Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Process Manager 32 bit Virus, Maybe More [Solved]


  • This topic is locked This topic is locked

#121
Kirballer

Kirballer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018
Ran by Kirby (18-01-2018 08:53:09)
Running from C:\Users\Kirby\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-09 05:50:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2127724220-2420722970-824995399-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2127724220-2420722970-824995399-503 - Limited - Disabled)
Guest (S-1-5-21-2127724220-2420722970-824995399-501 - Limited - Disabled)
Kirby (S-1-5-21-2127724220-2420722970-824995399-1001 - Administrator - Enabled) => C:\Users\Kirby
WDAGUtilityAccount (S-1-5-21-2127724220-2420722970-824995399-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Alienware)
Alienware Command Center (HKLM\...\{D9D87C4D-EE25-4287-9B31-F05566DA159B}) (Version: 4.0.53.0 - Dell Inc.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{D9D87C4D-EE25-4287-9B31-F05566DA159B}) (Version: 4.0.53.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Alienware Graphics Amplifier Software Installer (HKLM\...\{6E1FABDA-3A5D-42DF-B91B-A6C58EEA00C6}) (Version: 1.0.24.0 - Dell Inc.) Hidden
Alienware Graphics Amplifier Software Installer (HKLM-x32\...\InstallShield_{6E1FABDA-3A5D-42DF-B91B-A6C58EEA00C6}) (Version: 1.0.24.0 - Dell Inc.)
Alienware On-Screen Display (HKLM-x32\...\{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.14C - ) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.14C - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Auto-Keyboard 9.0 (HKLM-x32\...\{CAE28200-F83E-4B83-8BEB-D8D6CA04883C}_is1) (Version:  - Auto-Keyboard)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.44.1625 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{8D7B279C-A661-465C-9658-F62FBD6A6B91}) (Version: 2.1.3.5 - Dell)
Discord (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.26 - Compal Electronics, Inc.) Hidden
EMSC (HKLM-x32\...\InstallShield_{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.26 - Compal Electronics, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{80B15934-444B-4B4F-B2A9-439FCCBA4C81}) (Version: 1.1.132.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Free Fall Data Protection (HKLM\...\{5141F653-8707-4B96-9349-247C66319C11}) (Version: 1.1.2.8 - Kionix, Inc.)
FreeMouseAutoClicker 3.7 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R7 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2175 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MiKTeX 2.9 (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Qualcomm Atheros 11AC Drivers (HKLM\...\{33D8E095-F8F0-4A5D-8873-62652E1FFF66}) (Version: 1.1.47.1096 - Qualcomm Atheros) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.400 - Qualcomm Atheros)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{B38B3AB8-D6FF-40E5-B87A-870E511F3C96}) (Version: 1.1.47.1096 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{D5ECB50B-AB10-48AA-87A7-3678F0416AF8}) (Version: 1.1.47.1096 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1096 - Qualcomm Atheros)
Qualcomm Atheros Killer Wireless Drivers (HKLM-x32\...\{B211CEB4-B080-475D-A089-FFF315146E76}) (Version: 1.1.47.1096 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{EBB6EF1E-4289-4B2E-8BD8-AE0303EC8FD5}) (Version: 1.1.47.1096 - Qualcomm Atheros) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sound Blaster Recon3Di (HKLM-x32\...\{EE5FF981-6CC0-4ED1-BB01-BCE4B01EF9A4}) (Version: 1.01.00 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
Stagelight (HKLM\...\Stagelight) (Version: 2.0.0.5006 - Open Labs, LLC.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 13.0.0.9 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Survival Launcher (HKLM-x32\...\{0FE0A042-8D15-497C-BB00-9C02D18E83D2}) (Version: 1.0.0.6 - Survival Launcher)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeXstudio 2.11.2 (HKLM-x32\...\TeXstudio_is1) (Version: 2.11.2 - Benito van der Zander)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.36 - Synaptics Incorporated)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{F1D5FC88-4EE0-4D0B-917B-60E930142FB9}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - BigNox Corporation (VBoxUSB) USB  (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - Kionix, Inc. (kiox_ff_driver) Sensor I/O devices  (10/09/2014 1.1.2.8) (HKLM\...\8DF797456310A45326D5CA27FA380061A19FA127) (Version: 10/09/2014 1.1.2.8 - Kionix, Inc.)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Yahoo! Powered (HKLM-x32\...\{AF7D47BD-FFFD-963D-4E7D-E6BD9EFD353D}) (Version:  - ) <==== ATTENTION
YGOPro DevPro (HKLM-x32\...\{E39C5843-843B-4D8E-897B-4C9C10599475}) (Version: 2.1.0.5 - DevPro, LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\mcctxmenufrmwrk.dll [2017-12-21] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-07-12] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\mcctxmenufrmwrk.dll [2017-12-21] (McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0856344B-4010-4CA7-8C15-F93E8C9097BF} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {16B4CBFB-4983-4864-8B76-E252922E1E28} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-13] (Microsoft Corporation)
