scw4

Hi Ron, Sorry for the delay. I ran the full disk check first then tried running FRST64 but it froze about midway through. I tried three times but it would still hang then the machine would be unresponsive. A log was still produced; I've attached two here. Scott Fixlog.txt Fixlog_test.txt

Thanks Ron! I'll get this started now. Scott

Yes it is. Scott

Hi Ron, Thank you for the response! Attached are the three files, please let me know if any additional information is needed. Thanks again! Scott CheckResults.txt FRST.txt Addition.txt

Hi All, I'm running across an interesting set of registry keys (IEAddOn.DLL) being flagged while conducting a full system scan on a coworker's machine. Here is some information after further investigation (FYI - all machines in question are Windows 10 OS): The same keys (IEAddOn.DLL) are found on multiple machines while other machines are coming back completely clean. Some of the machines with these "infections" are freshly imaged. The keys do not delete on reboot after running a full scan. In testing, I ran a full scan while in Safe Mode without networking and the keys still did not delete. I'm not able to find any information via Google for these particular keys, hence why I'm posting here. My thoughts are that they're potentially false positives since 1. They're showing on a freshly imaged machine, 2. There is no pattern (I've got two recently imaged machines sitting next to each other with the same software - one has the "infections", one does not). Has anyone come across this before? Any information would be greatly appreciated! Thank you! -Scott Malwarebytes Anti-Malware (Corporate) 1.80.2.1012 www.malwarebytes.org Database version: main: v2016.12.05.06 rootkit: v0000.00.00.00 Windows 10 x64 NTFS Internet Explorer 11.633.10586.0 Protection: Enabled 12/9/2016 12:15:03 PM mbam-log-2016-12-09 (12-15-03).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Objects scanned: 344670 Time elapsed: 25 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKLM\SOFTWARE\CLASSES\APPID\IEAddOn.DLL (Rogue.UnVirex) -> Delete on reboot. [9d1d3fa40c8ee74fd9817d57a65c718f] HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\IEAddOn.DLL (Rogue.UnVirex) -> Delete on reboot. [dbdfc41f5c3e1224e8726b699270a060] HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\IEAddOn.DLL (Rogue.UnVirex) -> Delete on reboot. [427808db237760d686d423b1c141c040] Folders Detected: 0 (No malicious items detected) 12_9_MBAM.txt