Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware disguised as Chromium? And networking is finicky.


  • Please log in to reply
10 replies to this topic

#1 Montana Mad Dog

Montana Mad Dog

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:57 AM

Posted 06 February 2017 - 06:26 PM

Hello, I've tried everything I can to get this computer to behave, but it keeps reverting back to some weird behavior...so, I'm asking for help.

 

Wifi works when I use a wifi hotspot generated by my phone.  Wired and wireless connections won't work from my router.

 

Chromium is installed, but not available for install.  A number of other strange programs won't go away when I uninstall or delete or clean up with MBAM.

 

Thanks for any help you can provide.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Lorraine (administrator) on LORRAINE-HP (06-02-2017 14:45:25)
Running from C:\Users\Lorraine\Downloads\PFT
Loaded Profiles: Lorraine (Available Profiles: Lorraine & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-06-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2017-02-05]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\hp\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{2edcbc42-30c5-4c8b-b113-dc22f192d0b8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{3601e0e6-8a8d-4ad3-867b-d52981a9de25}: [NameServer] ,184.173.169.186
Tcpip\..\Interfaces\{3601e0e6-8a8d-4ad3-867b-d52981a9de25}: [DhcpNameServer] 216.129.224.49 216.220.30.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {DD5C7E5F-4754-4060-B7BA-4C75E4F5CBCF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {DD5C7E5F-4754-4060-B7BA-4C75E4F5CBCF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1607850237-3075646812-4220768189-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1607850237-3075646812-4220768189-1001 -> {DD5C7E5F-4754-4060-B7BA-4C75E4F5CBCF} URL = hxxp://www.bing.com/search?FORM=HPDTDF&PC=HPDTDF&q={searchTerms}&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-03] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-03] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: DAPIELoader Class -> {FF6C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\DAP\DAPIELoader64.dll => No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-03] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-03] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)

FireFox:
========
FF ProfilePath: C:\Users\Lorraine\AppData\Roaming\Mozilla\Firefox\Profiles\ytu0goac.default [2017-02-06]
FF NewTab: Mozilla\Firefox\Profiles\ytu0goac.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ytu0goac.default -> Yahoo! Powered
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ytu0goac.default -> Yahoo!
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ytu0goac.default -> Yahoo
FF SearchEngineOrder.2: Mozilla\Firefox\Profiles\ytu0goac.default ->
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ytu0goac.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\ytu0goac.default -> hxxps://www.google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\ytu0goac.default -> user_pref("keyword.URL", true);
FF Extension: (Ghostery) - C:\Users\Lorraine\AppData\Roaming\Mozilla\Firefox\Profiles\ytu0goac.default\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (Français Language Pack) - C:\Users\Lorraine\AppData\Roaming\Mozilla\Firefox\Profiles\ytu0goac.default\Extensions\langpack-fr@firefox.mozilla.org.xpi [2017-02-06]
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-09] [not signed]
FF HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2013-12-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1607850237-3075646812-4220768189-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll [No File]
FF Plugin HKU\S-1-5-21-1607850237-3075646812-4220768189-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010-07-17] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-11] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default [2017-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-05] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-06] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R2 RtNdPt60; C:\WINDOWS\system32\DRIVERS\RtNdPt60.sys [26624 2010-01-19] (Windows ® Codename Longhorn DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 PcdrNdisuio; \SystemRoot\syswow64\drivers\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-06 14:43 - 2017-02-06 14:45 - 00000000 ____D C:\FRST
2017-02-06 14:42 - 2017-02-06 14:42 - 00000000 _____ C:\Users\Lorraine\defogger_reenable
2017-02-05 20:17 - 2017-02-05 19:55 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-05 20:13 - 2017-02-05 20:13 - 00000000 ____D C:\Windows.old
2017-02-05 20:12 - 2017-02-05 20:12 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-02-05 20:12 - 2017-02-05 19:19 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-02-05 20:10 - 2017-02-05 20:10 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-02-05 20:10 - 2017-02-05 20:10 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-02-05 20:10 - 2017-02-05 20:10 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-02-05 20:10 - 2017-02-05 20:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-05 20:10 - 2017-02-05 20:10 - 00000000 ____D C:\Program Files\MSBuild
2017-02-05 20:10 - 2017-02-05 20:10 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-05 20:10 - 2017-02-05 20:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-05 20:10 - 2017-02-05 20:10 - 00000000 ____D C:\inetpub
2017-02-05 20:09 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-02-05 20:09 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-05 20:09 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-02-05 20:09 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-02-05 20:09 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-05 20:09 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-02-05 19:58 - 2017-02-05 19:58 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-02-05 19:55 - 2017-02-05 19:55 - 00000020 ___SH C:\Users\Lorraine\ntuser.ini
2017-02-05 19:55 - 2017-02-05 19:55 - 00000000 _SHDL C:\Users\Default\My Documents
2017-02-05 19:55 - 2017-02-05 19:55 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-02-05 19:55 - 2017-02-05 19:55 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-02-05 19:55 - 2017-02-05 19:55 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-02-05 19:55 - 2017-02-05 19:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-02-05 19:55 - 2017-02-05 19:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-02-05 19:55 - 2017-02-05 19:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-02-05 19:54 - 2017-02-05 19:54 - 00000000 ____D C:\ProgramData\USOShared
2017-02-05 19:52 - 2017-02-05 19:54 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-02-05 19:52 - 2017-02-05 19:54 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-02-05 19:49 - 2017-02-05 19:49 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-02-05 19:49 - 2017-02-05 19:49 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-05 19:49 - 2017-02-05 19:49 - 00003308 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6CE2088-C0B6-419F-B774-356FE2D677AD}
2017-02-05 19:49 - 2017-02-05 19:49 - 00003210 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-05 19:49 - 2017-02-05 19:49 - 00003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf26daccdbee82
2017-02-05 19:49 - 2017-02-05 19:49 - 00003088 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-05 19:49 - 2017-02-05 19:49 - 00003042 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - f0fe367ca0b54e888e0fdd6d61d84c794a2ad26d86ae4637bfd21d2d1ccbc731
2017-02-05 19:49 - 2017-02-05 19:49 - 00003042 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 7de79da8842f4c56a04819913704caee04c0a54b29914291a9a7af34e05c6736
2017-02-05 19:49 - 2017-02-05 19:49 - 00002994 _____ C:\WINDOWS\System32\Tasks\RecoveryCDWin7
2017-02-05 19:49 - 2017-02-05 19:49 - 00002942 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - c1cb8c2eab3e4bb89050a674f14a407b590dfe7c4bc64917a15bfac98f12a807
2017-02-05 19:49 - 2017-02-05 19:49 - 00002942 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - b418876bf80b49ffa96eecbb67ddf88aae4e87bd35bf4fc58c4856d95eec490a
2017-02-05 19:49 - 2017-02-05 19:49 - 00002942 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 72859656dbfe44e18d101d0b20ca6d240a4c51a31fa346e2a1dbc6ec7739a2f2
2017-02-05 19:49 - 2017-02-05 19:49 - 00002830 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2017-02-05 19:49 - 2017-02-05 19:49 - 00002812 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLorraine
2017-02-05 19:49 - 2017-02-05 19:49 - 00002772 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-05 19:49 - 2017-02-05 19:49 - 00002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-02-05 19:49 - 2017-02-05 19:49 - 00002694 _____ C:\WINDOWS\System32\Tasks\ServicePlan
2017-02-05 19:49 - 2017-02-05 19:49 - 00002580 _____ C:\WINDOWS\System32\Tasks\CLMLSvc
2017-02-05 19:49 - 2017-02-05 19:49 - 00002562 _____ C:\WINDOWS\System32\Tasks\{817570CD-EC4C-4486-813E-A9675A3254B9}
2017-02-05 19:49 - 2017-02-05 19:49 - 00002540 _____ C:\WINDOWS\System32\Tasks\DVDAgent
2017-02-05 19:49 - 2017-02-05 19:49 - 00002296 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_IType_exe
2017-02-05 19:49 - 2017-02-05 19:49 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-05 19:49 - 2017-02-05 19:49 - 00002182 _____ C:\WINDOWS\System32\Tasks\{BA12B2B0-E0F1-43EA-AE6C-F69E7F8D1B17}
2017-02-05 19:49 - 2017-02-05 19:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-05 19:49 - 2017-02-05 19:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-02-05 19:49 - 2017-02-05 19:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-02-05 19:38 - 2017-02-05 19:38 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-05 19:38 - 2017-02-05 19:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2017-02-05 19:38 - 2017-02-05 19:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-02-05 19:38 - 2017-02-05 19:38 - 00000000 ____D C:\Users\Default\AppData\Local\HuluDesktop
2017-02-05 19:38 - 2017-02-05 19:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2017-02-05 19:38 - 2017-02-05 19:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-02-05 19:38 - 2017-02-05 19:38 - 00000000 ____D C:\Users\Default User\AppData\Local\HuluDesktop
2017-02-05 19:30 - 2017-02-05 19:30 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-02-05 19:29 - 2017-02-05 19:41 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-02-05 19:26 - 2017-02-06 14:42 - 00000000 ____D C:\Users\Lorraine
2017-02-05 19:26 - 2017-02-05 19:45 - 00000000 ____D C:\Users\DefaultAppPool
2017-02-05 19:26 - 2017-02-05 19:26 - 00000000 _SHDL C:\Users\Lorraine\My Documents
2017-02-05 19:26 - 2017-02-05 19:26 - 00000000 _SHDL C:\Users\Lorraine\Documents\My Videos
2017-02-05 19:26 - 2017-02-05 19:26 - 00000000 _SHDL C:\Users\Lorraine\Documents\My Pictures
2017-02-05 19:26 - 2017-02-05 19:26 - 00000000 _SHDL C:\Users\Lorraine\Documents\My Music
2017-02-05 19:26 - 2017-02-05 19:26 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-02-05 19:26 - 2017-02-05 19:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2017-02-05 19:26 - 2017-02-05 19:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2017-02-05 19:26 - 2017-02-05 19:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2017-02-05 19:25 - 2017-02-05 19:51 - 01030176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-05 19:25 - 2017-02-05 19:25 - 00968848 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-02-05 19:22 - 2016-07-16 04:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-02-05 19:21 - 2017-02-05 19:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-05 19:21 - 2017-02-05 19:21 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-05 19:21 - 2017-02-05 19:21 - 00000000 ____D C:\Program Files\Realtek
2017-02-05 19:21 - 2017-02-05 19:21 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2017-02-05 19:19 - 2017-02-06 14:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-05 19:19 - 2017-02-05 19:42 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-05 17:56 - 2017-02-05 18:36 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-05 17:46 - 2017-02-05 17:46 - 00000000 ___HD C:\$SysReset
2017-02-05 17:10 - 2017-02-05 17:11 - 00003466 _____ C:\Users\Lorraine\Desktop\Rkill.txt
2017-02-05 17:07 - 2017-02-05 17:18 - 00000834 _____ C:\Users\Lorraine\Desktop\JRT.txt
2017-02-03 13:33 - 2017-02-06 11:50 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-03 13:33 - 2017-02-05 19:43 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-03 13:33 - 2017-02-03 13:33 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-03 13:32 - 2017-02-05 19:43 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-03 13:32 - 2017-02-05 19:43 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-03 13:32 - 2017-02-05 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-03 13:32 - 2017-02-05 19:33 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-02-03 13:32 - 2017-02-03 13:32 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-03 13:32 - 2017-02-03 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-03 13:32 - 2017-02-03 13:32 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-03 13:32 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-03 13:31 - 2017-02-03 13:31 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-03 13:31 - 2017-02-03 13:31 - 00000000 ____D C:\Program Files\Java
2017-02-03 13:30 - 2017-02-06 14:45 - 00000000 ____D C:\Users\Lorraine\Downloads\PFT
2017-02-03 13:30 - 2017-02-05 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-03 13:30 - 2017-02-03 13:30 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-03 13:30 - 2017-02-03 13:30 - 00000000 ____D C:\Users\Lorraine\AppData\Roaming\Sun
2017-02-03 13:30 - 2017-02-03 13:30 - 00000000 ____D C:\ProgramData\Oracle
2017-02-03 13:30 - 2017-02-03 13:30 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-03 13:28 - 2017-02-03 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-03 07:12 - 2017-02-05 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-03 07:11 - 2017-02-03 07:12 - 00000000 ____D C:\Program Files\CCleaner
2017-02-03 06:49 - 2017-02-03 06:52 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2017-01-20 19:25 - 2017-01-20 19:25 - 01065376 _____ (Google Inc.) C:\Users\Lorraine\Downloads\Unconfirmed 680828.crdownload
2017-01-20 17:57 - 2017-01-20 17:57 - 01065376 _____ (Google Inc.) C:\Users\Lorraine\Downloads\Unconfirmed 534137.crdownload
2017-01-18 10:15 - 2017-02-05 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-16 09:08 - 2017-01-16 09:08 - 01065376 _____ (Google Inc.) C:\Users\Lorraine\Downloads\Unconfirmed 383485.crdownload
2017-01-11 15:12 - 2017-01-18 10:15 - 00001965 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2017-01-08 13:00 - 2017-01-08 13:00 - 00012288 _____ C:\Users\Lorraine\Documents\Blood Pressure Log.wps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-06 14:39 - 2016-11-23 10:11 - 00000000 ____D C:\Users\Lorraine\AppData\LocalLow\Mozilla
2017-02-06 10:01 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-06 09:29 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\appcompat
2017-02-05 20:28 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-05 20:27 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-05 20:20 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-05 20:17 - 2016-07-16 04:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-02-05 20:14 - 2015-10-17 12:27 - 00000000 ____D C:\Users\Lorraine\AppData\Local\Packages
2017-02-05 20:10 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-02-05 20:10 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-02-05 20:10 - 2016-07-16 04:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-02-05 20:10 - 2016-07-16 04:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-02-05 20:10 - 2016-07-16 04:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-02-05 20:10 - 2016-07-16 04:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-02-05 20:10 - 2016-07-16 04:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-02-05 20:10 - 2016-07-16 04:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-02-05 20:10 - 2016-07-16 04:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-02-05 20:10 - 2016-07-16 04:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-02-05 20:10 - 2016-07-16 04:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-02-05 20:10 - 2016-07-16 04:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-02-05 20:10 - 2016-07-16 04:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-02-05 20:10 - 2016-07-16 04:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-02-05 20:10 - 2016-07-16 04:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-02-05 20:10 - 2016-07-16 04:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-02-05 20:10 - 2016-07-16 04:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-02-05 20:10 - 2016-07-16 04:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-02-05 20:10 - 2016-07-16 04:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-02-05 20:10 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-05 19:59 - 2015-10-17 12:32 - 00002421 _____ C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-05 19:59 - 2015-10-17 12:32 - 00000000 ___RD C:\Users\Lorraine\OneDrive
2017-02-05 19:55 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-05 19:55 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-05 19:55 - 2015-09-09 22:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-05 19:54 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\USOPrivate
2017-02-05 19:54 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-05 19:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-02-05 19:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-02-05 19:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Registration
2017-02-05 19:49 - 2015-10-17 12:15 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-02-05 19:48 - 2016-07-16 04:47 - 00000000 __RSD C:\WINDOWS\Media
2017-02-05 19:48 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-05 19:41 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-05 19:41 - 2016-07-15 23:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-05 19:41 - 2016-06-23 18:06 - 00000000 ____D C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySoftware
2017-02-05 19:41 - 2016-01-12 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logo Designer
2017-02-05 19:41 - 2015-10-27 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-02-05 19:41 - 2014-05-26 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-05 19:41 - 2013-12-24 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-02-05 19:41 - 2013-12-01 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-05 19:41 - 2013-11-04 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player
2017-02-05 19:41 - 2013-09-09 11:18 - 00000000 ____D C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sabre Red Workspace
2017-02-05 19:41 - 2010-10-26 08:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-02-05 19:41 - 2010-10-26 08:46 - 00000000 ____D C:\WINDOWS\en
2017-02-05 19:41 - 2010-09-14 09:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
2017-02-05 19:41 - 2010-08-29 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2017-02-05 19:41 - 2010-07-23 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2017-02-05 19:41 - 2010-07-23 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2017-02-05 19:41 - 2010-07-23 15:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2017-02-05 19:41 - 2010-07-23 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-02-05 19:41 - 2010-07-23 15:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2017-02-05 19:41 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-05 19:38 - 2016-07-15 23:04 - 00000000 ____D C:\Users\Default.migrated
2017-02-05 19:33 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-02-05 19:33 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-02-05 19:33 - 2016-07-16 07:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-02-05 19:33 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-02-05 19:33 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-02-05 19:33 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-02-05 19:33 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-05 19:33 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-05 19:33 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-02-05 19:33 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\spool
2017-02-05 19:33 - 2014-06-09 08:43 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2017-02-05 19:33 - 2011-09-22 20:29 - 00000000 ____D C:\WINDOWS\system32\SPReview
2017-02-05 19:32 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-02-05 19:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-05 19:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-02-05 19:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-05 19:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\IME
2017-02-05 19:32 - 2011-09-22 20:28 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2017-02-05 19:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\schemas
2017-02-05 19:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Resources
2017-02-05 19:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\InputMethod
2017-02-05 19:30 - 2016-07-16 04:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-02-05 19:30 - 2016-07-16 04:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-02-05 19:30 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Help
2017-02-05 19:30 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-05 19:30 - 2010-07-23 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
2017-02-05 19:30 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-02-05 19:29 - 2009-07-13 20:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-05 19:25 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-05 19:22 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-02-05 19:22 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-02-05 19:22 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-03 14:11 - 2012-05-03 09:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-03 13:53 - 2016-05-16 07:49 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLorraine.job
2017-02-03 07:42 - 2010-07-23 15:02 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-02-03 07:35 - 2010-07-23 15:20 - 00000000 ____D C:\ProgramData\WildTangent
2017-02-03 07:35 - 2010-07-23 15:20 - 00000000 ____D C:\Program Files (x86)\HP Games
2017-02-03 07:31 - 2010-07-23 15:10 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-02-03 07:31 - 2010-07-23 15:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-03 07:29 - 2010-07-23 15:07 - 00000000 ____D C:\Program Files (x86)\Hp
2017-02-03 06:52 - 2010-10-10 20:27 - 00000000 ____D C:\Users\Lorraine\AppData\Roaming\Yahoo!
2017-02-03 06:48 - 2012-08-05 15:37 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 06:48 - 2011-05-05 18:50 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-03 06:48 - 2010-08-29 13:37 - 00001945 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-26 23:36 - 2013-09-11 10:13 - 00000000 ____D C:\Users\Lorraine\AppData\Roaming\vlc
2017-01-25 10:57 - 2010-09-01 19:48 - 00000000 ____D C:\Users\Lorraine\AppData\Local\ElevatedDiagnostics
2017-01-20 21:35 - 2015-11-02 10:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 14:31 - 2016-10-09 13:53 - 00000000 ____D C:\ProgramData\NCH Software
2017-01-20 14:31 - 2016-10-09 13:53 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-01-20 14:27 - 2015-11-16 19:27 - 00000000 ____D C:\Users\Lorraine\AppData\Roaming\NCH Software
2017-01-18 22:39 - 2010-08-29 21:08 - 00033072 _____ C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
2017-01-18 10:16 - 2015-10-13 19:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-18 10:15 - 2015-10-13 19:29 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-17 21:21 - 2014-05-11 10:52 - 00000000 ____D C:\Users\Lorraine\Documents\PDF file
2017-01-13 10:15 - 2012-04-05 20:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-10 14:25 - 2013-08-13 18:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 14:20 - 2010-09-08 20:32 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 12:56 - 2015-02-24 17:22 - 00038912 _____ C:\Users\Lorraine\Documents\Mirrors.wps

==================== Files in the root of some directories =======

2015-10-18 15:41 - 2015-10-18 15:41 - 0000000 _____ () C:\Program Files\Microsoft Security Client
2010-08-29 21:08 - 2017-01-18 22:39 - 0033072 _____ () C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
2014-07-11 15:54 - 2014-07-11 15:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-09-23 11:37 - 2017-02-03 07:29 - 0025465 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-05 19:18

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 07 February 2017 - 09:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: DAPIELoader Class -> {FF6C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\DAP\DAPIELoader64.dll => No File
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2013-12-05]
FF Plugin HKU\S-1-5-21-1607850237-3075646812-4220768189-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll [No File]
FF Plugin HKU\S-1-5-21-1607850237-3075646812-4220768189-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-21]
U3 idsvc; no ImagePath
S3 PcdrNdisuio; \SystemRoot\syswow64\drivers\pcdrndisuio.sys [X]
Task: {0DE26289-8B45-4647-BF5D-5BF71122CEBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {19EE350D-E75A-4215-ADD7-33192E9CECFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {29EA7376-19F3-405F-A41F-79C855726F80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {340E7C13-C6E1-4572-8C00-771EC9227509} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {410EAE33-DE20-4F55-80D5-E3DD47C4F8E1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51A57F46-D663-47DC-970D-ECDE029B9085} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5A83B3DF-BBA1-4BCD-B4C2-5862C14E2EDF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {767BD6F0-68DA-4307-8F00-5A6DBA9F6C0D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {86DFB86D-26A9-4AEF-9320-3CB3C5FD6148} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D9A25D12-226E-4055-B843-C9660883A7D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F40D8E39-13D0-4F84-988C-E97CC0081CD8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:2B11E0DF [112]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [126]
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\Software\Classes\.bat:  =>  <===== ATTENTION
FirewallRules: [{5164BE2D-6755-4B60-BC6E-095AAB816E5B}] => C:\ProgramData\eSafe\eGdpSvc.exe
C:\ProgramData\eSafe

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please let me know what problem persists with this computer.

p.s.
Please post a Malwarebyte log so I can see when cannot be removed.

#3 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:57 AM

Posted 07 February 2017 - 12:17 PM

Good to see you again nasdaq...will get to work on this right away.  Thanks!

 



#4 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:57 AM

Posted 07 February 2017 - 12:33 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Lorraine (07-02-2017 10:22:52) Run:1
Running from C:\Users\Lorraine\Downloads\PFT
Loaded Profiles: Lorraine (Available Profiles: Lorraine & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: DAPIELoader Class -> {FF6C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\DAP\DAPIELoader64.dll => No File
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2013-12-05]
FF Plugin HKU\S-1-5-21-1607850237-3075646812-4220768189-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll [No File]
FF Plugin HKU\S-1-5-21-1607850237-3075646812-4220768189-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-21]
U3 idsvc; no ImagePath
S3 PcdrNdisuio; \SystemRoot\syswow64\drivers\pcdrndisuio.sys [X]
Task: {0DE26289-8B45-4647-BF5D-5BF71122CEBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {19EE350D-E75A-4215-ADD7-33192E9CECFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {29EA7376-19F3-405F-A41F-79C855726F80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {340E7C13-C6E1-4572-8C00-771EC9227509} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {410EAE33-DE20-4F55-80D5-E3DD47C4F8E1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51A57F46-D663-47DC-970D-ECDE029B9085} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5A83B3DF-BBA1-4BCD-B4C2-5862C14E2EDF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {767BD6F0-68DA-4307-8F00-5A6DBA9F6C0D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {86DFB86D-26A9-4AEF-9320-3CB3C5FD6148} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D9A25D12-226E-4055-B843-C9660883A7D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F40D8E39-13D0-4F84-988C-E97CC0081CD8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:2B11E0DF [112]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [126]
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\Software\Classes\.bat:  =>  <===== ATTENTION
FirewallRules: [{5164BE2D-6755-4B60-BC6E-095AAB816E5B}] => C:\ProgramData\eSafe\eGdpSvc.exe
C:\ProgramData\eSafe

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000} => key removed successfully
HKCR\CLSID\{FF6C3CF0-4B15-11D1-ABED-709549C10000} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@flash-Enhancer.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml => moved successfully
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\Software\MozillaPlugins\@hulu.com/Hulu Desktop => key removed successfully
C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll => not found.
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1 => key removed successfully
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll => not found.
C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\PcdrNdisuio => key removed successfully
PcdrNdisuio => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DE26289-8B45-4647-BF5D-5BF71122CEBE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DE26289-8B45-4647-BF5D-5BF71122CEBE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19EE350D-E75A-4215-ADD7-33192E9CECFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19EE350D-E75A-4215-ADD7-33192E9CECFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29EA7376-19F3-405F-A41F-79C855726F80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29EA7376-19F3-405F-A41F-79C855726F80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{340E7C13-C6E1-4572-8C00-771EC9227509} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{340E7C13-C6E1-4572-8C00-771EC9227509} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{410EAE33-DE20-4F55-80D5-E3DD47C4F8E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{410EAE33-DE20-4F55-80D5-E3DD47C4F8E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51A57F46-D663-47DC-970D-ECDE029B9085} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51A57F46-D663-47DC-970D-ECDE029B9085} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A83B3DF-BBA1-4BCD-B4C2-5862C14E2EDF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A83B3DF-BBA1-4BCD-B4C2-5862C14E2EDF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{767BD6F0-68DA-4307-8F00-5A6DBA9F6C0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{767BD6F0-68DA-4307-8F00-5A6DBA9F6C0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86DFB86D-26A9-4AEF-9320-3CB3C5FD6148} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86DFB86D-26A9-4AEF-9320-3CB3C5FD6148} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9A25D12-226E-4055-B843-C9660883A7D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9A25D12-226E-4055-B843-C9660883A7D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F40D8E39-13D0-4F84-988C-E97CC0081CD8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F40D8E39-13D0-4F84-988C-E97CC0081CD8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
C:\ProgramData\Temp => ":2B11E0DF" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\Software\Classes\.exe => key removed successfully
HKU\S-1-5-21-1607850237-3075646812-4220768189-1001\Software\Classes\.bat => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5164BE2D-6755-4B60-BC6E-095AAB816E5B} => value removed successfully
"C:\ProgramData\eSafe" => not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1d7e:38ba:78b8:66db%5
   Default Gateway . . . . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:2854:193c:24ce:bbde:594e:851c
   Link-local IPv6 Address . . . . . : fe80::24ce:bbde:594e:851c%2
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1d7e:38ba:78b8:66db%5
   IPv4 Address. . . . . . . . . . . : 172.20.10.7
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . : 172.20.10.1

Tunnel adapter isatap.{2EDCBC42-30C5-4C8B-B113-DC22F192D0B8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:2854:193c:24ce:bbde:594e:851c
   Link-local IPv6 Address . . . . . : fe80::24ce:bbde:594e:851c%2
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting , failed.
Access is denied.

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {1BC2A42D-9F74-4664-A107-318958C3279A}.
{AF0EA77D-BCE5-4EFC-ACD9-993EFF6FE65E} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28253461 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 17620666 B
Edge => 3353181 B
Chrome => 148480 B
Firefox => 75499803 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 22822 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 72636 B
NetworkService => -652 B
Lorraine => 12063014 B
DefaultAppPool => 22822 B

RecycleBin => 251664063 B
EmptyTemp: => 370.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:25:31 ====



#5 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:57 AM

Posted 07 February 2017 - 01:42 PM

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Lorraine [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/07/2017 10:40:43 (Duration : 00:51:36)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} (C:\Program Files (x86)\DAP\dapie64.dll) -> Found
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{79D343F3-E4CE-40DF-8FD8-7D9349A1FAB1} (C:\Program Files (x86)\DAP\dexthlp64.dll) -> Found
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E} (C:\Program Files (x86)\DAP\dapie64.dll) -> Found
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{FF6C3CF0-4B15-11D1-ABED-709549C10000} (C:\Program Files (x86)\DAP\DAPIELoader64.dll) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.20.10.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2edcbc42-30c5-4c8b-b113-dc22f192d0b8} | DhcpNameServer : 172.20.10.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3601e0e6-8a8d-4ad3-867b-d52981a9de25} | NameServer : ,184.173.169.186 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3601e0e6-8a8d-4ad3-867b-d52981a9de25} | DhcpNameServer : 216.129.224.49 216.220.30.1 ([X][X])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721075CLA332 SCSI Disk Device +++++
--- User ---
[MBR] 4a813a0fad6a2db4cd09884e7991fa58
[BSP] b21ed9877bdf8dc79a7597d6d3eeaee9 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 702747 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1439432704 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1440354304 | Size: 11956 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 



#6 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:57 AM

Posted 07 February 2017 - 01:46 PM

FYI:  I deleted all threats found by RogueKiller.  None were marked in red.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 07 February 2017 - 02:30 PM

How is the computer running now?

#8 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:57 AM

Posted 07 February 2017 - 02:54 PM

Problems:

- Only network shown by computer as available is phone's hotspot...wifi is available (other devices connecting to it) but not an option for connection.

-Wired connection does not work either.  (Device Manager shows no faults).

- Chromium cannot be uninstalled.  (Not listed in Programs and Features list, but right-click on icon in Start menu and choosing "Uninstall" does nothing.)

-"wangjihua" user...unknown and suspected nefarious.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 08 February 2017 - 10:17 AM

I have to refer you to the experts in the Networking forum. This is not my forte.

https://www.bleepingcomputer.com/forums/f/21/networking/

I suggest you start a new topic in the forum.

Before you do download and run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (MTB.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Post the log in your new topic.
Explain the problem with the Wifi connection.
Give the Router model is case they need it.
===

I will keep this topic open for 6 days.

Edited by nasdaq, 08 February 2017 - 01:35 PM.


#10 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:10:57 AM

Posted 08 February 2017 - 12:22 PM

Thanks for the help nasdaq.

 

I suspect you meant to include a link with your statement:  "Before you do download and run this tool."

 

No link included. I suspect you mean Mini Tool Box.

 

Will post in Networking forum.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 08 February 2017 - 01:36 PM

My bad. I have edited my previous reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users