Task: {201CFA1B-60AA-4F86-B427-4B63F33838A7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2D5DEA69-FE6F-4B06-B6B2-D56D0EE76FB1} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {2FFA6C1F-0DB6-49C4-99F8-BA122DB2254C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-11-23] (McAfee, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {54AE058F-CF9D-468E-BDEF-EBF70D431695} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {63623418-C047-4515-8A0A-740B9B781391} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {672893F5-3F36-49FB-B775-78EF47C4E993} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {879DCFE9-7F05-443A-B6FD-46F311E2CA80} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-11-06] (Synaptics Incorporated)
Task: {927F25E5-FFF0-4C69-A1AE-6E87985E0480} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-16] (Adobe Systems Incorporated)
Task: {B0258536-19F3-4F96-A388-B22A0CB97B9D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
Task: {B339B813-8E6F-405B-B69D-44748F04C5E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
Task: {BBED94E9-3A1A-4A02-86BA-23C9A20F0699} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-13] (Microsoft Corporation)
Task: {BE7C3E05-C710-43C7-9621-EC3970159A6D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D92EFC07-3411-4EBD-8DFD-9C7FDA067B16} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {DCEFB78F-917B-4328-8E3A-C3399486C227} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {DEBDE1F3-FA5A-4FC2-A5D3-A2BEC8D6C96F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-16] (Adobe Systems Incorporated)
Task: {F8DFF25B-F4DA-47D4-9C4A-65197D6AEF73} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-13] (Microsoft Corporation)
Task: {FB55B6F1-C6BB-45E6-8985-484807019413} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-12 05:14 - 2016-07-12 05:14 - 000401920 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-12-13 16:14 - 2017-11-26 06:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 16:14 - 2017-11-26 06:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2014-09-19 15:06 - 2014-09-19 15:06 - 000330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2018-01-13 13:53 - 2017-12-21 10:53 - 001724384 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2018-01-13 13:53 - 2017-12-21 10:53 - 000584104 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-01-10 12:16 - 2018-01-10 12:16 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2015-08-31 16:16 - 2016-06-14 14:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-05-30 15:34 - 2014-05-30 15:34 - 000939008 _____ () C:\WINDOWS\SYSTEM32\EMSC.dll
2015-03-16 10:28 - 2015-03-16 10:28 - 000155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-10-10 08:37 - 2014-10-10 08:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-06-12 06:47 - 2015-01-27 09:26 - 001905904 ____N () C:\Program Files (x86)\AlienRespawn\Components\Restore\STRestoreAPI.dll
2015-06-12 06:47 - 2012-11-25 21:19 - 001153384 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\libxml2.dll
2015-06-12 06:46 - 2014-02-18 13:12 - 000117568 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-01-17 00:35 - 2018-01-17 00:35 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2127724220-2420722970-824995399-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kirby\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\aw-co8.jpg
DNS Servers: 104.239.207.44 - 198.105.254.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F6251BB6-676E-4A19-AC70-248019F0B4C7}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{91D641E7-0208-4D9D-B5BB-AF9A2EA3C53F}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{0766E38D-D27B-4DF5-9340-395015CF85C1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6358B4CC-CDC4-471A-85B4-615F9DE8654B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{65FC0A2A-F20A-4797-86C3-1B2BFB95D50C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D340DAAD-4284-48CB-B83B-8D4C4A084B4B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{5CBDBF78-7FF3-4CE4-A21A-C89E846B6E2F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{A3A59C87-CAB1-4ADA-8E63-40E9E02E9D92}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{BA066F7F-EF78-4E9F-9F28-286ED2AF0819}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{112B047C-7260-4AC8-AF97-AFC116B993CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/17/2018 07:10:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000022306d502f8
Faulting process id: 0x2300
Faulting application start time: 0x01d38ff9157a6442
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: 4e049344-e4e4-4a35-b576-dccf3200c01c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/17/2018 07:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UnrealCEFSubProcess.exe, version: 4.18.0.0, time stamp: 0x5a5d3484
Faulting module name: libcef.dll, version: 3.3071.1611.0, time stamp: 0x595d6032
Exception code: 0x80000003
Fault offset: 0x000000000338616a
Faulting process id: 0x1a9c
Faulting application start time: 0x01d38ff9033ed369
Faulting application path: D:\Unreal Engine\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
Faulting module path: D:\Unreal Engine\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
Report Id: d846c731-6860-4c61-b669-77455b62d730
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/17/2018 06:58:09 PM) (Source: SDSSnapshotProcess) (EventID: 275) (User: NT AUTHORITY)
Description: Registry backup creation failed - 34 (00000022).
 
Error: (01/17/2018 06:44:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (01/17/2018 06:44:54 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {65E14243-7C1C-4B7B-BB81-389D5298E0EC}
 
Error: (01/17/2018 06:44:54 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {65E14243-7C1C-4B7B-BB81-389D5298E0EC}
 
Error: (01/17/2018 06:31:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000001596e3d02f8
Faulting process id: 0x336c
Faulting application start time: 0x01d38ff3a94fa1f0
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: a7147bac-16bc-4415-8952-cadfb8f7eccb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/17/2018 06:30:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000001b10c6b02f8
Faulting process id: 0x25b4
Faulting application start time: 0x01d38ff3929dd9e8
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: c5daa58f-7a38-4c9c-aba6-83f2e899ee8d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/17/2018 06:30:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000018965fd02f8
Faulting process id: 0x2fbc
Faulting application start time: 0x01d38ff38dcf78eb
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: c4d73182-57c6-4e8f-95ec-1e15abc62898
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/17/2018 06:30:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000002f3972f02f8
Faulting process id: 0x4e4
Faulting application start time: 0x01d38ff38c6db40c
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: 29d6f63f-119c-4c46-8f52-0b139fd8f174
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (01/18/2018 08:51:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/17/2018 07:10:21 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (01/17/2018 06:31:33 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (01/17/2018 06:30:42 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (01/17/2018 06:30:40 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (01/17/2018 06:30:32 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (01/17/2018 06:30:16 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (01/17/2018 06:30:16 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (01/17/2018 06:30:03 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (01/17/2018 06:28:59 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-17 19:10:09.400
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 18:31:20.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 18:30:42.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 18:30:34.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 18:30:31.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 18:30:16.320
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 18:30:15.578
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 18:29:51.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 18:29:44.118
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\LGSHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-17 18:29:19.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\LGSHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 44%
Total physical RAM: 8077.45 MB
Available physical RAM: 4472.8 MB
Total Virtual: 13197.45 MB
Available Virtual: 8752.57 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:109.59 GB) (Free:26.74 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:607.94 GB) NTFS
Drive e: () (Removable) (Total:7.47 GB) (Free:7.44 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BD12FE2E)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: E3E8EBBC)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 90FBDCAE)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#122
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 201 posts

The files and folders you can see (but can't access) are System files and folders, and they are visible because we made them visible when made your computer "show hidden files and folders". We'll set things back to normal before we finish, for the moment let's leave them alone.

Doesn't look like your infection has re-spawned, so lets have another go at seeing if we can re-enable a connection to your dns server.
 

  • Start FRST and when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it ....
cmd: ipconfig /flushdns
cmd: ipconfig /registerdns
cmd: ipconfig /release
cmd: ipconfig /renew
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Now reboot your computer and see if you can connect to any websites.

If not, try the following ...
    

Select Start > Control Panel.
Select View network status and tasks under Networking and Internet.
Select Change adapter settings.
Press and hold (or right-click)  Local Area Connection, and then select Properties.
Select Internet Protocol Version 6 (TCP/IPv6) > Properties.
Select Obtain an IPv6 address automatically > Obtain DNS servers address automatically > OK.
Select Internet Protocol Version 4 (TCP/IPv4) > Properties.
Select Obtain an IP address automatically > Obtain DNS servers address automatically > OK.

Now see if you can connect.


  • 1

#123
Kirballer

Kirballer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Internet is working fine now, thank you!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018
Ran by Kirby (18-01-2018 13:56:35) Run:13
Running from C:\Users\Kirby\Desktop
Loaded Profiles: Kirby (Available Profiles: Kirby)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
cmd: ipconfig /flushdns
cmd: ipconfig /registerdns
cmd: ipconfig /release
cmd: ipconfig /renew
*****************
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= ipconfig /registerdns =========
 
 
Windows IP Configuration
 
Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes.
 
========= End of CMD: =========
 
 
========= ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::985c:e71f:de91:35de%9
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::985c:e71f:de91:35de%9
   IPv4 Address. . . . . . . . . . . : 10.183.33.143
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Default Gateway . . . . . . . . . : 10.183.32.1
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
==== End of Fixlog 13:56:42 ====

Edited by Kirballer, 18 January 2018 - 03:20 PM.

  • 0

#124
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 201 posts

Glad you're now able to connect.

So, let's continue removing the programs we've been using to clean up your machine ...
 

  • Start FRST and when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it (don't include Code: Select all) ....
DeleteQuarantine:
EmptyTemp:
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ....



  • Double click AdwCleaner.exe to run it.
  • Click Uninstall.
  • Click Yes to the prompt.
  • AdwCleaner will close and uninstall itself

Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.

Next ....



  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes ...... then click on Run.
  •  
    • Remove disinfection tools
    • Reset system settings
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • Please post me that log.

As well as removing files and folders created by the tools it removes, this should also re-set your file/folder view, so that you can no longer see hidden and system files, please let me know if it doesn't do that for you.

 


  • 1

#125
Kirballer

Kirballer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Kirby (18-01-2018 16:55:59) Run:14
Running from C:\Users\Kirby\Desktop
Loaded Profiles: Kirby (Available Profiles: Kirby)
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteQuarantine:
EmptyTemp:
*****************

"C:\FRST\Quarantine" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20110511 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2648410 B
Edge => 9728 B
Chrome => 0 B
Firefox => 79000790 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9022 B
NetworkService => 0 B
Kirby => 146562591 B

RecycleBin => 120292448 B
EmptyTemp: => 359.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:56:20 ====


  • 0

#126
Kirballer

Kirballer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

# DelFix v1.010 - Logfile created 18/01/2018 at 17:00:38
# Updated 26/04/2015 by Xplode
# Username : Kirby - KIRBY
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Kirby\Desktop\FRST-OlderVersion
Deleted : C:\Users\Kirby\Desktop\Fixlog.txt
Deleted : C:\Users\Kirby\Desktop\FRST64.exe
Deleted : C:\Users\Kirby\Downloads\FRST64.exe

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#127
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 201 posts

Are you still seeing the "hidden" files and folders you could see earlier ?

 

If you are let me know.

 

If not, then I think we're pretty much finished, unless you have any remaining problems that we haven't dealt with.

 

If so, then please let me know what they are.

 

If not .....

 

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


 

I wrote it a few years back, and some of it is a bit dated now, but the fundamental points it makes are still valid.

 

 


  • 1

#128
Kirballer

Kirballer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

The files are hidden again and my only other question is about Google Chrome. Should I be alright to download it from another web browser?

 

Thank you so much for the help and patience along the way. I'll be reading your guide on safety shortly and will be more careful.


  • 0

#129
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 201 posts

You're welcome. 

 

Glad we were able to resolve things.

 

As far as Chrome goes, sure it's OK to install a new clean copy. The only reason we uninstalled it was because Chrome protects its files and settings, and sometimes the most pragmatic way to rectify any problems with it is to start out fresh again.

 

I'll leave this topic open for 24 hours before I close it. If you have any problems during that period just post here.

 

Good luck, and keep safe.


  • 0

#130
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 201 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP