Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:/Windows/system32/config/systemprofile/Desktop refers to a location that is...


  • This topic is locked This topic is locked
3 replies to this topic

#1 Capstone Support

Capstone Support

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 09 February 2017 - 07:01 PM

Suspect malware -network recently experienced Crypto variant under previous IT vendor
 
Login report:  C:/Windows/system32/config/systemprofile/Desktop refers to a location that is unvailable
 
See attached

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by capstone.service (administrator) on LTLDESK-HP (09-02-2017 17:52:16)
Running from C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87
Loaded Profiles: False (Available Profiles: mst & blasher & FSAdmin906052671) <==== ATTENTION (Temporary Profile?)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LabTech Software) C:\Windows\LTSvc\LTSVC.exe
() C:\Program Files (x86)\ScreenConnect Client (eeb341c1af818d51)\ScreenConnect.ClientService.exe
(LabTech) C:\Windows\LTSvc\labvnc.exe
(ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (eeb341c1af818d51)\ScreenConnect.WindowsClient.exe
(LabTech) C:\Windows\LTSvc\labvnc.exe
(ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (eeb341c1af818d51)\ScreenConnect.WindowsClient.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\EmsisoftEmergencyKit.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-18\...\Policies\system: [SoftwareSASGeneration] 3
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.11
Tcpip\..\Interfaces\{439A8FC5-B22B-498B-AD22-9E035AD27A1E}: [DhcpNameServer] 192.168.0.11

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {F070DC8F-ABAE-40C9-89A9-2D338F99578A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-05] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM-x32 {71D73A47-975F-11D1-AA77-00A0C98D86D4} hxxp://192.168.0.5/shorewaredirector/VoiceMessage.ocx
DPF: HKLM-x32 {FA6424B7-D971-11D1-9697-00A0C928D512} hxxp://192.168.0.5/shorewaredirector/TwentyFour7.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\TransCore\3sixty Freight Match Prerequisites\Skype4COM.dll [2010-07-22] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (No Name) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-09]
CHR Extension: (No Name) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
CHR Extension: (No Name) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-09]
CHR Extension: (No Name) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-09]
CHR Extension: (Adobe Acrobat) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-09]
CHR Extension: (No Name) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-09]
CHR Extension: (No Name) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-09]
CHR Extension: (No Name) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-09]
CHR Extension: (Chrome Media Router) - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-11] (Dropbox, Inc.)
S2 DbxSvc; C:\windows\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [51872 2016-05-24] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1648224 2016-05-24] (ESET)
S2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1708192 2016-07-01] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [193696 2016-05-24] (ESET)
R2 LTService; c:\windows\LTSvc\LTSVC.exe [2220472 2017-01-18] (LabTech Software)
S2 LTSvcMon; c:\windows\LTSvc\LTSvcMon.exe [276920 2017-01-18] (LabTech Software)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 ScreenConnect Client (eeb341c1af818d51); C:\Program Files (x86)\ScreenConnect Client (eeb341c1af818d51)\ScreenConnect.ClientService.exe [90768 2016-08-15] ()
S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2007-04-27] (SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2007-04-27] (SafeNet, Inc)
R2 tvnserver; c:\windows\LTSvc\labvnc.exe [1640736 2017-01-30] (LabTech)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 Ktvn_MNDSHF73467808252560; "C:\Program Files (x86)\Kaseya\MNDSHF73467808252560\DesktopAccess\Ktvnserver.exe" -portableservice -servername Ktvn_MNDSHF73467808252560 -inidirectory "C:\Program Files (x86)\Kaseya\MNDSHF73467808252560\DesktopAccess"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [264864 2016-05-23] (ESET)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-28] (Symantec Corporation)
S1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [196768 2016-05-23] (ESET)
S2 epfwwfpr; C:\windows\System32\DRIVERS\epfwwfpr.sys [180384 2016-05-23] (ESET)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-11-28] (Symantec Corporation)
S3 staccel; C:\windows\System32\DRIVERS\staccel.sys [35168 2012-12-13] (ShoreTel, Inc)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 KAPFA; \??\C:\windows\system32\drivers\KAPFA.SYS [X]
U4 warpview; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-09 17:52 - 2017-02-09 17:52 - 00000000 ____D C:\FRST
2017-02-09 17:52 - 2017-02-09 17:52 - 00000000 ____D C:\EEK
2017-02-09 17:18 - 2017-02-09 17:52 - 00000026 _____ C:\windows\Zone.Identifier
2017-02-09 17:18 - 2017-02-09 17:24 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-07 19:51 - 2017-02-07 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 13:57 - 2017-02-07 13:57 - 00000965 _____ C:\windows\SysWOW64\dropbox_errorig35hy.txt
2017-02-07 13:57 - 2017-02-07 13:57 - 00000000 ____D C:\Users\Default\AppData\Local\TouchSmartData
2017-02-07 13:57 - 2017-02-07 13:57 - 00000000 ____D C:\Users\Default User\AppData\Local\TouchSmartData
2017-02-06 22:38 - 2017-02-06 22:38 - 00046400 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2017-02-01 02:51 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2017-02-01 02:51 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2017-02-01 02:51 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2017-02-01 02:51 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2017-02-01 02:51 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-02-01 02:51 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2017-02-01 02:51 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2017-02-01 02:51 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2017-02-01 02:51 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2017-02-01 02:51 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2017-02-01 02:51 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2017-02-01 02:51 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2017-02-01 02:51 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2017-02-01 02:51 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2017-02-01 02:51 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2017-02-01 02:51 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2017-02-01 02:51 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2017-01-31 20:13 - 2017-01-31 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-01-31 20:12 - 2017-01-31 20:13 - 00000000 ____D C:\Program Files\ESET
2017-01-31 20:09 - 2017-01-31 20:13 - 00000000 ____D C:\ProgramData\ESET
2017-01-31 16:27 - 2017-01-31 16:27 - 00000000 __SHD C:\windows\system32\%APPDATA%
2017-01-31 16:26 - 2017-01-31 16:04 - 02057712 _____ C:\Agent_Installer.msi
2017-01-30 21:17 - 2017-02-01 13:08 - 00000000 ____D C:\ProgramData\ScreenConnect Client (eeb341c1af818d51)
2017-01-30 21:17 - 2017-01-30 21:17 - 00000000 ____D C:\ProgramData\LabTech
2017-01-30 21:17 - 2017-01-30 21:17 - 00000000 ____D C:\Program Files (x86)\ScreenConnect Client (eeb341c1af818d51)
2017-01-30 21:16 - 2017-02-09 17:30 - 00000000 ____D C:\windows\LTSvc
2017-01-18 00:14 - 2017-01-05 12:55 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-01-18 00:14 - 2017-01-05 12:55 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-01-18 00:14 - 2017-01-05 12:52 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-01-18 00:14 - 2017-01-05 12:52 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-01-18 00:14 - 2017-01-05 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-01-18 00:14 - 2017-01-05 11:32 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-01-18 00:14 - 2017-01-05 11:25 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-01-18 00:14 - 2017-01-05 11:24 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-01-18 00:14 - 2017-01-05 11:19 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-01-18 00:13 - 2017-01-05 12:52 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-01-18 00:13 - 2017-01-05 11:43 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-01-18 00:13 - 2017-01-05 11:43 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-01-18 00:13 - 2017-01-05 11:43 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-01-18 00:13 - 2017-01-05 11:43 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-01-18 00:13 - 2017-01-05 11:43 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-01-18 00:13 - 2017-01-05 11:43 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-01-18 00:13 - 2017-01-05 11:42 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-01-18 00:13 - 2017-01-05 11:24 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-01-18 00:13 - 2017-01-05 11:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-01-18 00:13 - 2017-01-05 11:23 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-01-14 23:07 - 2017-01-14 23:07 - 00005195 _____ C:\Users\Public\How To Recover Encrypted Files.hta
2017-01-14 23:07 - 2017-01-14 23:07 - 00005195 _____ C:\Users\mst\How To Recover Encrypted Files.hta
2017-01-14 23:07 - 2017-01-14 23:07 - 00005195 _____ C:\Users\mst\Downloads\How To Recover Encrypted Files.hta
2017-01-14 23:07 - 2017-01-14 23:07 - 00005195 _____ C:\Users\FSAdmin906052671\How To Recover Encrypted Files.hta
2017-01-14 23:07 - 2017-01-14 23:07 - 00005195 _____ C:\Users\Default\How To Recover Encrypted Files.hta
2017-01-14 23:07 - 2017-01-14 23:07 - 00005195 _____ C:\Users\blasher\How To Recover Encrypted Files.hta
2017-01-14 23:07 - 2017-01-14 23:07 - 00005195 _____ C:\Users\blasher\Downloads\How To Recover Encrypted Files.hta
2017-01-13 10:49 - 2017-01-13 10:49 - 00039936 _____ C:\Users\blasher\Downloads\uztDLD9IUhzS2ac8CVHCju1TQcYydC8ezXWSvLz6fEo.[mia.kokers@aol.com]
2017-01-13 10:48 - 2017-01-13 10:49 - 00039936 _____ C:\Users\blasher\Downloads\uztDLD9IUhzS2ac8CVHCjoenGfyPEt7oW1OHimz2rcI.[mia.kokers@aol.com]
2017-01-11 15:10 - 2017-01-11 15:10 - 00039936 _____ C:\Users\blasher\Downloads\uztDLD9IUhzS2ac8CVHCjpaGNh3Et+uqMVZON+kpRkY.[mia.kokers@aol.com]
2017-01-11 15:08 - 2017-01-11 15:08 - 00637369 _____ C:\Users\blasher\Downloads\yKQ-KI6kpUHTlOM3IeQ6YmsLm6PYHv-D05YNCP8D4jU.[mia.kokers@aol.com]
2017-01-11 14:57 - 2017-01-11 14:57 - 00000000 ____D C:\Users\blasher\AppData\Local\Citrix
2017-01-11 01:39 - 2017-01-11 01:39 - 19829336 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-09 17:36 - 2013-01-04 10:20 - 00000160 _____ C:\windows\system32\config\netlogon.ftl
2017-02-09 17:36 - 2013-01-04 10:20 - 00000160 _____ C:\windows\system32\config\netlogon.ftl
2017-02-09 17:34 - 2009-07-13 23:13 - 00795940 _____ C:\windows\system32\PerfStringBackup.INI
2017-02-09 17:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2017-02-09 17:10 - 2016-04-11 11:27 - 00000906 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-09 17:09 - 2016-09-20 09:08 - 00000542 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2850253318-1510232062-3005852788-3224.job
2017-02-09 16:50 - 2016-04-11 11:27 - 00000910 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-09 16:39 - 2013-01-04 10:04 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-02-09 16:33 - 2014-01-28 14:03 - 00000538 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2850253318-1510232062-3005852788-4200.job
2017-02-09 16:09 - 2016-09-20 09:08 - 00000638 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-2850253318-1510232062-3005852788-3224.job
2017-02-09 14:48 - 2016-07-05 06:13 - 00000340 _____ C:\windows\Tasks\HPCeeScheduleForblasher.job
2017-02-09 00:10 - 2009-07-13 22:45 - 00029760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-09 00:10 - 2009-07-13 22:45 - 00029760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-09 00:05 - 2012-06-13 17:46 - 00000000 ____D C:\ProgramData\PDFC
2017-02-09 00:04 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-02-08 04:28 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2017-02-08 03:02 - 2015-03-27 13:47 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-02-07 19:53 - 2013-01-04 10:22 - 00108120 __RSH C:\ProgramData\ntuser.pol
2017-02-07 19:51 - 2016-04-11 11:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 14:10 - 2016-02-11 07:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-06 16:47 - 2016-12-05 16:20 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-31 17:57 - 2013-09-11 08:20 - 00000000 ____D C:\Program Files (x86)\Kaseya
2017-01-30 21:16 - 2015-03-27 13:46 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-14 23:07 - 2016-12-19 07:25 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-14 20:49 - 2016-07-05 06:13 - 00003198 _____ C:\windows\System32\Tasks\HPCeeScheduleForblasher
2017-01-14 20:46 - 2016-12-10 20:16 - 00000000 ____D C:\Users\blasher\AppData\Roaming\HpUpdate
2017-01-14 20:46 - 2016-12-10 20:16 - 00000000 ____D C:\Users\blasher\AppData\Roaming\HP Support Assistant
2017-01-12 17:26 - 2014-12-23 07:57 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 11:41 - 2009-07-13 23:32 - 00000000 ____D C:\windows\system32\FxsTmp
2017-01-11 01:39 - 2013-01-04 10:04 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 01:39 - 2013-01-04 10:04 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 01:39 - 2012-06-13 17:43 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 01:39 - 2012-06-13 17:43 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-01-11 01:39 - 2012-06-13 17:43 - 00000000 ____D C:\windows\system32\Macromed

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-02 00:53

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by capstone.service (09-02-2017 17:56:00)
Running from C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87
Windows 7 Professional Service Pack 1 (X64) (2012-11-29 07:22:12)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2049318097-2929766913-1283350471-500 - Administrator - Disabled)
Guest (S-1-5-21-2049318097-2929766913-1283350471-501 - Limited - Disabled)
LTL Desk (S-1-5-21-2049318097-2929766913-1283350471-1000 - Administrator - Enabled)
mst (S-1-5-21-2049318097-2929766913-1283350471-1002 - Administrator - Enabled) => C:\Users\mst

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 6.4.2014.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.4.2014.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3sixty Freight Match Prerequisites (HKLM-x32\...\{3D38DA45-A4F2-42F1-9043-E8D606DEB38B}) (Version: 1.0.0 - TransCore)
64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ESET Endpoint Antivirus (HKLM\...\{A4B1B494-E6D4-4D4F-B87B-028A4B550079}) (Version: 6.4.2014.0 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{94FB5797-B020-44BC-BCAB-DBB35366B9B0}) (Version: 6.4.283.0 - ESET, spol. s r.o.)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
Kofax VirtualReScan 4.50 (HKLM-x32\...\{6A35E74B-68AD-4054-B93A-FEB7B687114C}) (Version: 4.50.032 - Kofax, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LabTech Agent Service (x32 Version: 5.0.70 - LabTech Software) Hidden
LabTech® Software Remote Agent (HKLM-x32\...\{58A3001D-B675-4D67-A5A1-0FA9F08CF7CA}) (Version: 11.0.349 - LabTech® Software, LLC)
LabTech® Software Remote Agent (x32 Version: 11.0.349 - LabTech® Software, LLC) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
ScreenConnect Client (eeb341c1af818d51) (HKLM-x32\...\{DFF3AE03-BB8E-422A-A9FA-A170A4039E3A}) (Version: 6.0.11299.6071 - ScreenConnect Software)
Sentinel Protection Installer 7.4.0 (HKLM-x32\...\{5A180ED5-0AC1-410A-B790-5E0319CD0A93}) (Version: 7.4.0 - SafeNet, Inc.)
ShoreTel Communicator (HKLM-x32\...\{2B45615A-215E-447C-ABCC-4E53E3DD694B}) (Version: 19.48.2600.0 - ShoreTel, Inc.)
Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11919E81-BAE6-4DA6-BF29-7A2E7C88670B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5D2AB6E9-481C-434E-9075-4297F6103FBB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-11] (Dropbox, Inc.)
Task: {6FADFCE5-773E-4791-A779-5E5907B596AE} - System32\Tasks\G2MUpdateTask-S-1-5-21-2850253318-1510232062-3005852788-3224 => C:\Program Files (x86)\Citrix\GoToMeeting\6140\g2mupdate.exe [2016-12-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {72811D57-F25F-4F5A-8017-6D5C1BAC1942} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {75D6E067-39CE-40F9-8B3C-E6B5E105BDC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {82E7FFA0-5EDB-481F-9A91-4BE35ABF1C5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {88C4FA86-881C-433B-8CF2-DFCB92AE8A61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {88F6F7BF-0653-4E1B-BBDF-331696DB2471} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {89AD808B-74A3-462F-8F7E-EEDE18458895} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-12] (HP Inc.)
Task: {8ECEC0DE-C799-41E9-AD3B-2D966996D696} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {A19950CC-0E0B-429A-BE7B-BE697F0C2164} - System32\Tasks\ROC_SYS_TASK_DELETE => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe [2013-03-27] ()
Task: {A97A7D9D-550E-4DB2-B9D1-680DF7130386} - System32\Tasks\G2MUploadTask-S-1-5-21-2850253318-1510232062-3005852788-3224 => C:\Program Files (x86)\Citrix\GoToMeeting\6140\g2mupload.exe [2016-12-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AE178C92-9AFF-4CF1-95E0-F26DA52A8858} - System32\Tasks\ROC_SYS_TASK => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe [2013-03-27] ()
Task: {BF48210C-6934-473D-81C7-F6DD723E5F24} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()
Task: {C18664F9-AF9B-412E-959A-6AFAB2BF423F} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-10-12] (Microsoft)
Task: {CBA8A207-D89C-4917-BA03-F6CD788E7267} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-11] (Dropbox, Inc.)
Task: {CCAE410F-73BF-4A59-8240-1D7A56FCBC5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {CE440F16-9E7E-48D0-91EF-E568427239E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {D711A951-2945-4ACB-B0E1-FEA042D834EE} - System32\Tasks\1214avUpdateInfo => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe [2014-10-26] ()
Task: {E2250947-8947-4E54-9E47-0984D63A9276} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-10-11] ()
Task: {EAE5E2B6-CC21-436F-ABF4-7A1E745F38D3} - System32\Tasks\G2MUpdateTask-S-1-5-21-2850253318-1510232062-3005852788-4200 => C:\Program Files (x86)\Citrix\GoToMeeting\2377\g2mupdate.exe [2015-02-25] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FA25B9A3-3651-4B3B-8D49-99F4D16E998E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {FACFE8E6-3EBC-4244-BC5E-E7E2CE9BD337} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {FC47627A-8353-49E5-997F-B4FCF103297C} - System32\Tasks\HPCeeScheduleForblasher => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2850253318-1510232062-3005852788-3224.job => C:\Program Files (x86)\Citrix\GoToMeeting\6140\g2mupdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2850253318-1510232062-3005852788-4200.job => C:\Program Files (x86)\Citrix\GoToMeeting\2377\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2850253318-1510232062-3005852788-3224.job => C:\Program Files (x86)\Citrix\GoToMeeting\6140\g2mupload.exe
Task: C:\windows\Tasks\HPCeeScheduleForblasher.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\ROC_SYS_TASK.job => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Task: C:\windows\Tasks\ROC_SYS_TASK_DELETE.job => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-15 09:54 - 2016-08-15 09:54 - 00090768 _____ () C:\Program Files (x86)\ScreenConnect Client (eeb341c1af818d51)\ScreenConnect.ClientService.exe
2017-02-09 17:48 - 2017-02-09 17:52 - 286978224 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\EmsisoftEmergencyKit.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (eeb341c1af818d51) => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.0.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AA219A00-7072-412E-A1A1-F102914DCF73}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{BC2B1F5D-E15D-4F41-A515-108CA03CE57E}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{50328D68-D76D-4522-85E8-1B3387002466}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{90B83087-D77E-47EB-83F1-40709C55BEF9}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{1F37D5DB-CDBD-4094-9BBC-D4222FC95413}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2A9B33E7-F8D5-4233-8B15-CA05F8ACCA37}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{0F735096-5736-4742-BF91-CC8923AA4F72}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{F6F4CE87-434C-4B53-B462-1D46EEFD2FBB}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{54F420E5-4298-41F0-B677-BA0AF960F08D}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{1681E883-F74D-4499-A1B7-A14E2B91B43B}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6F667617-AB70-4806-A28D-673CC3668975}] => LPort=2869
FirewallRules: [{9596475C-7041-4163-9590-10DEF21F13D7}] => LPort=1900
FirewallRules: [{00AC7D51-F9E3-40EE-8E22-89F8203DFCD9}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{ADBBE39E-7880-448F-BCE6-048244E96D2C}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FC725EDC-8A00-4A25-A1AE-712F5A393DCF}] => C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{9022B7DF-D526-4F9C-ABF7-A5F0FCF54990}] => C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{525C099A-586B-44DC-B7AF-634345604AD8}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{E02C8BCF-0308-47C8-A551-9A5CDDA845E7}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{34AE5FDF-2CE7-4CCE-9AEC-30F5C7A864B9}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{4B6D94F6-C404-439A-85E1-2E58B8D1F2A1}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{F4ECDE5F-26DC-4BE4-A16F-1F5C08F0EC64}] => C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{325E5B01-C8F4-4A9A-839E-B0F2B5B27E90}] => C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{6FC4A6BE-EA50-4238-8676-D4EAE74ED8B6}C:\program files (x86)\mcleod software\loadmaster\deployclient.exe] => C:\program files (x86)\mcleod software\loadmaster\deployclient.exe
FirewallRules: [UDP Query User{BA8B2C57-705C-4278-BA71-640B41746557}C:\program files (x86)\mcleod software\loadmaster\deployclient.exe] => C:\program files (x86)\mcleod software\loadmaster\deployclient.exe
FirewallRules: [{BF6E7E25-0D79-462B-AEFA-8462225641DC}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{097EF3DA-D053-44B5-980C-A3DFF9A12D60}] => C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
FirewallRules: [{305BE2DD-CCDE-4D32-9CE2-E0BE3862569D}] => C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
FirewallRules: [{A997F71A-74EA-4F93-86F8-5B2539B33160}] => C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
FirewallRules: [{360AF8E9-0184-414A-BD9C-62F7CB8C28E4}] => C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
FirewallRules: [TCP Query User{08AE3A03-2396-4409-BF25-17225C5B13B5}C:\tm\tmsimg\bin\ftsrvr.exe] => C:\tm\tmsimg\bin\ftsrvr.exe
FirewallRules: [UDP Query User{40A14976-9FB2-4183-BBB0-EA4ED8E6AF41}C:\tm\tmsimg\bin\ftsrvr.exe] => C:\tm\tmsimg\bin\ftsrvr.exe
FirewallRules: [TCP Query User{7BB9CF4D-2888-48D7-9295-2D0C9C1A14FA}C:\tm\tmsimg\bin\ftsrvr.exe] => C:\tm\tmsimg\bin\ftsrvr.exe
FirewallRules: [UDP Query User{BD74840F-AB8A-4D7B-8691-76FCAE3C3140}C:\tm\tmsimg\bin\ftsrvr.exe] => C:\tm\tmsimg\bin\ftsrvr.exe
FirewallRules: [TCP Query User{D46123CD-B0C2-40C5-ACDA-A787F03D04EF}C:\program files (x86)\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe] => C:\program files (x86)\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe
FirewallRules: [UDP Query User{0EB6ACA0-3F33-4968-9F1B-302486647C38}C:\program files (x86)\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe] => C:\program files (x86)\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe
FirewallRules: [{66AE4392-1BA1-4537-BE49-A1C54DAA5994}] => C:\Program Files (x86)\Kaseya\MNDSHF73467808252560\LiveConnect.exe
FirewallRules: [{DDF83BB9-1754-4C9C-A97D-283BDA9EDA76}] => C:\Program Files (x86)\Kaseya\MNDSHF73467808252560\LiveConnect.exe
FirewallRules: [TCP Query User{C9FAE7A2-F9D2-41FF-8B34-D757DA83AC66}C:\program files (x86)\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe] => C:\program files (x86)\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe
FirewallRules: [UDP Query User{C9693394-E71E-4EB8-A017-A2D7946CE034}C:\program files (x86)\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe] => C:\program files (x86)\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe
FirewallRules: [{540BA1F2-4F9A-4C4B-AE00-5DE0E12218D9}] => C:\Program Files (x86)\Kaseya\MNDSHF73467808252560\LiveConnect.exe
FirewallRules: [{E15629B6-9643-4D88-871F-E5B8917509A8}] => C:\Program Files (x86)\Kaseya\MNDSHF73467808252560\LiveConnect.exe
FirewallRules: [TCP Query User{6F42287C-CB06-48BF-84AF-D06472A59F72}C:\mcleod software\loadmaster\deployclient.exe] => C:\mcleod software\loadmaster\deployclient.exe
FirewallRules: [UDP Query User{8285ECA6-FD52-4FD7-8D21-0EB0FD8A49BB}C:\mcleod software\loadmaster\deployclient.exe] => C:\mcleod software\loadmaster\deployclient.exe
FirewallRules: [TCP Query User{E046C092-1D07-43D7-BE05-BE5DB54F9B4B}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{AD3E50FC-0ADE-46AE-A69D-5245D229D95F}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{6EDC9D3F-1BAE-4779-B6B1-01CC72363BA9}C:\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe] => C:\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe
FirewallRules: [UDP Query User{9F40ED2D-B35C-4E51-8582-163148D4258E}C:\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe] => C:\mcleod software\loadmaster\production_930\bin\lme - lme 930 production.exe
FirewallRules: [{EBA8BA3A-E1A1-4010-AB1C-50BC82D62158}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{582A2F4B-B174-4A2E-B7BE-90B7EE8DDF36}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{094DAB21-B8AC-4EBE-9FD7-E9310B6A5915}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{952940E2-EC30-44BD-843E-D973295AB1FB}] => LPort=42004
FirewallRules: [{A0D019A1-370C-4261-B25A-87731EE129D6}] => LPort=4999
FirewallRules: [{4E6BE3DF-426C-4620-9906-5FF6C4A4BC20}] => c:\windows\LTSvc\LTSVC.exe
FirewallRules: [{995ED383-6C85-4CB6-B5E7-DCDC046D204C}] => c:\windows\LTSvc\LTSVC.exe
FirewallRules: [{61094936-B7B6-46AE-8F9A-8772C7570BB4}] => c:\windows\LTSvc\LTSVCmon.exe
FirewallRules: [{55C82D50-17B2-460A-9654-83C0C2137CC7}] => c:\windows\LTSvc\LTSVCmon.exe
FirewallRules: [{09DA41D4-4D18-4E67-B67A-0A8A9E86462A}] => c:\windows\LTSvc\LTTray.exe
FirewallRules: [{0F0EB8EE-468E-449C-93D8-BEECE53B5CFA}] => c:\windows\LTSvc\LTTray.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe] => Enabled:ShoreTel.ShoreTel.App

==================== Restore Points =========================

17-01-2017 02:36:20 Windows Update
18-01-2017 00:13:04 Windows Update
24-01-2017 02:39:49 Windows Update
27-01-2017 05:27:01 Windows Update
30-01-2017 21:15:51 LabTech® Software Remote Agent
31-01-2017 05:27:01 Windows Update
01-02-2017 02:14:08 Windows Update
01-02-2017 02:51:12 Windows Update
07-02-2017 05:27:02 Windows Update
09-02-2017 17:24:26 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: ehdrv
Description: ehdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ehdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2017 05:36:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TANDEMLOGISTICS)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system cannot find the file specified.

Error: (02/09/2017 05:36:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TANDEMLOGISTICS)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (02/09/2017 05:30:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TANDEMLOGISTICS)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system cannot find the file specified.

Error: (02/09/2017 05:30:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TANDEMLOGISTICS)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (02/09/2017 05:10:30 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TANDEMLOGISTICS)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system cannot find the file specified.

Error: (02/09/2017 05:10:30 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TANDEMLOGISTICS)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (02/09/2017 05:10:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TANDEMLOGISTICS)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system cannot find the file specified.

Error: (02/09/2017 05:10:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TANDEMLOGISTICS)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (02/09/2017 05:03:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TANDEMLOGISTICS)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system cannot find the file specified.

Error: (02/09/2017 05:03:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TANDEMLOGISTICS)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.


System errors:
=============
Error: (02/09/2017 05:53:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/09/2017 05:53:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/09/2017 05:53:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/09/2017 05:53:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/09/2017 05:51:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/09/2017 05:51:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/09/2017 05:51:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/09/2017 05:46:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/09/2017 05:46:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/09/2017 05:46:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2016-02-18 07:28:43.589
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-18 07:28:43.527
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-18 07:26:32.227
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-18 07:26:32.164
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-10 17:15:37.080
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-10 17:15:37.017
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-03 16:15:44.784
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-03 16:15:44.722
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-28 16:52:47.800
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-28 16:52:47.722
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\KAPFA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 31%
Total physical RAM: 5608.44 MB
Available physical RAM: 3833.52 MB
Total Virtual: 11215.07 MB
Available Virtual: 9550.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.43 GB) (Free:779.18 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.86 GB) (Free:2.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 95317766)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 February 2017 - 01:54 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:27 PM

Posted 11 February 2017 - 01:57 PM

Greetings Capstone Support and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Are you attempting to log into TANDEMLOGISTICS, or another profile?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:27 PM

Posted 15 February 2017 - 01:23 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:27 PM

Posted 17 February 2017 - 11:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users