Here is what appears to be the offending record from McAfee HIPS (Host Intrusion Prevention System) logs... (obfuscated of course)
Its still not fixed as of the date below ...
| Time: | 5/11/2017 7:46:36 PM |
| Event: | Intrusion |
| IP Address/User: | MYDOMAIN\myusername |
| Description: | COM Surrogate (dllhost.exe) |
| Path: | C:\WINDOWS\SYSWOW64\DLLHOST.EXE |
| Message: | Attack type: VMWare Workstation Shielding - File Modification (Sig Id = 3872) |