Friends FF browser got redirected to a page with message from Microsoft with a telephone number and various buttons to click for help. The message was "error hard drive safety delete". After numerous attempts at clicking and trying to close window called me. Closed the page using task manager and switched off internet access, he then ran a full scan with McAfee Antivirus Plus with no results found.
The computer is now with me, I ran a Malwarebytes Premium scan and nothing was found. Any help is much appreciated, thanks for your time and effort.
Here are the requested logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by Eddie (administrator) on DELL (08-03-2017 14:43:38)
Running from C:\Users\Eddie\Desktop
Loaded Profiles: Eddie (Available Profiles: Eddie)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(OSBASE) C:\Windows\System32\ddmgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
() C:\Windows\System32\flvga_tray.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [419328 2015-12-07] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CCEB5E90-4E48-420A-A652-21003662E153}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DEF3CE53-0BEA-4FEB-BCF9-3A58AEA0EBF4}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-3631865646-3207491450-1134192123-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-3631865646-3207491450-1134192123-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-02-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-10] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\g6p9p80w.default [2017-03-08]
FF NewTab: Mozilla\Firefox\Profiles\g6p9p80w.default -> www.google.co.uk
FF Homepage: Mozilla\Firefox\Profiles\g6p9p80w.default -> hxxps://www.google.co.uk/
FF Extension: (Firefox Hotfix) - C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\g6p9p80w.default\Extensions\[email protected] [2016-09-01]
FF Extension: (Adblock Plus) - C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\g6p9p80w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\g6p9p80w.default\features\{4a7d69c6-f473-4e1a-b5b5-a8e3908b36e6}\[email protected] [2017-03-03]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-03-07] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-07] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (Intel Security)
R2 ddmgr; C:\Windows\system32\ddmgr.exe [1659040 2015-12-07] (OSBASE)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-23] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2017-02-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RealtekDU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 klvssbrigde64; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [254456 2015-12-07] (OSBASE) [File not signed]
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [16888 2015-12-07] (OSBASE) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [194184 2015-12-07] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-08] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1043560 2016-03-22] (Realtek Semiconductor Corporation )
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-07-01] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-07-01] (Microsoft Corporation) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 14:43 - 2017-03-08 14:44 - 00012594 _____ C:\Users\Eddie\Desktop\FRST.txt
2017-03-08 14:43 - 2017-03-08 14:43 - 00000000 ____D C:\FRST
2017-03-08 14:41 - 2017-03-08 14:41 - 02423808 _____ (Farbar) C:\Users\Eddie\Desktop\FRST64.exe
2017-03-08 13:11 - 2017-03-08 13:13 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-08 13:11 - 2017-03-08 13:11 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 13:11 - 2017-03-08 13:11 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-08 13:11 - 2017-03-08 13:11 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-08 13:11 - 2017-03-08 13:11 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-08 13:11 - 2017-03-08 13:11 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 13:11 - 2017-03-08 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 13:11 - 2017-03-08 13:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 13:11 - 2017-03-08 13:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 13:11 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-08 13:06 - 2017-03-08 13:08 - 57131432 _____ (Malwarebytes ) C:\Users\Eddie\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-07 23:39 - 2017-03-07 23:39 - 00002162 _____ C:\Users\Public\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
2017-03-07 23:39 - 2017-03-07 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
2017-03-07 23:39 - 2017-03-07 23:39 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-03-07 23:38 - 2017-03-07 23:38 - 00000000 ____D C:\Program Files (x86)\REALTEK
2017-03-07 23:38 - 2016-03-22 06:15 - 01043560 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2017-03-07 23:38 - 2011-11-25 09:15 - 00165888 _____ C:\Windows\SysWOW64\ihvwapi.dll
2017-03-07 23:38 - 2011-11-25 09:15 - 00072704 _____ (TODO: <Company name>) C:\Windows\SysWOW64\ihvwapiui.dll
2017-03-07 23:38 - 2011-08-17 09:10 - 01097728 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2017-03-07 23:38 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2017-03-07 23:38 - 2009-04-02 10:27 - 00188416 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\RTLExtUI.dll
2017-03-07 23:38 - 2009-03-31 14:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe
2017-03-07 23:38 - 2009-01-05 20:31 - 00000901 _____ C:\Windows\RtlUI2.exe.manifest
2017-03-07 23:38 - 2008-07-01 12:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2017-03-07 17:45 - 2017-03-08 14:43 - 00003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-03-07 17:45 - 2017-03-07 23:47 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 14:39 - 2016-11-18 15:24 - 00000000 ____D C:\Users\Eddie\AppData\LocalLow\Mozilla
2017-03-08 13:56 - 2009-07-14 04:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 13:56 - 2009-07-14 04:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 13:42 - 2016-05-08 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-08 13:42 - 2014-06-25 18:59 - 00000000 ____D C:\Users\Eddie\AppData\Local\Adobe
2017-03-08 13:42 - 2014-02-13 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-08 13:02 - 2014-02-21 13:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-08 13:02 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-07 23:47 - 2013-10-31 10:02 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-07 23:47 - 2013-10-31 10:02 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-07 23:47 - 2013-10-31 10:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-07 23:47 - 2013-10-31 10:02 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-07 23:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-03-07 23:38 - 2013-10-31 10:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-07 17:48 - 2017-01-16 10:41 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-03-07 17:47 - 2017-01-16 10:46 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-03-07 17:47 - 2017-01-16 10:46 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-02-24 12:33 - 2016-03-12 12:56 - 00000000 ____D C:\Users\Eddie\Desktop\home insurance
2017-02-23 20:49 - 2014-02-13 15:34 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 20:47 - 2014-02-13 15:34 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-19 16:46 - 2014-04-26 11:10 - 00000000 ____D C:\ProgramData\McAfee
2017-02-16 22:12 - 2017-01-16 10:44 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-08 13:44 - 2017-01-16 10:44 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
==================== Files in the root of some directories =======
2014-10-29 16:15 - 2014-10-29 16:15 - 0004096 ____H () C:\Users\Eddie\AppData\Local\keyfile3.drm
2016-05-26 15:42 - 2016-05-26 15:42 - 0000017 _____ () C:\Users\Eddie\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2016-10-17 13:09 - 2016-10-17 13:09 - 0243320 _____ (McAfee, Inc.) C:\Users\Eddie\AppData\Local\Temp\McCSPInstall.dll
2007-08-31 11:12 - 2007-08-31 11:12 - 0460248 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_is321D.exe
2007-09-01 05:12 - 2007-09-01 05:12 - 0460248 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_is32C4.exe
2007-06-22 00:10 - 2007-06-22 00:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_is3A47.exe
2006-05-25 02:10 - 2006-05-25 02:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_is4E83.exe
2007-06-22 18:10 - 2007-06-22 18:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_isA0E1.exe
2006-05-25 02:10 - 2006-05-25 02:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_isA70D.exe
2014-04-29 11:54 - 2014-02-13 13:39 - 0455600 _____ (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_isB1B1.exe
2006-05-25 11:10 - 2006-05-25 11:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_isBF1B.exe
2007-08-31 11:12 - 2007-08-31 11:12 - 0460248 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_isC383.exe
2006-05-25 20:10 - 2006-05-25 20:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_isC6F.exe
2007-06-22 00:10 - 2007-06-22 00:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Eddie\AppData\Local\Temp\_isE4D8.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-04 16:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by Eddie (08-03-2017 14:44:34)
Running from C:\Users\Eddie\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-02-13 13:15:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3631865646-3207491450-1134192123-500 - Administrator - Disabled)
Eddie (S-1-5-21-3631865646-3207491450-1134192123-1000 - Administrator - Enabled) => C:\Users\Eddie
Guest (S-1-5-21-3631865646-3207491450-1134192123-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3631865646-3207491450-1134192123-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.12000 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1F65424F45EB}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Sky Go Desktop (HKU\S-1-5-21-3631865646-3207491450-1134192123-1000\...\2508210495.go.sky.com) (Version: - go.sky.com)
Thin2000 USB Display Adapter (HKLM\...\{BA661C83-7D34-4DF8-A31F-2139C1D72B1C}) (Version: 1.1.316.0 - Fresco Logic)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {111F0BE2-0A83-4C7C-BFEA-D4BB74E544F2} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-03-07] (McAfee, Inc.)
Task: {1D2D26FB-13D4-4BFC-AB85-BAA99BFC91E1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {494E53E0-BC60-4C5E-B015-F0D9424AD6D1} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {5B5ED4BE-5DB4-4A2E-AFF3-C397C1C5D548} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {67C59A98-0975-4C0D-BC85-5E23C19BED38} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {98BCA78A-EE43-420F-A0B2-6EAE8F33EA59} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-03-07] (McAfee, Inc.)
Task: {A7469D09-1756-4C58-8109-EAAEFD252DE6} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {AAD65EB1-4F5A-42A1-916C-EFADBC50DA10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AF8E5E99-F05E-47E6-A2F8-9AA00F82A837} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-07] (Adobe Systems Incorporated)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {EE53A167-6087-475B-A68D-3CDDED69B013} - \Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask -> No File <==== ATTENTION
Task: {F84BC511-0AC6-4B17-BE8C-931497A561AD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2015-12-07 08:15 - 2015-12-07 08:15 - 00419328 _____ () C:\Windows\System32\flvga_tray.exe
2017-03-08 13:11 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-08 13:11 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-07 23:38 - 2011-07-14 11:32 - 00446464 _____ () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3631865646-3207491450-1134192123-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AVP16.0.0 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EPSON_EB_RPCV4_01 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vssbrigde64 => 3
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DBRMTray => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
MSCONFIG\startupreg: EPSON SX410 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_SB404.tmp" /EF "HKCU"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7D497B30-B5B9-4B2E-BE52-80A1B31BA62E}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{741EA72A-428C-464E-8EDE-FA3CE458D6B5}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [TCP Query User{58FD11C6-2A37-4D57-87A6-BDCBF04C94FB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{529B52EC-1C0F-4449-8B2A-30B76E57F48A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{259FBEE8-38E4-4B2D-880C-7DDA44A60B3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6ADB7F32-8035-4E9D-8F13-8A0D35A450E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79A9EB39-E084-4A2E-81D1-1519ED7022E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3895048-7F66-4ED2-B368-03D40A184BA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C72581D8-45A9-454D-A58B-F8E44843E8E1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AEF1CD72-353D-4232-9533-7C169C1658D8}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{DCAD6A22-D1D5-4C9A-882C-0EC3F69CA2ED}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{A641E685-FBDA-4457-B76A-F693DDFB306A}] => (Allow) LPort=1542
FirewallRules: [{F053692C-CE7B-4213-9DA2-5B5AE9FCBFC6}] => (Allow) LPort=1542
FirewallRules: [{61C25B7E-A460-403B-AE0C-36F3976788A5}] => (Allow) LPort=53
FirewallRules: [{5DC8B8B7-D95F-4370-AB76-84457A612EE0}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{9B633C90-3460-47A4-875D-80B09EA0E462}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{2CA0D1DA-1161-45DF-AAA6-34B705B2D7BF}] => (Allow) LPort=67
FirewallRules: [{F7ABF902-A19E-4514-A9E1-AC3EEFECC7B3}] => (Allow) LPort=68
FirewallRules: [{8780A08B-79DF-49D6-92CC-08ACF7E935BF}] => (Allow) LPort=53
FirewallRules: [{50E4E72F-6D4C-454E-B7C9-2516355F068C}] => (Allow) LPort=53
==================== Restore Points =========================
19-01-2017 16:54:21 Scheduled Checkpoint
27-01-2017 15:57:30 Scheduled Checkpoint
04-02-2017 14:06:54 Scheduled Checkpoint
16-02-2017 21:23:51 Scheduled Checkpoint
23-02-2017 20:46:20 Windows Update
03-03-2017 14:09:01 Scheduled Checkpoint
07-03-2017 23:37:52 Installed REALTEK 11n USB Wireless LAN Driver and Utility
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2017 01:04:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/07/2017 11:42:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/07/2017 11:37:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/07/2017 11:32:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/07/2017 05:53:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/07/2017 05:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McApExe.exe, version: 6.0.3031.0, time stamp: 0x58861172
Faulting module name: McVsoShl.dll, version: 19.0.3060.0, time stamp: 0x585329df
Exception code: 0xc0000005
Fault offset: 0x000000000007eb40
Faulting process id: 0xdf8
Faulting application start time: 0x01d2976af82e85ea
Faulting application path: C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
Faulting module path: C:\Program Files\McAfee\VirusScan\McVsoShl.dll
Report Id: 37023b6d-035e-11e7-af16-a41f72783b6a
Error: (03/07/2017 05:39:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/07/2017 04:51:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McApExe.exe, version: 6.0.3030.0, time stamp: 0x587fe339
Faulting module name: McVsoShl.dll, version: 19.0.3060.0, time stamp: 0x585329df
Exception code: 0xc0000005
Fault offset: 0x000000000007eb40
Faulting process id: 0xcac
Faulting application start time: 0x01d29762fefba5fc
Faulting application path: C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
Faulting module path: C:\Program Files\McAfee\VirusScan\McVsoShl.dll
Report Id: 3eb640f9-0356-11e7-b7bd-a41f72783b6a
Error: (03/07/2017 04:42:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McApExe.exe, version: 6.0.3030.0, time stamp: 0x587fe339
Faulting module name: McVsoShl.dll, version: 19.0.3060.0, time stamp: 0x585329df
Exception code: 0xc0000005
Fault offset: 0x000000000007eb40
Faulting process id: 0x59c
Faulting application start time: 0x01d29761d8695c14
Faulting application path: C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe
Faulting module path: C:\Program Files\McAfee\VirusScan\McVsoShl.dll
Report Id: 16c60cc8-0355-11e7-b7bd-a41f72783b6a
Error: (03/07/2017 04:41:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (03/08/2017 01:02:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (03/07/2017 11:40:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (03/07/2017 11:39:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The RealtekDU service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (03/07/2017 11:39:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (03/07/2017 11:39:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (03/07/2017 05:49:06 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee AP Service service, but this action failed with the following error:
An instance of the service is already running.
Error: (03/07/2017 05:48:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/07/2017 05:48:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (03/07/2017 05:48:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/07/2017 05:48:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
CodeIntegrity:
===================================
Date: 2014-10-15 11:03:39.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-15 11:03:39.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-15 11:03:39.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-15 11:03:39.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-15 11:03:39.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-15 11:03:39.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-14 15:14:28.469
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-14 15:14:28.469
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-14 15:14:28.469
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-14 15:14:28.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 45%
Total physical RAM: 3967.55 MB
Available physical RAM: 2165.64 MB
Total Virtual: 7933.28 MB
Available Virtual: 5397.99 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:456.5 GB) (Free:403.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 2566B9A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================