:\
03:14:17.004 Disk 0 statistics 39508753/0/0 @ 1.28 MB/s
03:14:17.004 Scan finished successfully
05:56:07.888 Disk 0 MBR has been saved successfully to "C:\Users\Robert J\Desktop\MBR.dat"
05:56:07.904 The log file has been saved successfully to "C:\Users\Robert J\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-02-20 19:42:58
-----------------------------
19:42:58.832 OS Version: Windows x64 6.1.7601 Service Pack 1
19:42:58.832 Number of processors: 2 586 0x2A07
19:42:58.832 ComputerName: ROBERTJ-PC UserName: Robert J
19:43:01.328 Initialize success
19:43:01.438 VM: initialized successfully
19:43:01.453 VM: Intel CPU virtualization not supported
19:48:58.594 AVAST engine defs: 17010903
19:49:17.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:49:17.782 Disk 0 Vendor: ST9500325AS D005DEM1 Size: 476940MB BusType: 11
19:49:18.016 Disk 0 MBR read successfully
19:49:18.016 Disk 0 MBR scan
19:49:18.031 Disk 0 Windows 7 default MBR code
19:49:18.047 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 8192 MB offset 2048
19:49:18.047 Disk 0 default boot code
19:49:18.078 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 468746 MB offset 16779264
19:49:18.359 Disk 0 scanning C:\Windows\system32\drivers
19:50:02.897 Service scanning
19:50:48.246 Modules scanning
19:50:50.134 AVAST engine scan C:\
03:14:17.004 Disk 0 statistics 39508753/0/0 @ 1.28 MB/s
03:14:17.004 Scan finished successfully
05:56:07.888 Disk 0 MBR has been saved successfully to "C:\Users\Robert J\Desktop\MBR.dat"
05:56:07.904 The log file has been saved successfully to "C:\Users\Robert J\Desktop\aswMBR.txt"
05:57:05.048 Disk 0 MBR has been saved successfully to "C:\Users\Robert J\Desktop\MBR.dat"
05:57:05.048 The log file has been saved successfully to "C:\Users\Robert J\Desktop\aswMBR.txt"
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Don't know why it took so long but the good news is that it didn't find anything.  

 

Is it still slow?  

 

If so I expect it's that Seagate Hard Drive which was showing a lot of errors.  May be time to replace it with a nice Western Digital black.  Let's do another speccy log so we can see if the errors are much bigger than the first log.


  • 0

#15
BuddysBoy

BuddysBoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Okay, but i'm not sure which test produces a speccy log.??
  • 0






Similar Topics


Also tagged with one or more of these keywords: trojan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP