[Kirballer]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018

Ran by Kirby (18-01-2018 08:53:09)

Running from C:\Users\Kirby\Desktop

Windows 10 Home Version 1709 16299.192 (X64) (2017-12-09 05:50:47)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2127724220-2420722970-824995399-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2127724220-2420722970-824995399-503 - Limited - Disabled)

Guest (S-1-5-21-2127724220-2420722970-824995399-501 - Limited - Disabled)

Kirby (S-1-5-21-2127724220-2420722970-824995399-1001 - Administrator - Enabled) => C:\Users\Kirby

WDAGUtilityAccount (S-1-5-21-2127724220-2420722970-824995399-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)

Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)

AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Alienware)

Alienware Command Center (HKLM\...\{D9D87C4D-EE25-4287-9B31-F05566DA159B}) (Version: 4.0.53.0 - Dell Inc.) Hidden

Alienware Command Center (HKLM-x32\...\InstallShield_{D9D87C4D-EE25-4287-9B31-F05566DA159B}) (Version: 4.0.53.0 - Dell Inc.)

Alienware Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)

Alienware Graphics Amplifier Software Installer (HKLM\...\{6E1FABDA-3A5D-42DF-B91B-A6C58EEA00C6}) (Version: 1.0.24.0 - Dell Inc.) Hidden

Alienware Graphics Amplifier Software Installer (HKLM-x32\...\InstallShield_{6E1FABDA-3A5D-42DF-B91B-A6C58EEA00C6}) (Version: 1.0.24.0 - Dell Inc.)

Alienware On-Screen Display (HKLM-x32\...\{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.14C - ) Hidden

Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.14C - )

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)

Auto-Keyboard 9.0 (HKLM-x32\...\{CAE28200-F83E-4B83-8BEB-D8D6CA04883C}_is1) (Version:  - Auto-Keyboard)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)

BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.44.1625 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)

Dell SupportAssistAgent (HKLM\...\{8D7B279C-A661-465C-9658-F62FBD6A6B91}) (Version: 2.1.3.5 - Dell)

Discord (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)

Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)

EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.26 - Compal Electronics, Inc.) Hidden

EMSC (HKLM-x32\...\InstallShield_{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.26 - Compal Electronics, Inc.) Hidden

Epic Games Launcher (HKLM-x32\...\{80B15934-444B-4B4F-B2A9-439FCCBA4C81}) (Version: 1.1.132.0 - Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Free Fall Data Protection (HKLM\...\{5141F653-8707-4B96-9349-247C66319C11}) (Version: 1.1.2.8 - Kionix, Inc.)

FreeMouseAutoClicker 3.7 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)

Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)

Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)

iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)

Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)

Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)

McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R7 - McAfee, Inc.)

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2175 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

MiKTeX 2.9 (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)

Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)

NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)

NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)

Qualcomm Atheros 11AC Drivers (HKLM\...\{33D8E095-F8F0-4A5D-8873-62652E1FFF66}) (Version: 1.1.47.1096 - Qualcomm Atheros) Hidden

Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.400 - Qualcomm Atheros)

Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{B38B3AB8-D6FF-40E5-B87A-870E511F3C96}) (Version: 1.1.47.1096 - Qualcomm Atheros) Hidden

Qualcomm Atheros Killer E220x Drivers (HKLM\...\{D5ECB50B-AB10-48AA-87A7-3678F0416AF8}) (Version: 1.1.47.1096 - Qualcomm Atheros) Hidden

Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1096 - Qualcomm Atheros)

Qualcomm Atheros Killer Wireless Drivers (HKLM-x32\...\{B211CEB4-B080-475D-A089-FFF315146E76}) (Version: 1.1.47.1096 - Qualcomm Atheros)

Qualcomm Atheros Network Manager (HKLM\...\{EBB6EF1E-4289-4B2E-8BD8-AE0303EC8FD5}) (Version: 1.1.47.1096 - Qualcomm Atheros) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)

SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden

Sound Blaster Recon3Di (HKLM-x32\...\{EE5FF981-6CC0-4ED1-BB01-BCE4B01EF9A4}) (Version: 1.01.00 - Creative Technology Limited)

Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)

Stagelight (HKLM\...\Stagelight) (Version: 2.0.0.5006 - Open Labs, LLC.)

Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 13.0.0.9 - Bioware/EA)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Survival Launcher (HKLM-x32\...\{0FE0A042-8D15-497C-BB00-9C02D18E83D2}) (Version: 1.0.0.6 - Survival Launcher)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)

TeXstudio 2.11.2 (HKLM-x32\...\TeXstudio_is1) (Version: 2.11.2 - Benito van der Zander)

TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)

Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.36 - Synaptics Incorporated)

Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)

WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{F1D5FC88-4EE0-4D0B-917B-60E930142FB9}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden

WinDirStat 1.1.2 (HKU\S-1-5-21-2127724220-2420722970-824995399-1001\...\WinDirStat) (Version:  - )

Windows Driver Package - BigNox Corporation (VBoxUSB) USB  (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)

Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)

Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)

Windows Driver Package - Kionix, Inc. (kiox_ff_driver) Sensor I/O devices  (10/09/2014 1.1.2.8) (HKLM\...\8DF797456310A45326D5CA27FA380061A19FA127) (Version: 10/09/2014 1.1.2.8 - Kionix, Inc.)

Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)

Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)

WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Yahoo! Powered (HKLM-x32\...\{AF7D47BD-FFFD-963D-4E7D-E6BD9EFD353D}) (Version:  - ) <==== ATTENTION

YGOPro DevPro (HKLM-x32\...\{E39C5843-843B-4D8E-897B-4C9C10599475}) (Version: 2.1.0.5 - DevPro, LLC)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)

ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\mcctxmenufrmwrk.dll [2017-12-21] (McAfee, Inc.)

ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-07-12] (Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)

ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\mcctxmenufrmwrk.dll [2017-12-21] (McAfee, Inc.)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0856344B-4010-4CA7-8C15-F93E8C9097BF} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

Task: {16B4CBFB-4983-4864-8B76-E252922E1E28} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-13] (Microsoft Corporation)

Task: {201CFA1B-60AA-4F86-B427-4B63F33838A7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {2D5DEA69-FE6F-4B06-B6B2-D56D0EE76FB1} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

Task: {2FFA6C1F-0DB6-49C4-99F8-BA122DB2254C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-11-23] (McAfee, Inc.)

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe

Task: {54AE058F-CF9D-468E-BDEF-EBF70D431695} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {63623418-C047-4515-8A0A-740B9B781391} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)

Task: {672893F5-3F36-49FB-B775-78EF47C4E993} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)

Task: {879DCFE9-7F05-443A-B6FD-46F311E2CA80} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-11-06] (Synaptics Incorporated)

Task: {927F25E5-FFF0-4C69-A1AE-6E87985E0480} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-16] (Adobe Systems Incorporated)

Task: {B0258536-19F3-4F96-A388-B22A0CB97B9D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)

Task: {B339B813-8E6F-405B-B69D-44748F04C5E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)

Task: {BBED94E9-3A1A-4A02-86BA-23C9A20F0699} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-13] (Microsoft Corporation)

Task: {BE7C3E05-C710-43C7-9621-EC3970159A6D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {D92EFC07-3411-4EBD-8DFD-9C7FDA067B16} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)

Task: {DCEFB78F-917B-4328-8E3A-C3399486C227} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {DEBDE1F3-FA5A-4FC2-A5D3-A2BEC8D6C96F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-16] (Adobe Systems Incorporated)

Task: {F8DFF25B-F4DA-47D4-9C4A-65197D6AEF73} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-13] (Microsoft Corporation)

Task: {FB55B6F1-C6BB-45E6-8985-484807019413} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-07-12 05:14 - 2016-07-12 05:14 - 000401920 _____ () C:\WINDOWS\system32\igfxTray.exe

2017-12-13 16:14 - 2017-11-26 06:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2017-12-13 16:14 - 2017-11-26 06:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll

2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll

2014-09-19 15:06 - 2014-09-19 15:06 - 000330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe

2018-01-13 13:53 - 2017-12-21 10:53 - 001724384 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll

2018-01-13 13:53 - 2017-12-21 10:53 - 000584104 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll

2018-01-10 12:16 - 2018-01-10 12:16 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2015-08-31 16:16 - 2016-06-14 14:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2017-12-08 01:49 - 2017-12-08 01:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2017-12-08 01:48 - 2017-12-08 01:48 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2014-05-30 15:34 - 2014-05-30 15:34 - 000939008 _____ () C:\WINDOWS\SYSTEM32\EMSC.dll

2015-03-16 10:28 - 2015-03-16 10:28 - 000155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

2014-10-10 08:37 - 2014-10-10 08:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-06-12 06:47 - 2015-01-27 09:26 - 001905904 ____N () C:\Program Files (x86)\AlienRespawn\Components\Restore\STRestoreAPI.dll

2015-06-12 06:47 - 2012-11-25 21:19 - 001153384 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\libxml2.dll

2015-06-12 06:46 - 2014-02-18 13:12 - 000117568 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\zlib1.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2018-01-17 00:35 - 2018-01-17 00:35 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2127724220-2420722970-824995399-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kirby\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\aw-co8.jpg

DNS Servers: 104.239.207.44 - 198.105.254.130

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [TCP Query User{F6251BB6-676E-4A19-AC70-248019F0B4C7}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [UDP Query User{91D641E7-0208-4D9D-B5BB-AF9A2EA3C53F}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [TCP Query User{0766E38D-D27B-4DF5-9340-395015CF85C1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [UDP Query User{6358B4CC-CDC4-471A-85B4-615F9DE8654B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [{65FC0A2A-F20A-4797-86C3-1B2BFB95D50C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{D340DAAD-4284-48CB-B83B-8D4C4A084B4B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe

FirewallRules: [{5CBDBF78-7FF3-4CE4-A21A-C89E846B6E2F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe

FirewallRules: [{A3A59C87-CAB1-4ADA-8E63-40E9E02E9D92}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{BA066F7F-EF78-4E9F-9F28-286ED2AF0819}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{112B047C-7260-4AC8-AF97-AFC116B993CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/17/2018 07:10:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0000022306d502f8

Faulting process id: 0x2300

Faulting application start time: 0x01d38ff9157a6442

Faulting application path: C:\WINDOWS\system32\DllHost.exe

Faulting module path: unknown

Report Id: 4e049344-e4e4-4a35-b576-dccf3200c01c

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (01/17/2018 07:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: UnrealCEFSubProcess.exe, version: 4.18.0.0, time stamp: 0x5a5d3484

Faulting module name: libcef.dll, version: 3.3071.1611.0, time stamp: 0x595d6032

Exception code: 0x80000003

Fault offset: 0x000000000338616a

Faulting process id: 0x1a9c

Faulting application start time: 0x01d38ff9033ed369

Faulting application path: D:\Unreal Engine\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe

Faulting module path: D:\Unreal Engine\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll

Report Id: d846c731-6860-4c61-b669-77455b62d730

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (01/17/2018 06:58:09 PM) (Source: SDSSnapshotProcess) (EventID: 275) (User: NT AUTHORITY)

Description: Registry backup creation failed - 34 (00000022).

 

Error: (01/17/2018 06:44:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Event-ID 0

 

Error: (01/17/2018 06:44:54 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )

Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {65E14243-7C1C-4B7B-BB81-389D5298E0EC}

 

Error: (01/17/2018 06:44:54 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )

Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {65E14243-7C1C-4B7B-BB81-389D5298E0EC}

 

Error: (01/17/2018 06:31:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000001596e3d02f8

Faulting process id: 0x336c

Faulting application start time: 0x01d38ff3a94fa1f0

Faulting application path: C:\WINDOWS\system32\DllHost.exe

Faulting module path: unknown

Report Id: a7147bac-16bc-4415-8952-cadfb8f7eccb

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (01/17/2018 06:30:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000001b10c6b02f8

Faulting process id: 0x25b4

Faulting application start time: 0x01d38ff3929dd9e8

Faulting application path: C:\WINDOWS\system32\DllHost.exe

Faulting module path: unknown

Report Id: c5daa58f-7a38-4c9c-aba6-83f2e899ee8d

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (01/17/2018 06:30:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0000018965fd02f8

Faulting process id: 0x2fbc

Faulting application start time: 0x01d38ff38dcf78eb

Faulting application path: C:\WINDOWS\system32\DllHost.exe

Faulting module path: unknown

Report Id: c4d73182-57c6-4e8f-95ec-1e15abc62898

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (01/17/2018 06:30:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000002f3972f02f8

Faulting process id: 0x4e4

Faulting application start time: 0x01d38ff38c6db40c

Faulting application path: C:\WINDOWS\system32\DllHost.exe

Faulting module path: unknown

Report Id: 29d6f63f-119c-4c46-8f52-0b139fd8f174

Faulting package full name: 

Faulting package-relative application ID:

 

 

System errors:

=============

Error: (01/18/2018 08:51:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (01/17/2018 07:10:21 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

Error: (01/17/2018 06:31:33 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

Error: (01/17/2018 06:30:42 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

Error: (01/17/2018 06:30:40 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

Error: (01/17/2018 06:30:32 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

Error: (01/17/2018 06:30:16 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

Error: (01/17/2018 06:30:16 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

Error: (01/17/2018 06:30:03 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

Error: (01/17/2018 06:28:59 PM) (Source: DCOM) (EventID: 10010) (User: KIRBY)

Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

 

 

CodeIntegrity:

===================================

  Date: 2018-01-17 19:10:09.400

  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2018-01-17 18:31:20.439

  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2018-01-17 18:30:42.361

  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2018-01-17 18:30:34.300

  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2018-01-17 18:30:31.982

  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2018-01-17 18:30:16.320

  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2018-01-17 18:30:15.578

  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2018-01-17 18:29:51.114

  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume7\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2018-01-17 18:29:44.118

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\LGSHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2018-01-17 18:29:19.733

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\LGSHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz

Percentage of memory in use: 44%

Total physical RAM: 8077.45 MB

Available physical RAM: 4472.8 MB

Total Virtual: 13197.45 MB

Available Virtual: 8752.57 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:109.59 GB) (Free:26.74 GB) NTFS

Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:607.94 GB) NTFS

Drive e: () (Removable) (Total:7.47 GB) (Free:7.44 GB) NTFS

Drive y: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: BD12FE2E)

 

Partition: GPT.

 

========================================================

Disk: 1 (Size: 119.2 GB) (Disk ID: E3E8EBBC)

 

Partition: GPT.

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 90FBDCAE)

Partition 1: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

[Advertisements]

The files and folders you can see (but can't access) are System files and folders, and they are visible because we made them visible when made your computer "show hidden files and folders". We'll set things back to normal before we finish, for the moment let's leave them alone.

Doesn't look like your infection has re-spawned, so lets have another go at seeing if we can re-enable a connection to your dns server.
 

• Start FRST and when it opens ....
• Press Ctrl+y (Ctrl and y keys at the same time)
• A blank notepad file named fixlist.txt will open.
• Copy and paste the following into it ....

cmd: ipconfig /flushdns
cmd: ipconfig /registerdns
cmd: ipconfig /release
cmd: ipconfig /renew

• Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Now press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
• Please post me the log

Now reboot your computer and see if you can connect to any websites.

If not, try the following ...
    

Select Start > Control Panel.
Select View network status and tasks under Networking and Internet.
Select Change adapter settings.
Press and hold (or right-click)  Local Area Connection, and then select Properties.
Select Internet Protocol Version 6 (TCP/IPv6) > Properties.
Select Obtain an IPv6 address automatically > Obtain DNS servers address automatically > OK.
Select Internet Protocol Version 4 (TCP/IPv4) > Properties.
Select Obtain an IP address automatically > Obtain DNS servers address automatically > OK.

Now see if you can connect.

[Gary R]

The files and folders you can see (but can't access) are System files and folders, and they are visible because we made them visible when made your computer "show hidden files and folders". We'll set things back to normal before we finish, for the moment let's leave them alone.

Doesn't look like your infection has re-spawned, so lets have another go at seeing if we can re-enable a connection to your dns server.
 

• Start FRST and when it opens ....
• Press Ctrl+y (Ctrl and y keys at the same time)
• A blank notepad file named fixlist.txt will open.
• Copy and paste the following into it ....

cmd: ipconfig /flushdns
cmd: ipconfig /registerdns
cmd: ipconfig /release
cmd: ipconfig /renew

• Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Now press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
• Please post me the log

Now reboot your computer and see if you can connect to any websites.

If not, try the following ...
    

Select Start > Control Panel.
Select View network status and tasks under Networking and Internet.
Select Change adapter settings.
Press and hold (or right-click)  Local Area Connection, and then select Properties.
Select Internet Protocol Version 6 (TCP/IPv6) > Properties.
Select Obtain an IPv6 address automatically > Obtain DNS servers address automatically > OK.
Select Internet Protocol Version 4 (TCP/IPv4) > Properties.
Select Obtain an IP address automatically > Obtain DNS servers address automatically > OK.

Now see if you can connect.

[Kirballer]

Internet is working fine now, thank you!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018

Ran by Kirby (18-01-2018 13:56:35) Run:13

Running from C:\Users\Kirby\Desktop

Loaded Profiles: Kirby (Available Profiles: Kirby)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

cmd: ipconfig /flushdns

cmd: ipconfig /registerdns

cmd: ipconfig /release

cmd: ipconfig /renew

*****************

 

 

========= ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

========= ipconfig /registerdns =========

 

 

Windows IP Configuration

 

Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes.

 

========= End of CMD: =========

 

 

========= ipconfig /release =========

 

 

Windows IP Configuration

 

No operation can be performed on Ethernet while it has its media disconnected.

No operation can be performed on Local Area Connection* 3 while it has its media disconnected.

No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Wireless LAN adapter Local Area Connection* 3:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . : 

   Link-local IPv6 Address . . . . . : fe80::985c:e71f:de91:35de%9

   Default Gateway . . . . . . . . . : 

 

Ethernet adapter Bluetooth Network Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

========= End of CMD: =========

 

 

========= ipconfig /renew =========

 

 

Windows IP Configuration

 

No operation can be performed on Ethernet while it has its media disconnected.

No operation can be performed on Local Area Connection* 3 while it has its media disconnected.

No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Wireless LAN adapter Local Area Connection* 3:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . : 

   Link-local IPv6 Address . . . . . : fe80::985c:e71f:de91:35de%9

   IPv4 Address. . . . . . . . . . . : 10.183.33.143

   Subnet Mask . . . . . . . . . . . : 255.255.252.0

   Default Gateway . . . . . . . . . : 10.183.32.1

 

Ethernet adapter Bluetooth Network Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

========= End of CMD: =========

 

 

==== End of Fixlog 13:56:42 ====

Edited by Kirballer, 18 January 2018 - 03:20 PM.

[Gary R]

Glad you're now able to connect.

So, let's continue removing the programs we've been using to clean up your machine ...
 

• Start FRST and when it opens ....
• Press Ctrl+y (Ctrl and y keys at the same time)
• A blank notepad file named fixlist.txt will open.
• Copy and paste the following into it (don't include Code: Select all) ....

DeleteQuarantine:
EmptyTemp:

• Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Now press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
• Please post me the log

Next ....

• Double click AdwCleaner.exe to run it.
• Click Uninstall.
• Click Yes to the prompt.
• AdwCleaner will close and uninstall itself

Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.

Next ....

• Please download delfix and save it to your desktop.
• Right-click on delfix.exe and select " Run as administrator " to run it.
• Check the following boxes ...... then click on Run.
•  
  • Remove disinfection tools
  • Reset system settings
• Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
• The log can also be located at the root of the system drive, C:\DelFix.txt.
• Please post me that log.

As well as removing files and folders created by the tools it removes, this should also re-set your file/folder view, so that you can no longer see hidden and system files, please let me know if it doesn't do that for you.

 

[Kirballer]

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Kirby (18-01-2018 16:55:59) Run:14
Running from C:\Users\Kirby\Desktop
Loaded Profiles: Kirby (Available Profiles: Kirby)
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteQuarantine:
EmptyTemp:
*****************

"C:\FRST\Quarantine" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20110511 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2648410 B
Edge => 9728 B
Chrome => 0 B
Firefox => 79000790 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9022 B
NetworkService => 0 B
Kirby => 146562591 B

RecycleBin => 120292448 B
EmptyTemp: => 359.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:56:20 ====

[Kirballer]

# DelFix v1.010 - Logfile created 18/01/2018 at 17:00:38
# Updated 26/04/2015 by Xplode
# Username : Kirby - KIRBY
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Kirby\Desktop\FRST-OlderVersion
Deleted : C:\Users\Kirby\Desktop\Fixlog.txt
Deleted : C:\Users\Kirby\Desktop\FRST64.exe
Deleted : C:\Users\Kirby\Downloads\FRST64.exe

~ Resetting system settings ... OK

########## - EOF - ##########
 

[Gary R]

Are you still seeing the "hidden" files and folders you could see earlier ?

 

If you are let me know.

 

If not, then I think we're pretty much finished, unless you have any remaining problems that we haven't dealt with.

 

If so, then please let me know what they are.

 

If not .....

 

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

• Computer Security - a short guide to staying safer online

 

I wrote it a few years back, and some of it is a bit dated now, but the fundamental points it makes are still valid.

 

 

[Kirballer]

The files are hidden again and my only other question is about Google Chrome. Should I be alright to download it from another web browser?

 

Thank you so much for the help and patience along the way. I'll be reading your guide on safety shortly and will be more careful.

[Gary R]

You're welcome. 

 

Glad we were able to resolve things.

 

As far as Chrome goes, sure it's OK to install a new clean copy. The only reason we uninstalled it was because Chrome protects its files and settings, and sometimes the most pragmatic way to rectify any problems with it is to start out fresh again.

 

I'll leave this topic open for 24 hours before I close it. If you have any problems during that period just post here.

 

Good luck, and keep safe.

[Gary R]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.